./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec6_product26.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec6_product26.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash e80e5ec358c01b9328a945ffeac50362818d778d67430de128e75eb1cc0d9bc1 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:00:47,913 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:00:47,915 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:00:47,938 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:00:47,939 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:00:47,940 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:00:47,941 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:00:47,942 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:00:47,944 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:00:47,944 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:00:47,945 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:00:47,946 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:00:47,946 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:00:47,947 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:00:47,948 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:00:47,949 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:00:47,949 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:00:47,950 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:00:47,951 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:00:47,953 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:00:47,954 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:00:47,955 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:00:47,956 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:00:47,956 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:00:47,958 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:00:47,959 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:00:47,959 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:00:47,959 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:00:47,960 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:00:47,960 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:00:47,960 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:00:47,961 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:00:47,961 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:00:47,962 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:00:47,962 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:00:47,963 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:00:47,963 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:00:47,963 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:00:47,963 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:00:47,964 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:00:47,964 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:00:47,965 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:00:47,981 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:00:47,981 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:00:47,982 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:00:47,982 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:00:47,982 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:00:47,983 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:00:47,983 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:00:47,983 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:00:47,984 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:00:47,984 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:00:47,984 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:00:47,984 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:00:47,985 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:00:47,985 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:00:47,985 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:00:47,985 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:00:47,985 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:00:47,986 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:00:47,986 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:00:47,986 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:00:47,986 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:00:47,987 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:00:47,987 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:00:47,987 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:00:47,987 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:00:47,987 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:00:47,988 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:00:47,988 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:00:47,988 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:00:47,988 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:00:47,988 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:00:47,989 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:00:47,989 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:00:47,989 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> e80e5ec358c01b9328a945ffeac50362818d778d67430de128e75eb1cc0d9bc1 [2022-02-20 18:00:48,236 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:00:48,252 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:00:48,254 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:00:48,255 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:00:48,259 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:00:48,260 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec6_product26.cil.c [2022-02-20 18:00:48,348 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/909659b73/41f2198fa8b746b6a021e00aec831d67/FLAGe9ee847c1 [2022-02-20 18:00:48,865 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:00:48,866 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product26.cil.c [2022-02-20 18:00:48,885 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/909659b73/41f2198fa8b746b6a021e00aec831d67/FLAGe9ee847c1 [2022-02-20 18:00:49,201 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/909659b73/41f2198fa8b746b6a021e00aec831d67 [2022-02-20 18:00:49,203 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:00:49,204 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:00:49,205 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:00:49,205 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:00:49,208 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:00:49,209 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:49,210 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@bf8e5db and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49, skipping insertion in model container [2022-02-20 18:00:49,210 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:49,216 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:00:49,295 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:00:49,720 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product26.cil.c[51398,51411] [2022-02-20 18:00:49,794 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:00:49,804 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:00:49,892 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product26.cil.c[51398,51411] [2022-02-20 18:00:49,902 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:00:49,929 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:00:49,930 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49 WrapperNode [2022-02-20 18:00:49,930 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:00:49,931 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:00:49,931 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:00:49,931 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:00:49,937 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:49,975 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,055 INFO L137 Inliner]: procedures = 132, calls = 232, calls flagged for inlining = 59, calls inlined = 56, statements flattened = 1084 [2022-02-20 18:00:50,056 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:00:50,056 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:00:50,056 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:00:50,057 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:00:50,063 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,064 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,069 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,069 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,085 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,093 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,099 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,107 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:00:50,108 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:00:50,108 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:00:50,108 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:00:50,124 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (1/1) ... [2022-02-20 18:00:50,149 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:00:50,159 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:50,206 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:00:50,272 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:00:50,317 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:00:50,318 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:00:50,318 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:00:50,318 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:00:50,318 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:00:50,318 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:00:50,318 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:00:50,319 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:00:50,319 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:00:50,319 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:00:50,319 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:00:50,319 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:00:50,319 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__AutoResponder [2022-02-20 18:00:50,320 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__AutoResponder [2022-02-20 18:00:50,320 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:00:50,320 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:00:50,320 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:00:50,320 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:00:50,320 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:00:50,321 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:00:50,321 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:00:50,321 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:00:50,321 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:00:50,321 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:00:50,321 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:00:50,321 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:00:50,321 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:00:50,322 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:00:50,322 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:00:50,322 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:00:50,322 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:00:50,322 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:00:50,322 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:00:50,322 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:00:50,323 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:00:50,323 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:00:50,323 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:00:50,323 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:00:50,323 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:00:50,323 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:00:50,323 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:00:50,324 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:00:50,324 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:00:50,324 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:00:50,324 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:00:50,324 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:00:50,324 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:00:50,324 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:00:50,325 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:00:50,325 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:00:50,325 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:00:50,325 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:00:50,325 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:00:50,325 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:00:50,325 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:00:50,541 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:00:50,543 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:00:51,394 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:00:51,404 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:00:51,404 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:00:51,406 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:00:51 BoogieIcfgContainer [2022-02-20 18:00:51,406 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:00:51,408 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:00:51,408 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:00:51,410 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:00:51,411 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:00:49" (1/3) ... [2022-02-20 18:00:51,411 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@757931ca and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:00:51, skipping insertion in model container [2022-02-20 18:00:51,412 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:00:49" (2/3) ... [2022-02-20 18:00:51,412 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@757931ca and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:00:51, skipping insertion in model container [2022-02-20 18:00:51,412 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:00:51" (3/3) ... [2022-02-20 18:00:51,413 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec6_product26.cil.c [2022-02-20 18:00:51,417 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:00:51,417 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:00:51,454 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:00:51,459 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:00:51,460 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:00:51,526 INFO L276 IsEmpty]: Start isEmpty. Operand has 412 states, 319 states have (on average 1.5517241379310345) internal successors, (495), 324 states have internal predecessors, (495), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (66), 65 states have call predecessors, (66), 66 states have call successors, (66) [2022-02-20 18:00:51,541 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 143 [2022-02-20 18:00:51,541 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:51,542 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:51,543 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:51,547 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:51,551 INFO L85 PathProgramCache]: Analyzing trace with hash 600490209, now seen corresponding path program 1 times [2022-02-20 18:00:51,558 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:51,558 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1255296586] [2022-02-20 18:00:51,558 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:51,559 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:51,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:51,914 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:51,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:51,934 INFO L290 TraceCheckUtils]: 0: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:51,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:51,935 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:51,935 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {415#true} #1261#return; {415#true} is VALID [2022-02-20 18:00:51,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:51,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:51,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:51,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:51,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:51,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {415#true} #1263#return; {415#true} is VALID [2022-02-20 18:00:51,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:51,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:51,974 INFO L290 TraceCheckUtils]: 0: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {497#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:51,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {497#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {498#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:51,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {498#(= |setClientId_#in~handle| 1)} assume true; {498#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:51,976 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {498#(= |setClientId_#in~handle| 1)} {425#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1265#return; {416#false} is VALID [2022-02-20 18:00:51,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:00:51,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:51,983 INFO L290 TraceCheckUtils]: 0: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:51,983 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:51,983 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:51,984 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1267#return; {416#false} is VALID [2022-02-20 18:00:51,984 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:00:51,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:51,989 INFO L290 TraceCheckUtils]: 0: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:51,989 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:51,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:51,990 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1269#return; {416#false} is VALID [2022-02-20 18:00:51,990 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:00:51,992 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:51,995 INFO L290 TraceCheckUtils]: 0: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:51,995 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:51,995 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:51,995 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1271#return; {416#false} is VALID [2022-02-20 18:00:52,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:00:52,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,007 INFO L290 TraceCheckUtils]: 0: Hoare triple {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,008 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,008 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,008 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1197#return; {416#false} is VALID [2022-02-20 18:00:52,016 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:00:52,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,021 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,021 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1199#return; {416#false} is VALID [2022-02-20 18:00:52,021 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:00:52,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~7; {415#true} is VALID [2022-02-20 18:00:52,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {415#true} is VALID [2022-02-20 18:00:52,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,025 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1179#return; {416#false} is VALID [2022-02-20 18:00:52,026 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:00:52,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,029 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,029 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1181#return; {416#false} is VALID [2022-02-20 18:00:52,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:00:52,031 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,033 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {415#true} is VALID [2022-02-20 18:00:52,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle; {415#true} is VALID [2022-02-20 18:00:52,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {415#true} is VALID [2022-02-20 18:00:52,034 INFO L290 TraceCheckUtils]: 3: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,034 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {415#true} {416#false} #1183#return; {416#false} is VALID [2022-02-20 18:00:52,034 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:00:52,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,039 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,039 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1185#return; {416#false} is VALID [2022-02-20 18:00:52,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:00:52,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1211#return; {416#false} is VALID [2022-02-20 18:00:52,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:00:52,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,047 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,047 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1217#return; {416#false} is VALID [2022-02-20 18:00:52,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:00:52,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~29; {415#true} is VALID [2022-02-20 18:00:52,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {415#true} is VALID [2022-02-20 18:00:52,051 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,051 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1219#return; {416#false} is VALID [2022-02-20 18:00:52,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 18:00:52,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,055 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,055 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,055 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,057 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1221#return; {416#false} is VALID [2022-02-20 18:00:52,057 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:00:52,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,062 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~13; {415#true} is VALID [2022-02-20 18:00:52,062 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {415#true} is VALID [2022-02-20 18:00:52,062 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,062 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1223#return; {416#false} is VALID [2022-02-20 18:00:52,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:00:52,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~30; {415#true} is VALID [2022-02-20 18:00:52,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {415#true} is VALID [2022-02-20 18:00:52,069 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,069 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1225#return; {416#false} is VALID [2022-02-20 18:00:52,071 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 18:00:52,073 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,077 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {415#true} is VALID [2022-02-20 18:00:52,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {415#true} is VALID [2022-02-20 18:00:52,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,078 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {415#true} {416#false} #1227#return; {416#false} is VALID [2022-02-20 18:00:52,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {415#true} is VALID [2022-02-20 18:00:52,082 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {415#true} is VALID [2022-02-20 18:00:52,082 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {415#true} is VALID [2022-02-20 18:00:52,083 INFO L290 TraceCheckUtils]: 3: Hoare triple {415#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {415#true} is VALID [2022-02-20 18:00:52,083 INFO L290 TraceCheckUtils]: 4: Hoare triple {415#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {415#true} is VALID [2022-02-20 18:00:52,084 INFO L290 TraceCheckUtils]: 5: Hoare triple {415#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {415#true} is VALID [2022-02-20 18:00:52,085 INFO L272 TraceCheckUtils]: 6: Hoare triple {415#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:52,085 INFO L290 TraceCheckUtils]: 7: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,086 INFO L290 TraceCheckUtils]: 8: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,086 INFO L290 TraceCheckUtils]: 9: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,086 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {415#true} {415#true} #1261#return; {415#true} is VALID [2022-02-20 18:00:52,086 INFO L290 TraceCheckUtils]: 11: Hoare triple {415#true} assume { :end_inline_setup_bob__wrappee__Base } true; {415#true} is VALID [2022-02-20 18:00:52,087 INFO L272 TraceCheckUtils]: 12: Hoare triple {415#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:52,087 INFO L290 TraceCheckUtils]: 13: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,087 INFO L290 TraceCheckUtils]: 14: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,088 INFO L290 TraceCheckUtils]: 15: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,088 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {415#true} {415#true} #1263#return; {415#true} is VALID [2022-02-20 18:00:52,088 INFO L290 TraceCheckUtils]: 17: Hoare triple {415#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {425#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:00:52,089 INFO L272 TraceCheckUtils]: 18: Hoare triple {425#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:52,090 INFO L290 TraceCheckUtils]: 19: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {497#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:52,090 INFO L290 TraceCheckUtils]: 20: Hoare triple {497#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {498#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:52,091 INFO L290 TraceCheckUtils]: 21: Hoare triple {498#(= |setClientId_#in~handle| 1)} assume true; {498#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:52,091 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {498#(= |setClientId_#in~handle| 1)} {425#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1265#return; {416#false} is VALID [2022-02-20 18:00:52,091 INFO L290 TraceCheckUtils]: 23: Hoare triple {416#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {416#false} is VALID [2022-02-20 18:00:52,092 INFO L272 TraceCheckUtils]: 24: Hoare triple {416#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:52,092 INFO L290 TraceCheckUtils]: 25: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,092 INFO L290 TraceCheckUtils]: 26: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,092 INFO L290 TraceCheckUtils]: 27: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,092 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {415#true} {416#false} #1267#return; {416#false} is VALID [2022-02-20 18:00:52,093 INFO L290 TraceCheckUtils]: 29: Hoare triple {416#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {416#false} is VALID [2022-02-20 18:00:52,093 INFO L272 TraceCheckUtils]: 30: Hoare triple {416#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:52,093 INFO L290 TraceCheckUtils]: 31: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,093 INFO L290 TraceCheckUtils]: 32: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,093 INFO L290 TraceCheckUtils]: 33: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,093 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {415#true} {416#false} #1269#return; {416#false} is VALID [2022-02-20 18:00:52,094 INFO L290 TraceCheckUtils]: 35: Hoare triple {416#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {416#false} is VALID [2022-02-20 18:00:52,094 INFO L272 TraceCheckUtils]: 36: Hoare triple {416#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:52,094 INFO L290 TraceCheckUtils]: 37: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,094 INFO L290 TraceCheckUtils]: 38: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,094 INFO L290 TraceCheckUtils]: 39: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,095 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {415#true} {416#false} #1271#return; {416#false} is VALID [2022-02-20 18:00:52,095 INFO L290 TraceCheckUtils]: 41: Hoare triple {416#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {416#false} is VALID [2022-02-20 18:00:52,095 INFO L290 TraceCheckUtils]: 42: Hoare triple {416#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {416#false} is VALID [2022-02-20 18:00:52,095 INFO L290 TraceCheckUtils]: 43: Hoare triple {416#false} assume !true; {416#false} is VALID [2022-02-20 18:00:52,096 INFO L290 TraceCheckUtils]: 44: Hoare triple {416#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {416#false} is VALID [2022-02-20 18:00:52,096 INFO L272 TraceCheckUtils]: 45: Hoare triple {416#false} call sendEmail(~bob~0, ~rjh~0); {416#false} is VALID [2022-02-20 18:00:52,096 INFO L290 TraceCheckUtils]: 46: Hoare triple {416#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {416#false} is VALID [2022-02-20 18:00:52,096 INFO L272 TraceCheckUtils]: 47: Hoare triple {416#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:52,096 INFO L290 TraceCheckUtils]: 48: Hoare triple {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,097 INFO L290 TraceCheckUtils]: 49: Hoare triple {415#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,097 INFO L290 TraceCheckUtils]: 50: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,097 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {415#true} {416#false} #1197#return; {416#false} is VALID [2022-02-20 18:00:52,097 INFO L272 TraceCheckUtils]: 52: Hoare triple {416#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:52,097 INFO L290 TraceCheckUtils]: 53: Hoare triple {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,098 INFO L290 TraceCheckUtils]: 54: Hoare triple {415#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,098 INFO L290 TraceCheckUtils]: 55: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,098 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {415#true} {416#false} #1199#return; {416#false} is VALID [2022-02-20 18:00:52,098 INFO L290 TraceCheckUtils]: 57: Hoare triple {416#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {416#false} is VALID [2022-02-20 18:00:52,098 INFO L290 TraceCheckUtils]: 58: Hoare triple {416#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {416#false} is VALID [2022-02-20 18:00:52,099 INFO L272 TraceCheckUtils]: 59: Hoare triple {416#false} call outgoing(~sender#1, ~email~0#1); {416#false} is VALID [2022-02-20 18:00:52,099 INFO L290 TraceCheckUtils]: 60: Hoare triple {416#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {416#false} is VALID [2022-02-20 18:00:52,099 INFO L272 TraceCheckUtils]: 61: Hoare triple {416#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {415#true} is VALID [2022-02-20 18:00:52,099 INFO L290 TraceCheckUtils]: 62: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~7; {415#true} is VALID [2022-02-20 18:00:52,099 INFO L290 TraceCheckUtils]: 63: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {415#true} is VALID [2022-02-20 18:00:52,099 INFO L290 TraceCheckUtils]: 64: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,100 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {415#true} {416#false} #1179#return; {416#false} is VALID [2022-02-20 18:00:52,100 INFO L290 TraceCheckUtils]: 66: Hoare triple {416#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {416#false} is VALID [2022-02-20 18:00:52,100 INFO L290 TraceCheckUtils]: 67: Hoare triple {416#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {416#false} is VALID [2022-02-20 18:00:52,100 INFO L290 TraceCheckUtils]: 68: Hoare triple {416#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {416#false} is VALID [2022-02-20 18:00:52,100 INFO L272 TraceCheckUtils]: 69: Hoare triple {416#false} call #t~ret91#1 := getEmailTo(~msg#1); {415#true} is VALID [2022-02-20 18:00:52,101 INFO L290 TraceCheckUtils]: 70: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,101 INFO L290 TraceCheckUtils]: 71: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,101 INFO L290 TraceCheckUtils]: 72: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,101 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {415#true} {416#false} #1181#return; {416#false} is VALID [2022-02-20 18:00:52,101 INFO L290 TraceCheckUtils]: 74: Hoare triple {416#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {416#false} is VALID [2022-02-20 18:00:52,102 INFO L272 TraceCheckUtils]: 75: Hoare triple {416#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {415#true} is VALID [2022-02-20 18:00:52,102 INFO L290 TraceCheckUtils]: 76: Hoare triple {415#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {415#true} is VALID [2022-02-20 18:00:52,102 INFO L290 TraceCheckUtils]: 77: Hoare triple {415#true} assume 1 == ~handle; {415#true} is VALID [2022-02-20 18:00:52,102 INFO L290 TraceCheckUtils]: 78: Hoare triple {415#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {415#true} is VALID [2022-02-20 18:00:52,102 INFO L290 TraceCheckUtils]: 79: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,102 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {415#true} {416#false} #1183#return; {416#false} is VALID [2022-02-20 18:00:52,103 INFO L290 TraceCheckUtils]: 81: Hoare triple {416#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {416#false} is VALID [2022-02-20 18:00:52,103 INFO L272 TraceCheckUtils]: 82: Hoare triple {416#false} call setEmailTo(~msg#1, ~second~0#1); {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:52,103 INFO L290 TraceCheckUtils]: 83: Hoare triple {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,103 INFO L290 TraceCheckUtils]: 84: Hoare triple {415#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,103 INFO L290 TraceCheckUtils]: 85: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,104 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {415#true} {416#false} #1185#return; {416#false} is VALID [2022-02-20 18:00:52,104 INFO L272 TraceCheckUtils]: 87: Hoare triple {416#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {416#false} is VALID [2022-02-20 18:00:52,104 INFO L290 TraceCheckUtils]: 88: Hoare triple {416#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {416#false} is VALID [2022-02-20 18:00:52,104 INFO L272 TraceCheckUtils]: 89: Hoare triple {416#false} call #t~ret87#1 := getEmailTo(~msg#1); {415#true} is VALID [2022-02-20 18:00:52,104 INFO L290 TraceCheckUtils]: 90: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,105 INFO L290 TraceCheckUtils]: 91: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,105 INFO L290 TraceCheckUtils]: 92: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,105 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {415#true} {416#false} #1211#return; {416#false} is VALID [2022-02-20 18:00:52,105 INFO L290 TraceCheckUtils]: 94: Hoare triple {416#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {416#false} is VALID [2022-02-20 18:00:52,105 INFO L290 TraceCheckUtils]: 95: Hoare triple {416#false} assume 1 == findPublicKey_~handle#1; {416#false} is VALID [2022-02-20 18:00:52,105 INFO L290 TraceCheckUtils]: 96: Hoare triple {416#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {416#false} is VALID [2022-02-20 18:00:52,106 INFO L290 TraceCheckUtils]: 97: Hoare triple {416#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {416#false} is VALID [2022-02-20 18:00:52,126 INFO L290 TraceCheckUtils]: 98: Hoare triple {416#false} assume !(0 != ~pubkey~0#1); {416#false} is VALID [2022-02-20 18:00:52,126 INFO L290 TraceCheckUtils]: 99: Hoare triple {416#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {416#false} is VALID [2022-02-20 18:00:52,126 INFO L290 TraceCheckUtils]: 100: Hoare triple {416#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {416#false} is VALID [2022-02-20 18:00:52,126 INFO L290 TraceCheckUtils]: 101: Hoare triple {416#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {416#false} is VALID [2022-02-20 18:00:52,127 INFO L272 TraceCheckUtils]: 102: Hoare triple {416#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:52,127 INFO L290 TraceCheckUtils]: 103: Hoare triple {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,127 INFO L290 TraceCheckUtils]: 104: Hoare triple {415#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,127 INFO L290 TraceCheckUtils]: 105: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,127 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {415#true} {416#false} #1217#return; {416#false} is VALID [2022-02-20 18:00:52,128 INFO L290 TraceCheckUtils]: 107: Hoare triple {416#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {416#false} is VALID [2022-02-20 18:00:52,128 INFO L272 TraceCheckUtils]: 108: Hoare triple {416#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {415#true} is VALID [2022-02-20 18:00:52,128 INFO L290 TraceCheckUtils]: 109: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~29; {415#true} is VALID [2022-02-20 18:00:52,128 INFO L290 TraceCheckUtils]: 110: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {415#true} is VALID [2022-02-20 18:00:52,128 INFO L290 TraceCheckUtils]: 111: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,129 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {415#true} {416#false} #1219#return; {416#false} is VALID [2022-02-20 18:00:52,129 INFO L290 TraceCheckUtils]: 113: Hoare triple {416#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {416#false} is VALID [2022-02-20 18:00:52,129 INFO L290 TraceCheckUtils]: 114: Hoare triple {416#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {416#false} is VALID [2022-02-20 18:00:52,129 INFO L272 TraceCheckUtils]: 115: Hoare triple {416#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {415#true} is VALID [2022-02-20 18:00:52,129 INFO L290 TraceCheckUtils]: 116: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,130 INFO L290 TraceCheckUtils]: 117: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {415#true} is VALID [2022-02-20 18:00:52,130 INFO L290 TraceCheckUtils]: 118: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,130 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {415#true} {416#false} #1221#return; {416#false} is VALID [2022-02-20 18:00:52,130 INFO L290 TraceCheckUtils]: 120: Hoare triple {416#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {416#false} is VALID [2022-02-20 18:00:52,130 INFO L290 TraceCheckUtils]: 121: Hoare triple {416#false} assume 1 == ~sent_encrypted~0; {416#false} is VALID [2022-02-20 18:00:52,131 INFO L272 TraceCheckUtils]: 122: Hoare triple {416#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {415#true} is VALID [2022-02-20 18:00:52,131 INFO L290 TraceCheckUtils]: 123: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~13; {415#true} is VALID [2022-02-20 18:00:52,131 INFO L290 TraceCheckUtils]: 124: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {415#true} is VALID [2022-02-20 18:00:52,131 INFO L290 TraceCheckUtils]: 125: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,131 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {415#true} {416#false} #1223#return; {416#false} is VALID [2022-02-20 18:00:52,131 INFO L290 TraceCheckUtils]: 127: Hoare triple {416#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {416#false} is VALID [2022-02-20 18:00:52,132 INFO L272 TraceCheckUtils]: 128: Hoare triple {416#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {415#true} is VALID [2022-02-20 18:00:52,132 INFO L290 TraceCheckUtils]: 129: Hoare triple {415#true} ~handle := #in~handle;havoc ~retValue_acc~30; {415#true} is VALID [2022-02-20 18:00:52,132 INFO L290 TraceCheckUtils]: 130: Hoare triple {415#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {415#true} is VALID [2022-02-20 18:00:52,132 INFO L290 TraceCheckUtils]: 131: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,132 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {415#true} {416#false} #1225#return; {416#false} is VALID [2022-02-20 18:00:52,132 INFO L290 TraceCheckUtils]: 133: Hoare triple {416#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {416#false} is VALID [2022-02-20 18:00:52,133 INFO L272 TraceCheckUtils]: 134: Hoare triple {416#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {415#true} is VALID [2022-02-20 18:00:52,133 INFO L290 TraceCheckUtils]: 135: Hoare triple {415#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {415#true} is VALID [2022-02-20 18:00:52,133 INFO L290 TraceCheckUtils]: 136: Hoare triple {415#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {415#true} is VALID [2022-02-20 18:00:52,133 INFO L290 TraceCheckUtils]: 137: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,133 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {415#true} {416#false} #1227#return; {416#false} is VALID [2022-02-20 18:00:52,134 INFO L290 TraceCheckUtils]: 139: Hoare triple {416#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {416#false} is VALID [2022-02-20 18:00:52,134 INFO L290 TraceCheckUtils]: 140: Hoare triple {416#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {416#false} is VALID [2022-02-20 18:00:52,134 INFO L290 TraceCheckUtils]: 141: Hoare triple {416#false} assume !false; {416#false} is VALID [2022-02-20 18:00:52,135 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 38 trivial. 0 not checked. [2022-02-20 18:00:52,144 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:52,145 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1255296586] [2022-02-20 18:00:52,145 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1255296586] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:52,146 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2120490893] [2022-02-20 18:00:52,146 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:52,146 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:52,146 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:52,148 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:52,149 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:00:52,454 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,459 INFO L263 TraceCheckSpWp]: Trace formula consists of 1243 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:00:52,541 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:52,547 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:52,867 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {415#true} is VALID [2022-02-20 18:00:52,867 INFO L290 TraceCheckUtils]: 1: Hoare triple {415#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {415#true} is VALID [2022-02-20 18:00:52,868 INFO L290 TraceCheckUtils]: 2: Hoare triple {415#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {415#true} is VALID [2022-02-20 18:00:52,868 INFO L290 TraceCheckUtils]: 3: Hoare triple {415#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {415#true} is VALID [2022-02-20 18:00:52,868 INFO L290 TraceCheckUtils]: 4: Hoare triple {415#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {415#true} is VALID [2022-02-20 18:00:52,868 INFO L290 TraceCheckUtils]: 5: Hoare triple {415#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {415#true} is VALID [2022-02-20 18:00:52,868 INFO L272 TraceCheckUtils]: 6: Hoare triple {415#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {415#true} is VALID [2022-02-20 18:00:52,869 INFO L290 TraceCheckUtils]: 7: Hoare triple {415#true} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,869 INFO L290 TraceCheckUtils]: 8: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,869 INFO L290 TraceCheckUtils]: 9: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,869 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {415#true} {415#true} #1261#return; {415#true} is VALID [2022-02-20 18:00:52,870 INFO L290 TraceCheckUtils]: 11: Hoare triple {415#true} assume { :end_inline_setup_bob__wrappee__Base } true; {415#true} is VALID [2022-02-20 18:00:52,870 INFO L272 TraceCheckUtils]: 12: Hoare triple {415#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {415#true} is VALID [2022-02-20 18:00:52,871 INFO L290 TraceCheckUtils]: 13: Hoare triple {415#true} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,873 INFO L290 TraceCheckUtils]: 14: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,873 INFO L290 TraceCheckUtils]: 15: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,874 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {415#true} {415#true} #1263#return; {415#true} is VALID [2022-02-20 18:00:52,874 INFO L290 TraceCheckUtils]: 17: Hoare triple {415#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {415#true} is VALID [2022-02-20 18:00:52,874 INFO L272 TraceCheckUtils]: 18: Hoare triple {415#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {415#true} is VALID [2022-02-20 18:00:52,875 INFO L290 TraceCheckUtils]: 19: Hoare triple {415#true} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,875 INFO L290 TraceCheckUtils]: 20: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,875 INFO L290 TraceCheckUtils]: 21: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,875 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {415#true} {415#true} #1265#return; {415#true} is VALID [2022-02-20 18:00:52,879 INFO L290 TraceCheckUtils]: 23: Hoare triple {415#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {415#true} is VALID [2022-02-20 18:00:52,880 INFO L272 TraceCheckUtils]: 24: Hoare triple {415#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {415#true} is VALID [2022-02-20 18:00:52,880 INFO L290 TraceCheckUtils]: 25: Hoare triple {415#true} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,880 INFO L290 TraceCheckUtils]: 26: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,883 INFO L290 TraceCheckUtils]: 27: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,883 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {415#true} {415#true} #1267#return; {415#true} is VALID [2022-02-20 18:00:52,884 INFO L290 TraceCheckUtils]: 29: Hoare triple {415#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {415#true} is VALID [2022-02-20 18:00:52,884 INFO L272 TraceCheckUtils]: 30: Hoare triple {415#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {415#true} is VALID [2022-02-20 18:00:52,884 INFO L290 TraceCheckUtils]: 31: Hoare triple {415#true} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,884 INFO L290 TraceCheckUtils]: 32: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,884 INFO L290 TraceCheckUtils]: 33: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,884 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {415#true} {415#true} #1269#return; {415#true} is VALID [2022-02-20 18:00:52,884 INFO L290 TraceCheckUtils]: 35: Hoare triple {415#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {415#true} is VALID [2022-02-20 18:00:52,885 INFO L272 TraceCheckUtils]: 36: Hoare triple {415#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {415#true} is VALID [2022-02-20 18:00:52,885 INFO L290 TraceCheckUtils]: 37: Hoare triple {415#true} ~handle := #in~handle;~value := #in~value; {415#true} is VALID [2022-02-20 18:00:52,885 INFO L290 TraceCheckUtils]: 38: Hoare triple {415#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {415#true} is VALID [2022-02-20 18:00:52,885 INFO L290 TraceCheckUtils]: 39: Hoare triple {415#true} assume true; {415#true} is VALID [2022-02-20 18:00:52,885 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {415#true} {415#true} #1271#return; {415#true} is VALID [2022-02-20 18:00:52,885 INFO L290 TraceCheckUtils]: 41: Hoare triple {415#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {415#true} is VALID [2022-02-20 18:00:52,885 INFO L290 TraceCheckUtils]: 42: Hoare triple {415#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {415#true} is VALID [2022-02-20 18:00:52,886 INFO L290 TraceCheckUtils]: 43: Hoare triple {415#true} assume !true; {416#false} is VALID [2022-02-20 18:00:52,886 INFO L290 TraceCheckUtils]: 44: Hoare triple {416#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {416#false} is VALID [2022-02-20 18:00:52,886 INFO L272 TraceCheckUtils]: 45: Hoare triple {416#false} call sendEmail(~bob~0, ~rjh~0); {416#false} is VALID [2022-02-20 18:00:52,886 INFO L290 TraceCheckUtils]: 46: Hoare triple {416#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {416#false} is VALID [2022-02-20 18:00:52,887 INFO L272 TraceCheckUtils]: 47: Hoare triple {416#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {416#false} is VALID [2022-02-20 18:00:52,887 INFO L290 TraceCheckUtils]: 48: Hoare triple {416#false} ~handle := #in~handle;~value := #in~value; {416#false} is VALID [2022-02-20 18:00:52,887 INFO L290 TraceCheckUtils]: 49: Hoare triple {416#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {416#false} is VALID [2022-02-20 18:00:52,887 INFO L290 TraceCheckUtils]: 50: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,887 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {416#false} {416#false} #1197#return; {416#false} is VALID [2022-02-20 18:00:52,888 INFO L272 TraceCheckUtils]: 52: Hoare triple {416#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {416#false} is VALID [2022-02-20 18:00:52,888 INFO L290 TraceCheckUtils]: 53: Hoare triple {416#false} ~handle := #in~handle;~value := #in~value; {416#false} is VALID [2022-02-20 18:00:52,888 INFO L290 TraceCheckUtils]: 54: Hoare triple {416#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {416#false} is VALID [2022-02-20 18:00:52,888 INFO L290 TraceCheckUtils]: 55: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,888 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {416#false} {416#false} #1199#return; {416#false} is VALID [2022-02-20 18:00:52,888 INFO L290 TraceCheckUtils]: 57: Hoare triple {416#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {416#false} is VALID [2022-02-20 18:00:52,889 INFO L290 TraceCheckUtils]: 58: Hoare triple {416#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {416#false} is VALID [2022-02-20 18:00:52,889 INFO L272 TraceCheckUtils]: 59: Hoare triple {416#false} call outgoing(~sender#1, ~email~0#1); {416#false} is VALID [2022-02-20 18:00:52,889 INFO L290 TraceCheckUtils]: 60: Hoare triple {416#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {416#false} is VALID [2022-02-20 18:00:52,889 INFO L272 TraceCheckUtils]: 61: Hoare triple {416#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {416#false} is VALID [2022-02-20 18:00:52,889 INFO L290 TraceCheckUtils]: 62: Hoare triple {416#false} ~handle := #in~handle;havoc ~retValue_acc~7; {416#false} is VALID [2022-02-20 18:00:52,890 INFO L290 TraceCheckUtils]: 63: Hoare triple {416#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {416#false} is VALID [2022-02-20 18:00:52,890 INFO L290 TraceCheckUtils]: 64: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,890 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {416#false} {416#false} #1179#return; {416#false} is VALID [2022-02-20 18:00:52,890 INFO L290 TraceCheckUtils]: 66: Hoare triple {416#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {416#false} is VALID [2022-02-20 18:00:52,890 INFO L290 TraceCheckUtils]: 67: Hoare triple {416#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {416#false} is VALID [2022-02-20 18:00:52,890 INFO L290 TraceCheckUtils]: 68: Hoare triple {416#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {416#false} is VALID [2022-02-20 18:00:52,891 INFO L272 TraceCheckUtils]: 69: Hoare triple {416#false} call #t~ret91#1 := getEmailTo(~msg#1); {416#false} is VALID [2022-02-20 18:00:52,891 INFO L290 TraceCheckUtils]: 70: Hoare triple {416#false} ~handle := #in~handle;havoc ~retValue_acc~26; {416#false} is VALID [2022-02-20 18:00:52,891 INFO L290 TraceCheckUtils]: 71: Hoare triple {416#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {416#false} is VALID [2022-02-20 18:00:52,891 INFO L290 TraceCheckUtils]: 72: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,891 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {416#false} {416#false} #1181#return; {416#false} is VALID [2022-02-20 18:00:52,891 INFO L290 TraceCheckUtils]: 74: Hoare triple {416#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {416#false} is VALID [2022-02-20 18:00:52,892 INFO L272 TraceCheckUtils]: 75: Hoare triple {416#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {416#false} is VALID [2022-02-20 18:00:52,892 INFO L290 TraceCheckUtils]: 76: Hoare triple {416#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {416#false} is VALID [2022-02-20 18:00:52,892 INFO L290 TraceCheckUtils]: 77: Hoare triple {416#false} assume 1 == ~handle; {416#false} is VALID [2022-02-20 18:00:52,892 INFO L290 TraceCheckUtils]: 78: Hoare triple {416#false} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {416#false} is VALID [2022-02-20 18:00:52,892 INFO L290 TraceCheckUtils]: 79: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,892 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {416#false} {416#false} #1183#return; {416#false} is VALID [2022-02-20 18:00:52,893 INFO L290 TraceCheckUtils]: 81: Hoare triple {416#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {416#false} is VALID [2022-02-20 18:00:52,893 INFO L272 TraceCheckUtils]: 82: Hoare triple {416#false} call setEmailTo(~msg#1, ~second~0#1); {416#false} is VALID [2022-02-20 18:00:52,893 INFO L290 TraceCheckUtils]: 83: Hoare triple {416#false} ~handle := #in~handle;~value := #in~value; {416#false} is VALID [2022-02-20 18:00:52,893 INFO L290 TraceCheckUtils]: 84: Hoare triple {416#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {416#false} is VALID [2022-02-20 18:00:52,893 INFO L290 TraceCheckUtils]: 85: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,893 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {416#false} {416#false} #1185#return; {416#false} is VALID [2022-02-20 18:00:52,894 INFO L272 TraceCheckUtils]: 87: Hoare triple {416#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {416#false} is VALID [2022-02-20 18:00:52,894 INFO L290 TraceCheckUtils]: 88: Hoare triple {416#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {416#false} is VALID [2022-02-20 18:00:52,894 INFO L272 TraceCheckUtils]: 89: Hoare triple {416#false} call #t~ret87#1 := getEmailTo(~msg#1); {416#false} is VALID [2022-02-20 18:00:52,894 INFO L290 TraceCheckUtils]: 90: Hoare triple {416#false} ~handle := #in~handle;havoc ~retValue_acc~26; {416#false} is VALID [2022-02-20 18:00:52,894 INFO L290 TraceCheckUtils]: 91: Hoare triple {416#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {416#false} is VALID [2022-02-20 18:00:52,894 INFO L290 TraceCheckUtils]: 92: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,894 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {416#false} {416#false} #1211#return; {416#false} is VALID [2022-02-20 18:00:52,895 INFO L290 TraceCheckUtils]: 94: Hoare triple {416#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {416#false} is VALID [2022-02-20 18:00:52,895 INFO L290 TraceCheckUtils]: 95: Hoare triple {416#false} assume 1 == findPublicKey_~handle#1; {416#false} is VALID [2022-02-20 18:00:52,895 INFO L290 TraceCheckUtils]: 96: Hoare triple {416#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {416#false} is VALID [2022-02-20 18:00:52,895 INFO L290 TraceCheckUtils]: 97: Hoare triple {416#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {416#false} is VALID [2022-02-20 18:00:52,895 INFO L290 TraceCheckUtils]: 98: Hoare triple {416#false} assume !(0 != ~pubkey~0#1); {416#false} is VALID [2022-02-20 18:00:52,895 INFO L290 TraceCheckUtils]: 99: Hoare triple {416#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {416#false} is VALID [2022-02-20 18:00:52,896 INFO L290 TraceCheckUtils]: 100: Hoare triple {416#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {416#false} is VALID [2022-02-20 18:00:52,896 INFO L290 TraceCheckUtils]: 101: Hoare triple {416#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {416#false} is VALID [2022-02-20 18:00:52,896 INFO L272 TraceCheckUtils]: 102: Hoare triple {416#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {416#false} is VALID [2022-02-20 18:00:52,896 INFO L290 TraceCheckUtils]: 103: Hoare triple {416#false} ~handle := #in~handle;~value := #in~value; {416#false} is VALID [2022-02-20 18:00:52,896 INFO L290 TraceCheckUtils]: 104: Hoare triple {416#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {416#false} is VALID [2022-02-20 18:00:52,896 INFO L290 TraceCheckUtils]: 105: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,897 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {416#false} {416#false} #1217#return; {416#false} is VALID [2022-02-20 18:00:52,897 INFO L290 TraceCheckUtils]: 107: Hoare triple {416#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {416#false} is VALID [2022-02-20 18:00:52,897 INFO L272 TraceCheckUtils]: 108: Hoare triple {416#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {416#false} is VALID [2022-02-20 18:00:52,897 INFO L290 TraceCheckUtils]: 109: Hoare triple {416#false} ~handle := #in~handle;havoc ~retValue_acc~29; {416#false} is VALID [2022-02-20 18:00:52,897 INFO L290 TraceCheckUtils]: 110: Hoare triple {416#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {416#false} is VALID [2022-02-20 18:00:52,898 INFO L290 TraceCheckUtils]: 111: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,898 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {416#false} {416#false} #1219#return; {416#false} is VALID [2022-02-20 18:00:52,898 INFO L290 TraceCheckUtils]: 113: Hoare triple {416#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {416#false} is VALID [2022-02-20 18:00:52,898 INFO L290 TraceCheckUtils]: 114: Hoare triple {416#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {416#false} is VALID [2022-02-20 18:00:52,898 INFO L272 TraceCheckUtils]: 115: Hoare triple {416#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {416#false} is VALID [2022-02-20 18:00:52,898 INFO L290 TraceCheckUtils]: 116: Hoare triple {416#false} ~handle := #in~handle;havoc ~retValue_acc~26; {416#false} is VALID [2022-02-20 18:00:52,899 INFO L290 TraceCheckUtils]: 117: Hoare triple {416#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {416#false} is VALID [2022-02-20 18:00:52,899 INFO L290 TraceCheckUtils]: 118: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,899 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {416#false} {416#false} #1221#return; {416#false} is VALID [2022-02-20 18:00:52,899 INFO L290 TraceCheckUtils]: 120: Hoare triple {416#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {416#false} is VALID [2022-02-20 18:00:52,899 INFO L290 TraceCheckUtils]: 121: Hoare triple {416#false} assume 1 == ~sent_encrypted~0; {416#false} is VALID [2022-02-20 18:00:52,899 INFO L272 TraceCheckUtils]: 122: Hoare triple {416#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {416#false} is VALID [2022-02-20 18:00:52,900 INFO L290 TraceCheckUtils]: 123: Hoare triple {416#false} ~handle := #in~handle;havoc ~retValue_acc~13; {416#false} is VALID [2022-02-20 18:00:52,900 INFO L290 TraceCheckUtils]: 124: Hoare triple {416#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {416#false} is VALID [2022-02-20 18:00:52,900 INFO L290 TraceCheckUtils]: 125: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,900 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {416#false} {416#false} #1223#return; {416#false} is VALID [2022-02-20 18:00:52,900 INFO L290 TraceCheckUtils]: 127: Hoare triple {416#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {416#false} is VALID [2022-02-20 18:00:52,900 INFO L272 TraceCheckUtils]: 128: Hoare triple {416#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {416#false} is VALID [2022-02-20 18:00:52,901 INFO L290 TraceCheckUtils]: 129: Hoare triple {416#false} ~handle := #in~handle;havoc ~retValue_acc~30; {416#false} is VALID [2022-02-20 18:00:52,901 INFO L290 TraceCheckUtils]: 130: Hoare triple {416#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {416#false} is VALID [2022-02-20 18:00:52,901 INFO L290 TraceCheckUtils]: 131: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,901 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {416#false} {416#false} #1225#return; {416#false} is VALID [2022-02-20 18:00:52,901 INFO L290 TraceCheckUtils]: 133: Hoare triple {416#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {416#false} is VALID [2022-02-20 18:00:52,901 INFO L272 TraceCheckUtils]: 134: Hoare triple {416#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {416#false} is VALID [2022-02-20 18:00:52,901 INFO L290 TraceCheckUtils]: 135: Hoare triple {416#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {416#false} is VALID [2022-02-20 18:00:52,902 INFO L290 TraceCheckUtils]: 136: Hoare triple {416#false} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {416#false} is VALID [2022-02-20 18:00:52,902 INFO L290 TraceCheckUtils]: 137: Hoare triple {416#false} assume true; {416#false} is VALID [2022-02-20 18:00:52,902 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {416#false} {416#false} #1227#return; {416#false} is VALID [2022-02-20 18:00:52,902 INFO L290 TraceCheckUtils]: 139: Hoare triple {416#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {416#false} is VALID [2022-02-20 18:00:52,902 INFO L290 TraceCheckUtils]: 140: Hoare triple {416#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {416#false} is VALID [2022-02-20 18:00:52,902 INFO L290 TraceCheckUtils]: 141: Hoare triple {416#false} assume !false; {416#false} is VALID [2022-02-20 18:00:52,903 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 44 trivial. 0 not checked. [2022-02-20 18:00:52,903 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:52,904 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2120490893] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:52,904 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:52,904 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:00:52,906 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2004306751] [2022-02-20 18:00:52,906 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:52,910 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 142 [2022-02-20 18:00:52,911 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:52,929 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:53,024 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 118 edges. 118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:53,024 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:00:53,024 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:53,062 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:00:53,062 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:53,065 INFO L87 Difference]: Start difference. First operand has 412 states, 319 states have (on average 1.5517241379310345) internal successors, (495), 324 states have internal predecessors, (495), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (66), 65 states have call predecessors, (66), 66 states have call successors, (66) Second operand has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:53,462 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:53,462 INFO L93 Difference]: Finished difference Result 626 states and 936 transitions. [2022-02-20 18:00:53,463 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:00:53,463 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 142 [2022-02-20 18:00:53,463 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:53,464 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:53,520 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 936 transitions. [2022-02-20 18:00:53,521 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:53,538 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 936 transitions. [2022-02-20 18:00:53,538 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 936 transitions. [2022-02-20 18:00:54,252 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 936 edges. 936 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:54,287 INFO L225 Difference]: With dead ends: 626 [2022-02-20 18:00:54,288 INFO L226 Difference]: Without dead ends: 405 [2022-02-20 18:00:54,293 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 183 GetRequests, 176 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:00:54,296 INFO L933 BasicCegarLoop]: 623 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 623 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:54,297 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 623 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:54,313 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 405 states. [2022-02-20 18:00:54,344 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 405 to 405. [2022-02-20 18:00:54,344 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:54,347 INFO L82 GeneralOperation]: Start isEquivalent. First operand 405 states. Second operand has 405 states, 313 states have (on average 1.5463258785942493) internal successors, (484), 317 states have internal predecessors, (484), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:00:54,348 INFO L74 IsIncluded]: Start isIncluded. First operand 405 states. Second operand has 405 states, 313 states have (on average 1.5463258785942493) internal successors, (484), 317 states have internal predecessors, (484), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:00:54,354 INFO L87 Difference]: Start difference. First operand 405 states. Second operand has 405 states, 313 states have (on average 1.5463258785942493) internal successors, (484), 317 states have internal predecessors, (484), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:00:54,376 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:54,376 INFO L93 Difference]: Finished difference Result 405 states and 615 transitions. [2022-02-20 18:00:54,376 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 615 transitions. [2022-02-20 18:00:54,381 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:54,381 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:54,384 INFO L74 IsIncluded]: Start isIncluded. First operand has 405 states, 313 states have (on average 1.5463258785942493) internal successors, (484), 317 states have internal predecessors, (484), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 405 states. [2022-02-20 18:00:54,386 INFO L87 Difference]: Start difference. First operand has 405 states, 313 states have (on average 1.5463258785942493) internal successors, (484), 317 states have internal predecessors, (484), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 405 states. [2022-02-20 18:00:54,402 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:54,403 INFO L93 Difference]: Finished difference Result 405 states and 615 transitions. [2022-02-20 18:00:54,403 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 615 transitions. [2022-02-20 18:00:54,405 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:54,405 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:54,405 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:54,405 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:54,408 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 405 states, 313 states have (on average 1.5463258785942493) internal successors, (484), 317 states have internal predecessors, (484), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:00:54,424 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 405 states to 405 states and 615 transitions. [2022-02-20 18:00:54,425 INFO L78 Accepts]: Start accepts. Automaton has 405 states and 615 transitions. Word has length 142 [2022-02-20 18:00:54,425 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:54,426 INFO L470 AbstractCegarLoop]: Abstraction has 405 states and 615 transitions. [2022-02-20 18:00:54,426 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 38.5) internal successors, (77), 2 states have internal predecessors, (77), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:54,426 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 615 transitions. [2022-02-20 18:00:54,430 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 144 [2022-02-20 18:00:54,431 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:54,431 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:54,449 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:00:54,643 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:00:54,644 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:54,644 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:54,645 INFO L85 PathProgramCache]: Analyzing trace with hash -221791313, now seen corresponding path program 1 times [2022-02-20 18:00:54,648 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:54,648 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1344298394] [2022-02-20 18:00:54,648 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:54,648 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:54,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:54,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,741 INFO L290 TraceCheckUtils]: 0: Hoare triple {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,741 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,742 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,742 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3161#true} #1261#return; {3161#true} is VALID [2022-02-20 18:00:54,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:54,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,752 INFO L290 TraceCheckUtils]: 0: Hoare triple {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,752 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,752 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,752 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3161#true} #1263#return; {3161#true} is VALID [2022-02-20 18:00:54,752 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:54,754 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3243#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:54,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {3243#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3244#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:54,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {3244#(= |setClientId_#in~handle| 1)} assume true; {3244#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:54,768 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3244#(= |setClientId_#in~handle| 1)} {3171#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1265#return; {3162#false} is VALID [2022-02-20 18:00:54,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:00:54,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,776 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1267#return; {3162#false} is VALID [2022-02-20 18:00:54,777 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:00:54,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,780 INFO L290 TraceCheckUtils]: 0: Hoare triple {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,780 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,780 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,781 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1269#return; {3162#false} is VALID [2022-02-20 18:00:54,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:00:54,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,785 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1271#return; {3162#false} is VALID [2022-02-20 18:00:54,790 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:00:54,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,793 INFO L290 TraceCheckUtils]: 0: Hoare triple {3245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,793 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,793 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,793 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1197#return; {3162#false} is VALID [2022-02-20 18:00:54,799 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:00:54,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {3246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,803 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,803 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1199#return; {3162#false} is VALID [2022-02-20 18:00:54,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:00:54,804 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,806 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~7; {3161#true} is VALID [2022-02-20 18:00:54,806 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {3161#true} is VALID [2022-02-20 18:00:54,806 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,806 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1179#return; {3162#false} is VALID [2022-02-20 18:00:54,806 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:00:54,807 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,809 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,809 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,809 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,809 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1181#return; {3162#false} is VALID [2022-02-20 18:00:54,809 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:00:54,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,816 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {3161#true} is VALID [2022-02-20 18:00:54,816 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle; {3161#true} is VALID [2022-02-20 18:00:54,816 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {3161#true} is VALID [2022-02-20 18:00:54,816 INFO L290 TraceCheckUtils]: 3: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,816 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3161#true} {3162#false} #1183#return; {3162#false} is VALID [2022-02-20 18:00:54,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:00:54,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {3246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,821 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1185#return; {3162#false} is VALID [2022-02-20 18:00:54,821 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:00:54,822 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,825 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,825 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,825 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,825 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1211#return; {3162#false} is VALID [2022-02-20 18:00:54,826 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:00:54,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,828 INFO L290 TraceCheckUtils]: 0: Hoare triple {3245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,829 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,829 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1217#return; {3162#false} is VALID [2022-02-20 18:00:54,829 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:00:54,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,832 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~29; {3161#true} is VALID [2022-02-20 18:00:54,832 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {3161#true} is VALID [2022-02-20 18:00:54,832 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,832 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1219#return; {3162#false} is VALID [2022-02-20 18:00:54,832 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:00:54,833 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,835 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,835 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1221#return; {3162#false} is VALID [2022-02-20 18:00:54,836 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:00:54,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,838 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~13; {3161#true} is VALID [2022-02-20 18:00:54,838 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {3161#true} is VALID [2022-02-20 18:00:54,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,838 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1223#return; {3162#false} is VALID [2022-02-20 18:00:54,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:00:54,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,844 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~30; {3161#true} is VALID [2022-02-20 18:00:54,845 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {3161#true} is VALID [2022-02-20 18:00:54,845 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,845 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1225#return; {3162#false} is VALID [2022-02-20 18:00:54,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 18:00:54,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:54,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {3161#true} is VALID [2022-02-20 18:00:54,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {3161#true} is VALID [2022-02-20 18:00:54,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,849 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3161#true} {3162#false} #1227#return; {3162#false} is VALID [2022-02-20 18:00:54,849 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {3161#true} is VALID [2022-02-20 18:00:54,849 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {3161#true} is VALID [2022-02-20 18:00:54,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3161#true} is VALID [2022-02-20 18:00:54,849 INFO L290 TraceCheckUtils]: 3: Hoare triple {3161#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {3161#true} is VALID [2022-02-20 18:00:54,850 INFO L290 TraceCheckUtils]: 4: Hoare triple {3161#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {3161#true} is VALID [2022-02-20 18:00:54,850 INFO L290 TraceCheckUtils]: 5: Hoare triple {3161#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3161#true} is VALID [2022-02-20 18:00:54,850 INFO L272 TraceCheckUtils]: 6: Hoare triple {3161#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:54,851 INFO L290 TraceCheckUtils]: 7: Hoare triple {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,851 INFO L290 TraceCheckUtils]: 8: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,851 INFO L290 TraceCheckUtils]: 9: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,851 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3161#true} {3161#true} #1261#return; {3161#true} is VALID [2022-02-20 18:00:54,851 INFO L290 TraceCheckUtils]: 11: Hoare triple {3161#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3161#true} is VALID [2022-02-20 18:00:54,852 INFO L272 TraceCheckUtils]: 12: Hoare triple {3161#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:54,852 INFO L290 TraceCheckUtils]: 13: Hoare triple {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,852 INFO L290 TraceCheckUtils]: 14: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,852 INFO L290 TraceCheckUtils]: 15: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,852 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3161#true} {3161#true} #1263#return; {3161#true} is VALID [2022-02-20 18:00:54,860 INFO L290 TraceCheckUtils]: 17: Hoare triple {3161#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3171#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:00:54,861 INFO L272 TraceCheckUtils]: 18: Hoare triple {3171#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:54,862 INFO L290 TraceCheckUtils]: 19: Hoare triple {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3243#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:54,862 INFO L290 TraceCheckUtils]: 20: Hoare triple {3243#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3244#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:54,862 INFO L290 TraceCheckUtils]: 21: Hoare triple {3244#(= |setClientId_#in~handle| 1)} assume true; {3244#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:54,863 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3244#(= |setClientId_#in~handle| 1)} {3171#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1265#return; {3162#false} is VALID [2022-02-20 18:00:54,863 INFO L290 TraceCheckUtils]: 23: Hoare triple {3162#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3162#false} is VALID [2022-02-20 18:00:54,863 INFO L272 TraceCheckUtils]: 24: Hoare triple {3162#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:54,863 INFO L290 TraceCheckUtils]: 25: Hoare triple {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,863 INFO L290 TraceCheckUtils]: 26: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,863 INFO L290 TraceCheckUtils]: 27: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,864 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3161#true} {3162#false} #1267#return; {3162#false} is VALID [2022-02-20 18:00:54,864 INFO L290 TraceCheckUtils]: 29: Hoare triple {3162#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3162#false} is VALID [2022-02-20 18:00:54,864 INFO L272 TraceCheckUtils]: 30: Hoare triple {3162#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:54,864 INFO L290 TraceCheckUtils]: 31: Hoare triple {3241#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,864 INFO L290 TraceCheckUtils]: 32: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,864 INFO L290 TraceCheckUtils]: 33: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,864 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3161#true} {3162#false} #1269#return; {3162#false} is VALID [2022-02-20 18:00:54,865 INFO L290 TraceCheckUtils]: 35: Hoare triple {3162#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3162#false} is VALID [2022-02-20 18:00:54,865 INFO L272 TraceCheckUtils]: 36: Hoare triple {3162#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:54,865 INFO L290 TraceCheckUtils]: 37: Hoare triple {3242#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,866 INFO L290 TraceCheckUtils]: 38: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,866 INFO L290 TraceCheckUtils]: 39: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,866 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3161#true} {3162#false} #1271#return; {3162#false} is VALID [2022-02-20 18:00:54,866 INFO L290 TraceCheckUtils]: 41: Hoare triple {3162#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {3162#false} is VALID [2022-02-20 18:00:54,866 INFO L290 TraceCheckUtils]: 42: Hoare triple {3162#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3162#false} is VALID [2022-02-20 18:00:54,866 INFO L290 TraceCheckUtils]: 43: Hoare triple {3162#false} assume !false; {3162#false} is VALID [2022-02-20 18:00:54,866 INFO L290 TraceCheckUtils]: 44: Hoare triple {3162#false} assume !(test_~splverifierCounter~0#1 < 4); {3162#false} is VALID [2022-02-20 18:00:54,867 INFO L290 TraceCheckUtils]: 45: Hoare triple {3162#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {3162#false} is VALID [2022-02-20 18:00:54,867 INFO L272 TraceCheckUtils]: 46: Hoare triple {3162#false} call sendEmail(~bob~0, ~rjh~0); {3162#false} is VALID [2022-02-20 18:00:54,867 INFO L290 TraceCheckUtils]: 47: Hoare triple {3162#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3162#false} is VALID [2022-02-20 18:00:54,870 INFO L272 TraceCheckUtils]: 48: Hoare triple {3162#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:54,870 INFO L290 TraceCheckUtils]: 49: Hoare triple {3245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,870 INFO L290 TraceCheckUtils]: 50: Hoare triple {3161#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,870 INFO L290 TraceCheckUtils]: 51: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,870 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3161#true} {3162#false} #1197#return; {3162#false} is VALID [2022-02-20 18:00:54,870 INFO L272 TraceCheckUtils]: 53: Hoare triple {3162#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:54,870 INFO L290 TraceCheckUtils]: 54: Hoare triple {3246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,871 INFO L290 TraceCheckUtils]: 55: Hoare triple {3161#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,871 INFO L290 TraceCheckUtils]: 56: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,871 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3161#true} {3162#false} #1199#return; {3162#false} is VALID [2022-02-20 18:00:54,871 INFO L290 TraceCheckUtils]: 58: Hoare triple {3162#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {3162#false} is VALID [2022-02-20 18:00:54,871 INFO L290 TraceCheckUtils]: 59: Hoare triple {3162#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {3162#false} is VALID [2022-02-20 18:00:54,871 INFO L272 TraceCheckUtils]: 60: Hoare triple {3162#false} call outgoing(~sender#1, ~email~0#1); {3162#false} is VALID [2022-02-20 18:00:54,871 INFO L290 TraceCheckUtils]: 61: Hoare triple {3162#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {3162#false} is VALID [2022-02-20 18:00:54,871 INFO L272 TraceCheckUtils]: 62: Hoare triple {3162#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {3161#true} is VALID [2022-02-20 18:00:54,872 INFO L290 TraceCheckUtils]: 63: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~7; {3161#true} is VALID [2022-02-20 18:00:54,872 INFO L290 TraceCheckUtils]: 64: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {3161#true} is VALID [2022-02-20 18:00:54,872 INFO L290 TraceCheckUtils]: 65: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,876 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3161#true} {3162#false} #1179#return; {3162#false} is VALID [2022-02-20 18:00:54,876 INFO L290 TraceCheckUtils]: 67: Hoare triple {3162#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {3162#false} is VALID [2022-02-20 18:00:54,877 INFO L290 TraceCheckUtils]: 68: Hoare triple {3162#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {3162#false} is VALID [2022-02-20 18:00:54,877 INFO L290 TraceCheckUtils]: 69: Hoare triple {3162#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {3162#false} is VALID [2022-02-20 18:00:54,877 INFO L272 TraceCheckUtils]: 70: Hoare triple {3162#false} call #t~ret91#1 := getEmailTo(~msg#1); {3161#true} is VALID [2022-02-20 18:00:54,877 INFO L290 TraceCheckUtils]: 71: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,877 INFO L290 TraceCheckUtils]: 72: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,878 INFO L290 TraceCheckUtils]: 73: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,878 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3161#true} {3162#false} #1181#return; {3162#false} is VALID [2022-02-20 18:00:54,878 INFO L290 TraceCheckUtils]: 75: Hoare triple {3162#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {3162#false} is VALID [2022-02-20 18:00:54,878 INFO L272 TraceCheckUtils]: 76: Hoare triple {3162#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {3161#true} is VALID [2022-02-20 18:00:54,878 INFO L290 TraceCheckUtils]: 77: Hoare triple {3161#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {3161#true} is VALID [2022-02-20 18:00:54,878 INFO L290 TraceCheckUtils]: 78: Hoare triple {3161#true} assume 1 == ~handle; {3161#true} is VALID [2022-02-20 18:00:54,878 INFO L290 TraceCheckUtils]: 79: Hoare triple {3161#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {3161#true} is VALID [2022-02-20 18:00:54,878 INFO L290 TraceCheckUtils]: 80: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,879 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {3161#true} {3162#false} #1183#return; {3162#false} is VALID [2022-02-20 18:00:54,879 INFO L290 TraceCheckUtils]: 82: Hoare triple {3162#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {3162#false} is VALID [2022-02-20 18:00:54,879 INFO L272 TraceCheckUtils]: 83: Hoare triple {3162#false} call setEmailTo(~msg#1, ~second~0#1); {3246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:54,879 INFO L290 TraceCheckUtils]: 84: Hoare triple {3246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,879 INFO L290 TraceCheckUtils]: 85: Hoare triple {3161#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,879 INFO L290 TraceCheckUtils]: 86: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,879 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {3161#true} {3162#false} #1185#return; {3162#false} is VALID [2022-02-20 18:00:54,879 INFO L272 TraceCheckUtils]: 88: Hoare triple {3162#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {3162#false} is VALID [2022-02-20 18:00:54,880 INFO L290 TraceCheckUtils]: 89: Hoare triple {3162#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {3162#false} is VALID [2022-02-20 18:00:54,880 INFO L272 TraceCheckUtils]: 90: Hoare triple {3162#false} call #t~ret87#1 := getEmailTo(~msg#1); {3161#true} is VALID [2022-02-20 18:00:54,880 INFO L290 TraceCheckUtils]: 91: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,880 INFO L290 TraceCheckUtils]: 92: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,880 INFO L290 TraceCheckUtils]: 93: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,880 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {3161#true} {3162#false} #1211#return; {3162#false} is VALID [2022-02-20 18:00:54,881 INFO L290 TraceCheckUtils]: 95: Hoare triple {3162#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {3162#false} is VALID [2022-02-20 18:00:54,881 INFO L290 TraceCheckUtils]: 96: Hoare triple {3162#false} assume 1 == findPublicKey_~handle#1; {3162#false} is VALID [2022-02-20 18:00:54,881 INFO L290 TraceCheckUtils]: 97: Hoare triple {3162#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {3162#false} is VALID [2022-02-20 18:00:54,881 INFO L290 TraceCheckUtils]: 98: Hoare triple {3162#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {3162#false} is VALID [2022-02-20 18:00:54,881 INFO L290 TraceCheckUtils]: 99: Hoare triple {3162#false} assume !(0 != ~pubkey~0#1); {3162#false} is VALID [2022-02-20 18:00:54,881 INFO L290 TraceCheckUtils]: 100: Hoare triple {3162#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {3162#false} is VALID [2022-02-20 18:00:54,881 INFO L290 TraceCheckUtils]: 101: Hoare triple {3162#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {3162#false} is VALID [2022-02-20 18:00:54,881 INFO L290 TraceCheckUtils]: 102: Hoare triple {3162#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {3162#false} is VALID [2022-02-20 18:00:54,882 INFO L272 TraceCheckUtils]: 103: Hoare triple {3162#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {3245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:54,882 INFO L290 TraceCheckUtils]: 104: Hoare triple {3245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:54,882 INFO L290 TraceCheckUtils]: 105: Hoare triple {3161#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:54,882 INFO L290 TraceCheckUtils]: 106: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,882 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {3161#true} {3162#false} #1217#return; {3162#false} is VALID [2022-02-20 18:00:54,882 INFO L290 TraceCheckUtils]: 108: Hoare triple {3162#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {3162#false} is VALID [2022-02-20 18:00:54,882 INFO L272 TraceCheckUtils]: 109: Hoare triple {3162#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {3161#true} is VALID [2022-02-20 18:00:54,883 INFO L290 TraceCheckUtils]: 110: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~29; {3161#true} is VALID [2022-02-20 18:00:54,883 INFO L290 TraceCheckUtils]: 111: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {3161#true} is VALID [2022-02-20 18:00:54,883 INFO L290 TraceCheckUtils]: 112: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,883 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {3161#true} {3162#false} #1219#return; {3162#false} is VALID [2022-02-20 18:00:54,883 INFO L290 TraceCheckUtils]: 114: Hoare triple {3162#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {3162#false} is VALID [2022-02-20 18:00:54,883 INFO L290 TraceCheckUtils]: 115: Hoare triple {3162#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {3162#false} is VALID [2022-02-20 18:00:54,883 INFO L272 TraceCheckUtils]: 116: Hoare triple {3162#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {3161#true} is VALID [2022-02-20 18:00:54,883 INFO L290 TraceCheckUtils]: 117: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,884 INFO L290 TraceCheckUtils]: 118: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3161#true} is VALID [2022-02-20 18:00:54,884 INFO L290 TraceCheckUtils]: 119: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,884 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {3161#true} {3162#false} #1221#return; {3162#false} is VALID [2022-02-20 18:00:54,884 INFO L290 TraceCheckUtils]: 121: Hoare triple {3162#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {3162#false} is VALID [2022-02-20 18:00:54,884 INFO L290 TraceCheckUtils]: 122: Hoare triple {3162#false} assume 1 == ~sent_encrypted~0; {3162#false} is VALID [2022-02-20 18:00:54,884 INFO L272 TraceCheckUtils]: 123: Hoare triple {3162#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {3161#true} is VALID [2022-02-20 18:00:54,884 INFO L290 TraceCheckUtils]: 124: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~13; {3161#true} is VALID [2022-02-20 18:00:54,884 INFO L290 TraceCheckUtils]: 125: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {3161#true} is VALID [2022-02-20 18:00:54,885 INFO L290 TraceCheckUtils]: 126: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,885 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {3161#true} {3162#false} #1223#return; {3162#false} is VALID [2022-02-20 18:00:54,885 INFO L290 TraceCheckUtils]: 128: Hoare triple {3162#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {3162#false} is VALID [2022-02-20 18:00:54,885 INFO L272 TraceCheckUtils]: 129: Hoare triple {3162#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {3161#true} is VALID [2022-02-20 18:00:54,885 INFO L290 TraceCheckUtils]: 130: Hoare triple {3161#true} ~handle := #in~handle;havoc ~retValue_acc~30; {3161#true} is VALID [2022-02-20 18:00:54,885 INFO L290 TraceCheckUtils]: 131: Hoare triple {3161#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {3161#true} is VALID [2022-02-20 18:00:54,885 INFO L290 TraceCheckUtils]: 132: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,886 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {3161#true} {3162#false} #1225#return; {3162#false} is VALID [2022-02-20 18:00:54,886 INFO L290 TraceCheckUtils]: 134: Hoare triple {3162#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {3162#false} is VALID [2022-02-20 18:00:54,886 INFO L272 TraceCheckUtils]: 135: Hoare triple {3162#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {3161#true} is VALID [2022-02-20 18:00:54,886 INFO L290 TraceCheckUtils]: 136: Hoare triple {3161#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {3161#true} is VALID [2022-02-20 18:00:54,886 INFO L290 TraceCheckUtils]: 137: Hoare triple {3161#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {3161#true} is VALID [2022-02-20 18:00:54,886 INFO L290 TraceCheckUtils]: 138: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:54,886 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {3161#true} {3162#false} #1227#return; {3162#false} is VALID [2022-02-20 18:00:54,886 INFO L290 TraceCheckUtils]: 140: Hoare triple {3162#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {3162#false} is VALID [2022-02-20 18:00:54,887 INFO L290 TraceCheckUtils]: 141: Hoare triple {3162#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {3162#false} is VALID [2022-02-20 18:00:54,887 INFO L290 TraceCheckUtils]: 142: Hoare triple {3162#false} assume !false; {3162#false} is VALID [2022-02-20 18:00:54,887 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 38 trivial. 0 not checked. [2022-02-20 18:00:54,888 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:54,888 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1344298394] [2022-02-20 18:00:54,890 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1344298394] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:54,890 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1996356254] [2022-02-20 18:00:54,891 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:54,891 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:54,891 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:54,892 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:54,894 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:00:55,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,140 INFO L263 TraceCheckSpWp]: Trace formula consists of 1244 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:00:55,186 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:55,189 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:55,459 INFO L290 TraceCheckUtils]: 0: Hoare triple {3161#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {3161#true} is VALID [2022-02-20 18:00:55,460 INFO L290 TraceCheckUtils]: 1: Hoare triple {3161#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {3161#true} is VALID [2022-02-20 18:00:55,460 INFO L290 TraceCheckUtils]: 2: Hoare triple {3161#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3161#true} is VALID [2022-02-20 18:00:55,460 INFO L290 TraceCheckUtils]: 3: Hoare triple {3161#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {3161#true} is VALID [2022-02-20 18:00:55,460 INFO L290 TraceCheckUtils]: 4: Hoare triple {3161#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {3161#true} is VALID [2022-02-20 18:00:55,460 INFO L290 TraceCheckUtils]: 5: Hoare triple {3161#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3161#true} is VALID [2022-02-20 18:00:55,461 INFO L272 TraceCheckUtils]: 6: Hoare triple {3161#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3161#true} is VALID [2022-02-20 18:00:55,461 INFO L290 TraceCheckUtils]: 7: Hoare triple {3161#true} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:55,461 INFO L290 TraceCheckUtils]: 8: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:55,461 INFO L290 TraceCheckUtils]: 9: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:55,461 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3161#true} {3161#true} #1261#return; {3161#true} is VALID [2022-02-20 18:00:55,461 INFO L290 TraceCheckUtils]: 11: Hoare triple {3161#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3161#true} is VALID [2022-02-20 18:00:55,464 INFO L272 TraceCheckUtils]: 12: Hoare triple {3161#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3161#true} is VALID [2022-02-20 18:00:55,464 INFO L290 TraceCheckUtils]: 13: Hoare triple {3161#true} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:55,464 INFO L290 TraceCheckUtils]: 14: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:55,464 INFO L290 TraceCheckUtils]: 15: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:55,465 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3161#true} {3161#true} #1263#return; {3161#true} is VALID [2022-02-20 18:00:55,465 INFO L290 TraceCheckUtils]: 17: Hoare triple {3161#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3161#true} is VALID [2022-02-20 18:00:55,465 INFO L272 TraceCheckUtils]: 18: Hoare triple {3161#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3161#true} is VALID [2022-02-20 18:00:55,465 INFO L290 TraceCheckUtils]: 19: Hoare triple {3161#true} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:55,465 INFO L290 TraceCheckUtils]: 20: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:55,465 INFO L290 TraceCheckUtils]: 21: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:55,465 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3161#true} {3161#true} #1265#return; {3161#true} is VALID [2022-02-20 18:00:55,466 INFO L290 TraceCheckUtils]: 23: Hoare triple {3161#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3161#true} is VALID [2022-02-20 18:00:55,466 INFO L272 TraceCheckUtils]: 24: Hoare triple {3161#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3161#true} is VALID [2022-02-20 18:00:55,466 INFO L290 TraceCheckUtils]: 25: Hoare triple {3161#true} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:55,466 INFO L290 TraceCheckUtils]: 26: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:55,466 INFO L290 TraceCheckUtils]: 27: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:55,466 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3161#true} {3161#true} #1267#return; {3161#true} is VALID [2022-02-20 18:00:55,466 INFO L290 TraceCheckUtils]: 29: Hoare triple {3161#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3161#true} is VALID [2022-02-20 18:00:55,466 INFO L272 TraceCheckUtils]: 30: Hoare triple {3161#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3161#true} is VALID [2022-02-20 18:00:55,467 INFO L290 TraceCheckUtils]: 31: Hoare triple {3161#true} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:55,467 INFO L290 TraceCheckUtils]: 32: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:55,467 INFO L290 TraceCheckUtils]: 33: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:55,467 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3161#true} {3161#true} #1269#return; {3161#true} is VALID [2022-02-20 18:00:55,467 INFO L290 TraceCheckUtils]: 35: Hoare triple {3161#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3161#true} is VALID [2022-02-20 18:00:55,467 INFO L272 TraceCheckUtils]: 36: Hoare triple {3161#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3161#true} is VALID [2022-02-20 18:00:55,467 INFO L290 TraceCheckUtils]: 37: Hoare triple {3161#true} ~handle := #in~handle;~value := #in~value; {3161#true} is VALID [2022-02-20 18:00:55,468 INFO L290 TraceCheckUtils]: 38: Hoare triple {3161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3161#true} is VALID [2022-02-20 18:00:55,468 INFO L290 TraceCheckUtils]: 39: Hoare triple {3161#true} assume true; {3161#true} is VALID [2022-02-20 18:00:55,468 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3161#true} {3161#true} #1271#return; {3161#true} is VALID [2022-02-20 18:00:55,468 INFO L290 TraceCheckUtils]: 41: Hoare triple {3161#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {3161#true} is VALID [2022-02-20 18:00:55,468 INFO L290 TraceCheckUtils]: 42: Hoare triple {3161#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3376#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:55,470 INFO L290 TraceCheckUtils]: 43: Hoare triple {3376#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3376#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:00:55,470 INFO L290 TraceCheckUtils]: 44: Hoare triple {3376#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {3162#false} is VALID [2022-02-20 18:00:55,471 INFO L290 TraceCheckUtils]: 45: Hoare triple {3162#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {3162#false} is VALID [2022-02-20 18:00:55,471 INFO L272 TraceCheckUtils]: 46: Hoare triple {3162#false} call sendEmail(~bob~0, ~rjh~0); {3162#false} is VALID [2022-02-20 18:00:55,471 INFO L290 TraceCheckUtils]: 47: Hoare triple {3162#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3162#false} is VALID [2022-02-20 18:00:55,472 INFO L272 TraceCheckUtils]: 48: Hoare triple {3162#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3162#false} is VALID [2022-02-20 18:00:55,472 INFO L290 TraceCheckUtils]: 49: Hoare triple {3162#false} ~handle := #in~handle;~value := #in~value; {3162#false} is VALID [2022-02-20 18:00:55,472 INFO L290 TraceCheckUtils]: 50: Hoare triple {3162#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3162#false} is VALID [2022-02-20 18:00:55,472 INFO L290 TraceCheckUtils]: 51: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,473 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3162#false} {3162#false} #1197#return; {3162#false} is VALID [2022-02-20 18:00:55,473 INFO L272 TraceCheckUtils]: 53: Hoare triple {3162#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3162#false} is VALID [2022-02-20 18:00:55,473 INFO L290 TraceCheckUtils]: 54: Hoare triple {3162#false} ~handle := #in~handle;~value := #in~value; {3162#false} is VALID [2022-02-20 18:00:55,473 INFO L290 TraceCheckUtils]: 55: Hoare triple {3162#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3162#false} is VALID [2022-02-20 18:00:55,473 INFO L290 TraceCheckUtils]: 56: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,473 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3162#false} {3162#false} #1199#return; {3162#false} is VALID [2022-02-20 18:00:55,473 INFO L290 TraceCheckUtils]: 58: Hoare triple {3162#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {3162#false} is VALID [2022-02-20 18:00:55,473 INFO L290 TraceCheckUtils]: 59: Hoare triple {3162#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {3162#false} is VALID [2022-02-20 18:00:55,474 INFO L272 TraceCheckUtils]: 60: Hoare triple {3162#false} call outgoing(~sender#1, ~email~0#1); {3162#false} is VALID [2022-02-20 18:00:55,474 INFO L290 TraceCheckUtils]: 61: Hoare triple {3162#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {3162#false} is VALID [2022-02-20 18:00:55,474 INFO L272 TraceCheckUtils]: 62: Hoare triple {3162#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {3162#false} is VALID [2022-02-20 18:00:55,474 INFO L290 TraceCheckUtils]: 63: Hoare triple {3162#false} ~handle := #in~handle;havoc ~retValue_acc~7; {3162#false} is VALID [2022-02-20 18:00:55,474 INFO L290 TraceCheckUtils]: 64: Hoare triple {3162#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {3162#false} is VALID [2022-02-20 18:00:55,474 INFO L290 TraceCheckUtils]: 65: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,474 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3162#false} {3162#false} #1179#return; {3162#false} is VALID [2022-02-20 18:00:55,475 INFO L290 TraceCheckUtils]: 67: Hoare triple {3162#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {3162#false} is VALID [2022-02-20 18:00:55,475 INFO L290 TraceCheckUtils]: 68: Hoare triple {3162#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {3162#false} is VALID [2022-02-20 18:00:55,475 INFO L290 TraceCheckUtils]: 69: Hoare triple {3162#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {3162#false} is VALID [2022-02-20 18:00:55,475 INFO L272 TraceCheckUtils]: 70: Hoare triple {3162#false} call #t~ret91#1 := getEmailTo(~msg#1); {3162#false} is VALID [2022-02-20 18:00:55,475 INFO L290 TraceCheckUtils]: 71: Hoare triple {3162#false} ~handle := #in~handle;havoc ~retValue_acc~26; {3162#false} is VALID [2022-02-20 18:00:55,475 INFO L290 TraceCheckUtils]: 72: Hoare triple {3162#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3162#false} is VALID [2022-02-20 18:00:55,475 INFO L290 TraceCheckUtils]: 73: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,475 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3162#false} {3162#false} #1181#return; {3162#false} is VALID [2022-02-20 18:00:55,476 INFO L290 TraceCheckUtils]: 75: Hoare triple {3162#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {3162#false} is VALID [2022-02-20 18:00:55,476 INFO L272 TraceCheckUtils]: 76: Hoare triple {3162#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {3162#false} is VALID [2022-02-20 18:00:55,476 INFO L290 TraceCheckUtils]: 77: Hoare triple {3162#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {3162#false} is VALID [2022-02-20 18:00:55,476 INFO L290 TraceCheckUtils]: 78: Hoare triple {3162#false} assume 1 == ~handle; {3162#false} is VALID [2022-02-20 18:00:55,476 INFO L290 TraceCheckUtils]: 79: Hoare triple {3162#false} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {3162#false} is VALID [2022-02-20 18:00:55,476 INFO L290 TraceCheckUtils]: 80: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,488 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {3162#false} {3162#false} #1183#return; {3162#false} is VALID [2022-02-20 18:00:55,489 INFO L290 TraceCheckUtils]: 82: Hoare triple {3162#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {3162#false} is VALID [2022-02-20 18:00:55,489 INFO L272 TraceCheckUtils]: 83: Hoare triple {3162#false} call setEmailTo(~msg#1, ~second~0#1); {3162#false} is VALID [2022-02-20 18:00:55,489 INFO L290 TraceCheckUtils]: 84: Hoare triple {3162#false} ~handle := #in~handle;~value := #in~value; {3162#false} is VALID [2022-02-20 18:00:55,489 INFO L290 TraceCheckUtils]: 85: Hoare triple {3162#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3162#false} is VALID [2022-02-20 18:00:55,489 INFO L290 TraceCheckUtils]: 86: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,489 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {3162#false} {3162#false} #1185#return; {3162#false} is VALID [2022-02-20 18:00:55,490 INFO L272 TraceCheckUtils]: 88: Hoare triple {3162#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {3162#false} is VALID [2022-02-20 18:00:55,490 INFO L290 TraceCheckUtils]: 89: Hoare triple {3162#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {3162#false} is VALID [2022-02-20 18:00:55,490 INFO L272 TraceCheckUtils]: 90: Hoare triple {3162#false} call #t~ret87#1 := getEmailTo(~msg#1); {3162#false} is VALID [2022-02-20 18:00:55,490 INFO L290 TraceCheckUtils]: 91: Hoare triple {3162#false} ~handle := #in~handle;havoc ~retValue_acc~26; {3162#false} is VALID [2022-02-20 18:00:55,490 INFO L290 TraceCheckUtils]: 92: Hoare triple {3162#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3162#false} is VALID [2022-02-20 18:00:55,490 INFO L290 TraceCheckUtils]: 93: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,490 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {3162#false} {3162#false} #1211#return; {3162#false} is VALID [2022-02-20 18:00:55,490 INFO L290 TraceCheckUtils]: 95: Hoare triple {3162#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {3162#false} is VALID [2022-02-20 18:00:55,491 INFO L290 TraceCheckUtils]: 96: Hoare triple {3162#false} assume 1 == findPublicKey_~handle#1; {3162#false} is VALID [2022-02-20 18:00:55,491 INFO L290 TraceCheckUtils]: 97: Hoare triple {3162#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {3162#false} is VALID [2022-02-20 18:00:55,491 INFO L290 TraceCheckUtils]: 98: Hoare triple {3162#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {3162#false} is VALID [2022-02-20 18:00:55,491 INFO L290 TraceCheckUtils]: 99: Hoare triple {3162#false} assume !(0 != ~pubkey~0#1); {3162#false} is VALID [2022-02-20 18:00:55,491 INFO L290 TraceCheckUtils]: 100: Hoare triple {3162#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {3162#false} is VALID [2022-02-20 18:00:55,491 INFO L290 TraceCheckUtils]: 101: Hoare triple {3162#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {3162#false} is VALID [2022-02-20 18:00:55,491 INFO L290 TraceCheckUtils]: 102: Hoare triple {3162#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {3162#false} is VALID [2022-02-20 18:00:55,492 INFO L272 TraceCheckUtils]: 103: Hoare triple {3162#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {3162#false} is VALID [2022-02-20 18:00:55,492 INFO L290 TraceCheckUtils]: 104: Hoare triple {3162#false} ~handle := #in~handle;~value := #in~value; {3162#false} is VALID [2022-02-20 18:00:55,492 INFO L290 TraceCheckUtils]: 105: Hoare triple {3162#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3162#false} is VALID [2022-02-20 18:00:55,492 INFO L290 TraceCheckUtils]: 106: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,492 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {3162#false} {3162#false} #1217#return; {3162#false} is VALID [2022-02-20 18:00:55,492 INFO L290 TraceCheckUtils]: 108: Hoare triple {3162#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {3162#false} is VALID [2022-02-20 18:00:55,492 INFO L272 TraceCheckUtils]: 109: Hoare triple {3162#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {3162#false} is VALID [2022-02-20 18:00:55,493 INFO L290 TraceCheckUtils]: 110: Hoare triple {3162#false} ~handle := #in~handle;havoc ~retValue_acc~29; {3162#false} is VALID [2022-02-20 18:00:55,493 INFO L290 TraceCheckUtils]: 111: Hoare triple {3162#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {3162#false} is VALID [2022-02-20 18:00:55,493 INFO L290 TraceCheckUtils]: 112: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,493 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {3162#false} {3162#false} #1219#return; {3162#false} is VALID [2022-02-20 18:00:55,493 INFO L290 TraceCheckUtils]: 114: Hoare triple {3162#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {3162#false} is VALID [2022-02-20 18:00:55,493 INFO L290 TraceCheckUtils]: 115: Hoare triple {3162#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {3162#false} is VALID [2022-02-20 18:00:55,493 INFO L272 TraceCheckUtils]: 116: Hoare triple {3162#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {3162#false} is VALID [2022-02-20 18:00:55,493 INFO L290 TraceCheckUtils]: 117: Hoare triple {3162#false} ~handle := #in~handle;havoc ~retValue_acc~26; {3162#false} is VALID [2022-02-20 18:00:55,494 INFO L290 TraceCheckUtils]: 118: Hoare triple {3162#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {3162#false} is VALID [2022-02-20 18:00:55,494 INFO L290 TraceCheckUtils]: 119: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,494 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {3162#false} {3162#false} #1221#return; {3162#false} is VALID [2022-02-20 18:00:55,494 INFO L290 TraceCheckUtils]: 121: Hoare triple {3162#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {3162#false} is VALID [2022-02-20 18:00:55,494 INFO L290 TraceCheckUtils]: 122: Hoare triple {3162#false} assume 1 == ~sent_encrypted~0; {3162#false} is VALID [2022-02-20 18:00:55,503 INFO L272 TraceCheckUtils]: 123: Hoare triple {3162#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {3162#false} is VALID [2022-02-20 18:00:55,503 INFO L290 TraceCheckUtils]: 124: Hoare triple {3162#false} ~handle := #in~handle;havoc ~retValue_acc~13; {3162#false} is VALID [2022-02-20 18:00:55,503 INFO L290 TraceCheckUtils]: 125: Hoare triple {3162#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {3162#false} is VALID [2022-02-20 18:00:55,503 INFO L290 TraceCheckUtils]: 126: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,503 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {3162#false} {3162#false} #1223#return; {3162#false} is VALID [2022-02-20 18:00:55,503 INFO L290 TraceCheckUtils]: 128: Hoare triple {3162#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L272 TraceCheckUtils]: 129: Hoare triple {3162#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 130: Hoare triple {3162#false} ~handle := #in~handle;havoc ~retValue_acc~30; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 131: Hoare triple {3162#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 132: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {3162#false} {3162#false} #1225#return; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 134: Hoare triple {3162#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L272 TraceCheckUtils]: 135: Hoare triple {3162#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 136: Hoare triple {3162#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 137: Hoare triple {3162#false} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 138: Hoare triple {3162#false} assume true; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {3162#false} {3162#false} #1227#return; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 140: Hoare triple {3162#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 141: Hoare triple {3162#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {3162#false} is VALID [2022-02-20 18:00:55,504 INFO L290 TraceCheckUtils]: 142: Hoare triple {3162#false} assume !false; {3162#false} is VALID [2022-02-20 18:00:55,505 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 44 trivial. 0 not checked. [2022-02-20 18:00:55,505 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:55,505 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1996356254] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:55,505 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:55,505 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:00:55,505 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2023275549] [2022-02-20 18:00:55,505 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:55,506 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 143 [2022-02-20 18:00:55,507 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:55,507 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:55,577 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:55,577 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:00:55,577 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:55,578 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:00:55,578 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:00:55,578 INFO L87 Difference]: Start difference. First operand 405 states and 615 transitions. Second operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:56,055 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:56,056 INFO L93 Difference]: Finished difference Result 616 states and 914 transitions. [2022-02-20 18:00:56,056 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:00:56,056 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 143 [2022-02-20 18:00:56,056 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:56,056 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:56,066 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 914 transitions. [2022-02-20 18:00:56,067 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:56,078 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 914 transitions. [2022-02-20 18:00:56,078 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 914 transitions. [2022-02-20 18:00:56,659 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 914 edges. 914 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:56,672 INFO L225 Difference]: With dead ends: 616 [2022-02-20 18:00:56,673 INFO L226 Difference]: Without dead ends: 408 [2022-02-20 18:00:56,674 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 184 GetRequests, 176 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:00:56,674 INFO L933 BasicCegarLoop]: 613 mSDtfsCounter, 1 mSDsluCounter, 611 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1224 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:56,675 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1224 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:56,675 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 408 states. [2022-02-20 18:00:56,687 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 408 to 407. [2022-02-20 18:00:56,687 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:56,688 INFO L82 GeneralOperation]: Start isEquivalent. First operand 408 states. Second operand has 407 states, 315 states have (on average 1.542857142857143) internal successors, (486), 319 states have internal predecessors, (486), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:00:56,692 INFO L74 IsIncluded]: Start isIncluded. First operand 408 states. Second operand has 407 states, 315 states have (on average 1.542857142857143) internal successors, (486), 319 states have internal predecessors, (486), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:00:56,692 INFO L87 Difference]: Start difference. First operand 408 states. Second operand has 407 states, 315 states have (on average 1.542857142857143) internal successors, (486), 319 states have internal predecessors, (486), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:00:56,710 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:56,710 INFO L93 Difference]: Finished difference Result 408 states and 618 transitions. [2022-02-20 18:00:56,710 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 618 transitions. [2022-02-20 18:00:56,711 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:56,711 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:56,712 INFO L74 IsIncluded]: Start isIncluded. First operand has 407 states, 315 states have (on average 1.542857142857143) internal successors, (486), 319 states have internal predecessors, (486), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 408 states. [2022-02-20 18:00:56,713 INFO L87 Difference]: Start difference. First operand has 407 states, 315 states have (on average 1.542857142857143) internal successors, (486), 319 states have internal predecessors, (486), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 408 states. [2022-02-20 18:00:56,729 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:56,729 INFO L93 Difference]: Finished difference Result 408 states and 618 transitions. [2022-02-20 18:00:56,729 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 618 transitions. [2022-02-20 18:00:56,730 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:56,730 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:56,730 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:56,730 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:56,731 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 407 states, 315 states have (on average 1.542857142857143) internal successors, (486), 319 states have internal predecessors, (486), 66 states have call successors, (66), 25 states have call predecessors, (66), 25 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:00:56,755 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 407 states to 407 states and 617 transitions. [2022-02-20 18:00:56,756 INFO L78 Accepts]: Start accepts. Automaton has 407 states and 617 transitions. Word has length 143 [2022-02-20 18:00:56,756 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:56,756 INFO L470 AbstractCegarLoop]: Abstraction has 407 states and 617 transitions. [2022-02-20 18:00:56,757 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:56,757 INFO L276 IsEmpty]: Start isEmpty. Operand 407 states and 617 transitions. [2022-02-20 18:00:56,758 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 153 [2022-02-20 18:00:56,758 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:56,758 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:56,781 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:00:56,971 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:00:56,971 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:56,972 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:56,972 INFO L85 PathProgramCache]: Analyzing trace with hash 180120760, now seen corresponding path program 1 times [2022-02-20 18:00:56,972 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:56,972 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [443393280] [2022-02-20 18:00:56,972 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:56,972 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:57,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:57,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,037 INFO L290 TraceCheckUtils]: 0: Hoare triple {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,037 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,037 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,037 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5904#true} #1261#return; {5904#true} is VALID [2022-02-20 18:00:57,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:57,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,046 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,046 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,046 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5904#true} #1263#return; {5904#true} is VALID [2022-02-20 18:00:57,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:57,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,060 INFO L290 TraceCheckUtils]: 0: Hoare triple {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5986#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:57,060 INFO L290 TraceCheckUtils]: 1: Hoare triple {5986#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5987#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:57,060 INFO L290 TraceCheckUtils]: 2: Hoare triple {5987#(= |setClientId_#in~handle| 1)} assume true; {5987#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:57,061 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5987#(= |setClientId_#in~handle| 1)} {5914#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1265#return; {5905#false} is VALID [2022-02-20 18:00:57,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:00:57,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,066 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,066 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,066 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1267#return; {5905#false} is VALID [2022-02-20 18:00:57,066 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:00:57,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,073 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,073 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1269#return; {5905#false} is VALID [2022-02-20 18:00:57,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:00:57,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,082 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1271#return; {5905#false} is VALID [2022-02-20 18:00:57,087 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:00:57,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {5988#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,090 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,090 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1197#return; {5905#false} is VALID [2022-02-20 18:00:57,096 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:00:57,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,099 INFO L290 TraceCheckUtils]: 0: Hoare triple {5989#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,099 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,099 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,099 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1199#return; {5905#false} is VALID [2022-02-20 18:00:57,100 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:00:57,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,102 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~7; {5904#true} is VALID [2022-02-20 18:00:57,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {5904#true} is VALID [2022-02-20 18:00:57,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,103 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1179#return; {5905#false} is VALID [2022-02-20 18:00:57,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:00:57,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,105 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,106 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,106 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,106 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1181#return; {5905#false} is VALID [2022-02-20 18:00:57,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:00:57,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,108 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {5904#true} is VALID [2022-02-20 18:00:57,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle; {5904#true} is VALID [2022-02-20 18:00:57,109 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {5904#true} is VALID [2022-02-20 18:00:57,109 INFO L290 TraceCheckUtils]: 3: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,109 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5904#true} {5905#false} #1183#return; {5905#false} is VALID [2022-02-20 18:00:57,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:00:57,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,112 INFO L290 TraceCheckUtils]: 0: Hoare triple {5989#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,112 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,112 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,112 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1185#return; {5905#false} is VALID [2022-02-20 18:00:57,112 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:00:57,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,118 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,118 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,118 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1211#return; {5905#false} is VALID [2022-02-20 18:00:57,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:00:57,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,122 INFO L290 TraceCheckUtils]: 0: Hoare triple {5988#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,122 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,122 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,122 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1217#return; {5905#false} is VALID [2022-02-20 18:00:57,122 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:00:57,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~29; {5904#true} is VALID [2022-02-20 18:00:57,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {5904#true} is VALID [2022-02-20 18:00:57,125 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,125 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1219#return; {5905#false} is VALID [2022-02-20 18:00:57,125 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:00:57,126 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,128 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1221#return; {5905#false} is VALID [2022-02-20 18:00:57,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 18:00:57,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,130 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~13; {5904#true} is VALID [2022-02-20 18:00:57,130 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {5904#true} is VALID [2022-02-20 18:00:57,130 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,130 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1223#return; {5905#false} is VALID [2022-02-20 18:00:57,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 18:00:57,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,133 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~30; {5904#true} is VALID [2022-02-20 18:00:57,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {5904#true} is VALID [2022-02-20 18:00:57,133 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1225#return; {5905#false} is VALID [2022-02-20 18:00:57,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 18:00:57,134 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,137 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {5904#true} is VALID [2022-02-20 18:00:57,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {5904#true} is VALID [2022-02-20 18:00:57,138 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,138 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5904#true} {5905#false} #1227#return; {5905#false} is VALID [2022-02-20 18:00:57,138 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {5904#true} is VALID [2022-02-20 18:00:57,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {5904#true} is VALID [2022-02-20 18:00:57,138 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5904#true} is VALID [2022-02-20 18:00:57,138 INFO L290 TraceCheckUtils]: 3: Hoare triple {5904#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {5904#true} is VALID [2022-02-20 18:00:57,139 INFO L290 TraceCheckUtils]: 4: Hoare triple {5904#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {5904#true} is VALID [2022-02-20 18:00:57,139 INFO L290 TraceCheckUtils]: 5: Hoare triple {5904#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5904#true} is VALID [2022-02-20 18:00:57,140 INFO L272 TraceCheckUtils]: 6: Hoare triple {5904#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:57,140 INFO L290 TraceCheckUtils]: 7: Hoare triple {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,140 INFO L290 TraceCheckUtils]: 8: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,140 INFO L290 TraceCheckUtils]: 9: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,140 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5904#true} {5904#true} #1261#return; {5904#true} is VALID [2022-02-20 18:00:57,140 INFO L290 TraceCheckUtils]: 11: Hoare triple {5904#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5904#true} is VALID [2022-02-20 18:00:57,141 INFO L272 TraceCheckUtils]: 12: Hoare triple {5904#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:57,141 INFO L290 TraceCheckUtils]: 13: Hoare triple {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,141 INFO L290 TraceCheckUtils]: 14: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,141 INFO L290 TraceCheckUtils]: 15: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,141 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5904#true} {5904#true} #1263#return; {5904#true} is VALID [2022-02-20 18:00:57,142 INFO L290 TraceCheckUtils]: 17: Hoare triple {5904#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5914#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:00:57,142 INFO L272 TraceCheckUtils]: 18: Hoare triple {5914#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:57,143 INFO L290 TraceCheckUtils]: 19: Hoare triple {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5986#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:57,143 INFO L290 TraceCheckUtils]: 20: Hoare triple {5986#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5987#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:57,143 INFO L290 TraceCheckUtils]: 21: Hoare triple {5987#(= |setClientId_#in~handle| 1)} assume true; {5987#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:57,144 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5987#(= |setClientId_#in~handle| 1)} {5914#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1265#return; {5905#false} is VALID [2022-02-20 18:00:57,144 INFO L290 TraceCheckUtils]: 23: Hoare triple {5905#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5905#false} is VALID [2022-02-20 18:00:57,144 INFO L272 TraceCheckUtils]: 24: Hoare triple {5905#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:57,144 INFO L290 TraceCheckUtils]: 25: Hoare triple {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,144 INFO L290 TraceCheckUtils]: 26: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,144 INFO L290 TraceCheckUtils]: 27: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,144 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5904#true} {5905#false} #1267#return; {5905#false} is VALID [2022-02-20 18:00:57,144 INFO L290 TraceCheckUtils]: 29: Hoare triple {5905#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5905#false} is VALID [2022-02-20 18:00:57,145 INFO L272 TraceCheckUtils]: 30: Hoare triple {5905#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:57,145 INFO L290 TraceCheckUtils]: 31: Hoare triple {5984#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,145 INFO L290 TraceCheckUtils]: 32: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,145 INFO L290 TraceCheckUtils]: 33: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,145 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5904#true} {5905#false} #1269#return; {5905#false} is VALID [2022-02-20 18:00:57,145 INFO L290 TraceCheckUtils]: 35: Hoare triple {5905#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5905#false} is VALID [2022-02-20 18:00:57,145 INFO L272 TraceCheckUtils]: 36: Hoare triple {5905#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:57,145 INFO L290 TraceCheckUtils]: 37: Hoare triple {5985#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,146 INFO L290 TraceCheckUtils]: 38: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,146 INFO L290 TraceCheckUtils]: 39: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,146 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5904#true} {5905#false} #1271#return; {5905#false} is VALID [2022-02-20 18:00:57,146 INFO L290 TraceCheckUtils]: 41: Hoare triple {5905#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {5905#false} is VALID [2022-02-20 18:00:57,146 INFO L290 TraceCheckUtils]: 42: Hoare triple {5905#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5905#false} is VALID [2022-02-20 18:00:57,146 INFO L290 TraceCheckUtils]: 43: Hoare triple {5905#false} assume !false; {5905#false} is VALID [2022-02-20 18:00:57,146 INFO L290 TraceCheckUtils]: 44: Hoare triple {5905#false} assume test_~splverifierCounter~0#1 < 4; {5905#false} is VALID [2022-02-20 18:00:57,146 INFO L290 TraceCheckUtils]: 45: Hoare triple {5905#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5905#false} is VALID [2022-02-20 18:00:57,147 INFO L290 TraceCheckUtils]: 46: Hoare triple {5905#false} assume !(0 == test_~op1~0#1); {5905#false} is VALID [2022-02-20 18:00:57,147 INFO L290 TraceCheckUtils]: 47: Hoare triple {5905#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {5905#false} is VALID [2022-02-20 18:00:57,147 INFO L290 TraceCheckUtils]: 48: Hoare triple {5905#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5905#false} is VALID [2022-02-20 18:00:57,147 INFO L290 TraceCheckUtils]: 49: Hoare triple {5905#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5905#false} is VALID [2022-02-20 18:00:57,147 INFO L290 TraceCheckUtils]: 50: Hoare triple {5905#false} assume { :end_inline_setClientAutoResponse } true; {5905#false} is VALID [2022-02-20 18:00:57,147 INFO L290 TraceCheckUtils]: 51: Hoare triple {5905#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5905#false} is VALID [2022-02-20 18:00:57,147 INFO L290 TraceCheckUtils]: 52: Hoare triple {5905#false} assume !false; {5905#false} is VALID [2022-02-20 18:00:57,147 INFO L290 TraceCheckUtils]: 53: Hoare triple {5905#false} assume !(test_~splverifierCounter~0#1 < 4); {5905#false} is VALID [2022-02-20 18:00:57,148 INFO L290 TraceCheckUtils]: 54: Hoare triple {5905#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {5905#false} is VALID [2022-02-20 18:00:57,148 INFO L272 TraceCheckUtils]: 55: Hoare triple {5905#false} call sendEmail(~bob~0, ~rjh~0); {5905#false} is VALID [2022-02-20 18:00:57,148 INFO L290 TraceCheckUtils]: 56: Hoare triple {5905#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5905#false} is VALID [2022-02-20 18:00:57,148 INFO L272 TraceCheckUtils]: 57: Hoare triple {5905#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5988#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:57,148 INFO L290 TraceCheckUtils]: 58: Hoare triple {5988#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,148 INFO L290 TraceCheckUtils]: 59: Hoare triple {5904#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,148 INFO L290 TraceCheckUtils]: 60: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,148 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5904#true} {5905#false} #1197#return; {5905#false} is VALID [2022-02-20 18:00:57,148 INFO L272 TraceCheckUtils]: 62: Hoare triple {5905#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5989#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:57,149 INFO L290 TraceCheckUtils]: 63: Hoare triple {5989#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,149 INFO L290 TraceCheckUtils]: 64: Hoare triple {5904#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,149 INFO L290 TraceCheckUtils]: 65: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,149 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5904#true} {5905#false} #1199#return; {5905#false} is VALID [2022-02-20 18:00:57,149 INFO L290 TraceCheckUtils]: 67: Hoare triple {5905#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {5905#false} is VALID [2022-02-20 18:00:57,149 INFO L290 TraceCheckUtils]: 68: Hoare triple {5905#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {5905#false} is VALID [2022-02-20 18:00:57,149 INFO L272 TraceCheckUtils]: 69: Hoare triple {5905#false} call outgoing(~sender#1, ~email~0#1); {5905#false} is VALID [2022-02-20 18:00:57,149 INFO L290 TraceCheckUtils]: 70: Hoare triple {5905#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {5905#false} is VALID [2022-02-20 18:00:57,150 INFO L272 TraceCheckUtils]: 71: Hoare triple {5905#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {5904#true} is VALID [2022-02-20 18:00:57,150 INFO L290 TraceCheckUtils]: 72: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~7; {5904#true} is VALID [2022-02-20 18:00:57,150 INFO L290 TraceCheckUtils]: 73: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {5904#true} is VALID [2022-02-20 18:00:57,150 INFO L290 TraceCheckUtils]: 74: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,150 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5904#true} {5905#false} #1179#return; {5905#false} is VALID [2022-02-20 18:00:57,150 INFO L290 TraceCheckUtils]: 76: Hoare triple {5905#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {5905#false} is VALID [2022-02-20 18:00:57,150 INFO L290 TraceCheckUtils]: 77: Hoare triple {5905#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {5905#false} is VALID [2022-02-20 18:00:57,150 INFO L290 TraceCheckUtils]: 78: Hoare triple {5905#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {5905#false} is VALID [2022-02-20 18:00:57,150 INFO L272 TraceCheckUtils]: 79: Hoare triple {5905#false} call #t~ret91#1 := getEmailTo(~msg#1); {5904#true} is VALID [2022-02-20 18:00:57,151 INFO L290 TraceCheckUtils]: 80: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,151 INFO L290 TraceCheckUtils]: 81: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,151 INFO L290 TraceCheckUtils]: 82: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,151 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5904#true} {5905#false} #1181#return; {5905#false} is VALID [2022-02-20 18:00:57,151 INFO L290 TraceCheckUtils]: 84: Hoare triple {5905#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {5905#false} is VALID [2022-02-20 18:00:57,151 INFO L272 TraceCheckUtils]: 85: Hoare triple {5905#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {5904#true} is VALID [2022-02-20 18:00:57,151 INFO L290 TraceCheckUtils]: 86: Hoare triple {5904#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {5904#true} is VALID [2022-02-20 18:00:57,151 INFO L290 TraceCheckUtils]: 87: Hoare triple {5904#true} assume 1 == ~handle; {5904#true} is VALID [2022-02-20 18:00:57,152 INFO L290 TraceCheckUtils]: 88: Hoare triple {5904#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {5904#true} is VALID [2022-02-20 18:00:57,152 INFO L290 TraceCheckUtils]: 89: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,152 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5904#true} {5905#false} #1183#return; {5905#false} is VALID [2022-02-20 18:00:57,152 INFO L290 TraceCheckUtils]: 91: Hoare triple {5905#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {5905#false} is VALID [2022-02-20 18:00:57,152 INFO L272 TraceCheckUtils]: 92: Hoare triple {5905#false} call setEmailTo(~msg#1, ~second~0#1); {5989#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:57,152 INFO L290 TraceCheckUtils]: 93: Hoare triple {5989#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,152 INFO L290 TraceCheckUtils]: 94: Hoare triple {5904#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,152 INFO L290 TraceCheckUtils]: 95: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,152 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {5904#true} {5905#false} #1185#return; {5905#false} is VALID [2022-02-20 18:00:57,153 INFO L272 TraceCheckUtils]: 97: Hoare triple {5905#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {5905#false} is VALID [2022-02-20 18:00:57,153 INFO L290 TraceCheckUtils]: 98: Hoare triple {5905#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {5905#false} is VALID [2022-02-20 18:00:57,153 INFO L272 TraceCheckUtils]: 99: Hoare triple {5905#false} call #t~ret87#1 := getEmailTo(~msg#1); {5904#true} is VALID [2022-02-20 18:00:57,153 INFO L290 TraceCheckUtils]: 100: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,153 INFO L290 TraceCheckUtils]: 101: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,153 INFO L290 TraceCheckUtils]: 102: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,153 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {5904#true} {5905#false} #1211#return; {5905#false} is VALID [2022-02-20 18:00:57,153 INFO L290 TraceCheckUtils]: 104: Hoare triple {5905#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {5905#false} is VALID [2022-02-20 18:00:57,153 INFO L290 TraceCheckUtils]: 105: Hoare triple {5905#false} assume 1 == findPublicKey_~handle#1; {5905#false} is VALID [2022-02-20 18:00:57,154 INFO L290 TraceCheckUtils]: 106: Hoare triple {5905#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {5905#false} is VALID [2022-02-20 18:00:57,154 INFO L290 TraceCheckUtils]: 107: Hoare triple {5905#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {5905#false} is VALID [2022-02-20 18:00:57,154 INFO L290 TraceCheckUtils]: 108: Hoare triple {5905#false} assume !(0 != ~pubkey~0#1); {5905#false} is VALID [2022-02-20 18:00:57,154 INFO L290 TraceCheckUtils]: 109: Hoare triple {5905#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {5905#false} is VALID [2022-02-20 18:00:57,154 INFO L290 TraceCheckUtils]: 110: Hoare triple {5905#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {5905#false} is VALID [2022-02-20 18:00:57,154 INFO L290 TraceCheckUtils]: 111: Hoare triple {5905#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {5905#false} is VALID [2022-02-20 18:00:57,154 INFO L272 TraceCheckUtils]: 112: Hoare triple {5905#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {5988#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:57,154 INFO L290 TraceCheckUtils]: 113: Hoare triple {5988#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,154 INFO L290 TraceCheckUtils]: 114: Hoare triple {5904#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,155 INFO L290 TraceCheckUtils]: 115: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,155 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {5904#true} {5905#false} #1217#return; {5905#false} is VALID [2022-02-20 18:00:57,155 INFO L290 TraceCheckUtils]: 117: Hoare triple {5905#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {5905#false} is VALID [2022-02-20 18:00:57,155 INFO L272 TraceCheckUtils]: 118: Hoare triple {5905#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {5904#true} is VALID [2022-02-20 18:00:57,155 INFO L290 TraceCheckUtils]: 119: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~29; {5904#true} is VALID [2022-02-20 18:00:57,155 INFO L290 TraceCheckUtils]: 120: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {5904#true} is VALID [2022-02-20 18:00:57,155 INFO L290 TraceCheckUtils]: 121: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,155 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {5904#true} {5905#false} #1219#return; {5905#false} is VALID [2022-02-20 18:00:57,156 INFO L290 TraceCheckUtils]: 123: Hoare triple {5905#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {5905#false} is VALID [2022-02-20 18:00:57,156 INFO L290 TraceCheckUtils]: 124: Hoare triple {5905#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {5905#false} is VALID [2022-02-20 18:00:57,156 INFO L272 TraceCheckUtils]: 125: Hoare triple {5905#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {5904#true} is VALID [2022-02-20 18:00:57,156 INFO L290 TraceCheckUtils]: 126: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,156 INFO L290 TraceCheckUtils]: 127: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5904#true} is VALID [2022-02-20 18:00:57,156 INFO L290 TraceCheckUtils]: 128: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,156 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {5904#true} {5905#false} #1221#return; {5905#false} is VALID [2022-02-20 18:00:57,156 INFO L290 TraceCheckUtils]: 130: Hoare triple {5905#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {5905#false} is VALID [2022-02-20 18:00:57,156 INFO L290 TraceCheckUtils]: 131: Hoare triple {5905#false} assume 1 == ~sent_encrypted~0; {5905#false} is VALID [2022-02-20 18:00:57,157 INFO L272 TraceCheckUtils]: 132: Hoare triple {5905#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {5904#true} is VALID [2022-02-20 18:00:57,157 INFO L290 TraceCheckUtils]: 133: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~13; {5904#true} is VALID [2022-02-20 18:00:57,157 INFO L290 TraceCheckUtils]: 134: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {5904#true} is VALID [2022-02-20 18:00:57,157 INFO L290 TraceCheckUtils]: 135: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,157 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {5904#true} {5905#false} #1223#return; {5905#false} is VALID [2022-02-20 18:00:57,157 INFO L290 TraceCheckUtils]: 137: Hoare triple {5905#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {5905#false} is VALID [2022-02-20 18:00:57,157 INFO L272 TraceCheckUtils]: 138: Hoare triple {5905#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {5904#true} is VALID [2022-02-20 18:00:57,157 INFO L290 TraceCheckUtils]: 139: Hoare triple {5904#true} ~handle := #in~handle;havoc ~retValue_acc~30; {5904#true} is VALID [2022-02-20 18:00:57,157 INFO L290 TraceCheckUtils]: 140: Hoare triple {5904#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {5904#true} is VALID [2022-02-20 18:00:57,158 INFO L290 TraceCheckUtils]: 141: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,158 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {5904#true} {5905#false} #1225#return; {5905#false} is VALID [2022-02-20 18:00:57,158 INFO L290 TraceCheckUtils]: 143: Hoare triple {5905#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {5905#false} is VALID [2022-02-20 18:00:57,158 INFO L272 TraceCheckUtils]: 144: Hoare triple {5905#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {5904#true} is VALID [2022-02-20 18:00:57,158 INFO L290 TraceCheckUtils]: 145: Hoare triple {5904#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {5904#true} is VALID [2022-02-20 18:00:57,158 INFO L290 TraceCheckUtils]: 146: Hoare triple {5904#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {5904#true} is VALID [2022-02-20 18:00:57,158 INFO L290 TraceCheckUtils]: 147: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,158 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {5904#true} {5905#false} #1227#return; {5905#false} is VALID [2022-02-20 18:00:57,159 INFO L290 TraceCheckUtils]: 149: Hoare triple {5905#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {5905#false} is VALID [2022-02-20 18:00:57,159 INFO L290 TraceCheckUtils]: 150: Hoare triple {5905#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {5905#false} is VALID [2022-02-20 18:00:57,159 INFO L290 TraceCheckUtils]: 151: Hoare triple {5905#false} assume !false; {5905#false} is VALID [2022-02-20 18:00:57,159 INFO L134 CoverageAnalysis]: Checked inductivity of 46 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2022-02-20 18:00:57,161 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:57,162 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [443393280] [2022-02-20 18:00:57,162 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [443393280] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:57,162 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1442701371] [2022-02-20 18:00:57,162 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:57,162 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:57,162 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:57,163 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:57,164 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:00:57,398 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,403 INFO L263 TraceCheckSpWp]: Trace formula consists of 1271 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:00:57,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:57,448 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 0: Hoare triple {5904#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 1: Hoare triple {5904#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 2: Hoare triple {5904#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 3: Hoare triple {5904#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 4: Hoare triple {5904#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 5: Hoare triple {5904#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L272 TraceCheckUtils]: 6: Hoare triple {5904#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 7: Hoare triple {5904#true} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 8: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 9: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5904#true} {5904#true} #1261#return; {5904#true} is VALID [2022-02-20 18:00:57,728 INFO L290 TraceCheckUtils]: 11: Hoare triple {5904#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L272 TraceCheckUtils]: 12: Hoare triple {5904#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L290 TraceCheckUtils]: 13: Hoare triple {5904#true} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L290 TraceCheckUtils]: 14: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L290 TraceCheckUtils]: 15: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5904#true} {5904#true} #1263#return; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L290 TraceCheckUtils]: 17: Hoare triple {5904#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L272 TraceCheckUtils]: 18: Hoare triple {5904#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L290 TraceCheckUtils]: 19: Hoare triple {5904#true} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L290 TraceCheckUtils]: 20: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L290 TraceCheckUtils]: 21: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,729 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5904#true} {5904#true} #1265#return; {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L290 TraceCheckUtils]: 23: Hoare triple {5904#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L272 TraceCheckUtils]: 24: Hoare triple {5904#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L290 TraceCheckUtils]: 25: Hoare triple {5904#true} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L290 TraceCheckUtils]: 26: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L290 TraceCheckUtils]: 27: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5904#true} {5904#true} #1267#return; {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L290 TraceCheckUtils]: 29: Hoare triple {5904#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L272 TraceCheckUtils]: 30: Hoare triple {5904#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5904#true} is VALID [2022-02-20 18:00:57,730 INFO L290 TraceCheckUtils]: 31: Hoare triple {5904#true} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L290 TraceCheckUtils]: 32: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L290 TraceCheckUtils]: 33: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5904#true} {5904#true} #1269#return; {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L290 TraceCheckUtils]: 35: Hoare triple {5904#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L272 TraceCheckUtils]: 36: Hoare triple {5904#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L290 TraceCheckUtils]: 37: Hoare triple {5904#true} ~handle := #in~handle;~value := #in~value; {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L290 TraceCheckUtils]: 38: Hoare triple {5904#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L290 TraceCheckUtils]: 39: Hoare triple {5904#true} assume true; {5904#true} is VALID [2022-02-20 18:00:57,731 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5904#true} {5904#true} #1271#return; {5904#true} is VALID [2022-02-20 18:00:57,732 INFO L290 TraceCheckUtils]: 41: Hoare triple {5904#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {5904#true} is VALID [2022-02-20 18:00:57,742 INFO L290 TraceCheckUtils]: 42: Hoare triple {5904#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6119#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:00:57,742 INFO L290 TraceCheckUtils]: 43: Hoare triple {6119#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {6119#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:00:57,742 INFO L290 TraceCheckUtils]: 44: Hoare triple {6119#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {6119#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 45: Hoare triple {6119#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6119#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 46: Hoare triple {6119#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5905#false} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 47: Hoare triple {5905#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {5905#false} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 48: Hoare triple {5905#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5905#false} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 49: Hoare triple {5905#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5905#false} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 50: Hoare triple {5905#false} assume { :end_inline_setClientAutoResponse } true; {5905#false} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 51: Hoare triple {5905#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5905#false} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 52: Hoare triple {5905#false} assume !false; {5905#false} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 53: Hoare triple {5905#false} assume !(test_~splverifierCounter~0#1 < 4); {5905#false} is VALID [2022-02-20 18:00:57,743 INFO L290 TraceCheckUtils]: 54: Hoare triple {5905#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L272 TraceCheckUtils]: 55: Hoare triple {5905#false} call sendEmail(~bob~0, ~rjh~0); {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L290 TraceCheckUtils]: 56: Hoare triple {5905#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L272 TraceCheckUtils]: 57: Hoare triple {5905#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L290 TraceCheckUtils]: 58: Hoare triple {5905#false} ~handle := #in~handle;~value := #in~value; {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L290 TraceCheckUtils]: 59: Hoare triple {5905#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L290 TraceCheckUtils]: 60: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5905#false} {5905#false} #1197#return; {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L272 TraceCheckUtils]: 62: Hoare triple {5905#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5905#false} is VALID [2022-02-20 18:00:57,744 INFO L290 TraceCheckUtils]: 63: Hoare triple {5905#false} ~handle := #in~handle;~value := #in~value; {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L290 TraceCheckUtils]: 64: Hoare triple {5905#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L290 TraceCheckUtils]: 65: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5905#false} {5905#false} #1199#return; {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L290 TraceCheckUtils]: 67: Hoare triple {5905#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L290 TraceCheckUtils]: 68: Hoare triple {5905#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L272 TraceCheckUtils]: 69: Hoare triple {5905#false} call outgoing(~sender#1, ~email~0#1); {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L290 TraceCheckUtils]: 70: Hoare triple {5905#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L272 TraceCheckUtils]: 71: Hoare triple {5905#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {5905#false} is VALID [2022-02-20 18:00:57,745 INFO L290 TraceCheckUtils]: 72: Hoare triple {5905#false} ~handle := #in~handle;havoc ~retValue_acc~7; {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L290 TraceCheckUtils]: 73: Hoare triple {5905#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L290 TraceCheckUtils]: 74: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5905#false} {5905#false} #1179#return; {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L290 TraceCheckUtils]: 76: Hoare triple {5905#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L290 TraceCheckUtils]: 77: Hoare triple {5905#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L290 TraceCheckUtils]: 78: Hoare triple {5905#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L272 TraceCheckUtils]: 79: Hoare triple {5905#false} call #t~ret91#1 := getEmailTo(~msg#1); {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L290 TraceCheckUtils]: 80: Hoare triple {5905#false} ~handle := #in~handle;havoc ~retValue_acc~26; {5905#false} is VALID [2022-02-20 18:00:57,746 INFO L290 TraceCheckUtils]: 81: Hoare triple {5905#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L290 TraceCheckUtils]: 82: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5905#false} {5905#false} #1181#return; {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L290 TraceCheckUtils]: 84: Hoare triple {5905#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L272 TraceCheckUtils]: 85: Hoare triple {5905#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L290 TraceCheckUtils]: 86: Hoare triple {5905#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L290 TraceCheckUtils]: 87: Hoare triple {5905#false} assume 1 == ~handle; {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L290 TraceCheckUtils]: 88: Hoare triple {5905#false} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L290 TraceCheckUtils]: 89: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,747 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5905#false} {5905#false} #1183#return; {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L290 TraceCheckUtils]: 91: Hoare triple {5905#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L272 TraceCheckUtils]: 92: Hoare triple {5905#false} call setEmailTo(~msg#1, ~second~0#1); {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L290 TraceCheckUtils]: 93: Hoare triple {5905#false} ~handle := #in~handle;~value := #in~value; {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L290 TraceCheckUtils]: 94: Hoare triple {5905#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L290 TraceCheckUtils]: 95: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {5905#false} {5905#false} #1185#return; {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L272 TraceCheckUtils]: 97: Hoare triple {5905#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L290 TraceCheckUtils]: 98: Hoare triple {5905#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {5905#false} is VALID [2022-02-20 18:00:57,748 INFO L272 TraceCheckUtils]: 99: Hoare triple {5905#false} call #t~ret87#1 := getEmailTo(~msg#1); {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L290 TraceCheckUtils]: 100: Hoare triple {5905#false} ~handle := #in~handle;havoc ~retValue_acc~26; {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L290 TraceCheckUtils]: 101: Hoare triple {5905#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L290 TraceCheckUtils]: 102: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {5905#false} {5905#false} #1211#return; {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L290 TraceCheckUtils]: 104: Hoare triple {5905#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L290 TraceCheckUtils]: 105: Hoare triple {5905#false} assume 1 == findPublicKey_~handle#1; {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L290 TraceCheckUtils]: 106: Hoare triple {5905#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L290 TraceCheckUtils]: 107: Hoare triple {5905#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {5905#false} is VALID [2022-02-20 18:00:57,749 INFO L290 TraceCheckUtils]: 108: Hoare triple {5905#false} assume !(0 != ~pubkey~0#1); {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L290 TraceCheckUtils]: 109: Hoare triple {5905#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L290 TraceCheckUtils]: 110: Hoare triple {5905#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L290 TraceCheckUtils]: 111: Hoare triple {5905#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L272 TraceCheckUtils]: 112: Hoare triple {5905#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L290 TraceCheckUtils]: 113: Hoare triple {5905#false} ~handle := #in~handle;~value := #in~value; {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L290 TraceCheckUtils]: 114: Hoare triple {5905#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L290 TraceCheckUtils]: 115: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {5905#false} {5905#false} #1217#return; {5905#false} is VALID [2022-02-20 18:00:57,750 INFO L290 TraceCheckUtils]: 117: Hoare triple {5905#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L272 TraceCheckUtils]: 118: Hoare triple {5905#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L290 TraceCheckUtils]: 119: Hoare triple {5905#false} ~handle := #in~handle;havoc ~retValue_acc~29; {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L290 TraceCheckUtils]: 120: Hoare triple {5905#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L290 TraceCheckUtils]: 121: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {5905#false} {5905#false} #1219#return; {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L290 TraceCheckUtils]: 123: Hoare triple {5905#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L290 TraceCheckUtils]: 124: Hoare triple {5905#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L272 TraceCheckUtils]: 125: Hoare triple {5905#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {5905#false} is VALID [2022-02-20 18:00:57,751 INFO L290 TraceCheckUtils]: 126: Hoare triple {5905#false} ~handle := #in~handle;havoc ~retValue_acc~26; {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L290 TraceCheckUtils]: 127: Hoare triple {5905#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L290 TraceCheckUtils]: 128: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {5905#false} {5905#false} #1221#return; {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L290 TraceCheckUtils]: 130: Hoare triple {5905#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L290 TraceCheckUtils]: 131: Hoare triple {5905#false} assume 1 == ~sent_encrypted~0; {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L272 TraceCheckUtils]: 132: Hoare triple {5905#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L290 TraceCheckUtils]: 133: Hoare triple {5905#false} ~handle := #in~handle;havoc ~retValue_acc~13; {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L290 TraceCheckUtils]: 134: Hoare triple {5905#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {5905#false} is VALID [2022-02-20 18:00:57,752 INFO L290 TraceCheckUtils]: 135: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {5905#false} {5905#false} #1223#return; {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L290 TraceCheckUtils]: 137: Hoare triple {5905#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L272 TraceCheckUtils]: 138: Hoare triple {5905#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L290 TraceCheckUtils]: 139: Hoare triple {5905#false} ~handle := #in~handle;havoc ~retValue_acc~30; {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L290 TraceCheckUtils]: 140: Hoare triple {5905#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L290 TraceCheckUtils]: 141: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {5905#false} {5905#false} #1225#return; {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L290 TraceCheckUtils]: 143: Hoare triple {5905#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {5905#false} is VALID [2022-02-20 18:00:57,753 INFO L272 TraceCheckUtils]: 144: Hoare triple {5905#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {5905#false} is VALID [2022-02-20 18:00:57,754 INFO L290 TraceCheckUtils]: 145: Hoare triple {5905#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {5905#false} is VALID [2022-02-20 18:00:57,754 INFO L290 TraceCheckUtils]: 146: Hoare triple {5905#false} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {5905#false} is VALID [2022-02-20 18:00:57,754 INFO L290 TraceCheckUtils]: 147: Hoare triple {5905#false} assume true; {5905#false} is VALID [2022-02-20 18:00:57,754 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {5905#false} {5905#false} #1227#return; {5905#false} is VALID [2022-02-20 18:00:57,754 INFO L290 TraceCheckUtils]: 149: Hoare triple {5905#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {5905#false} is VALID [2022-02-20 18:00:57,754 INFO L290 TraceCheckUtils]: 150: Hoare triple {5905#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {5905#false} is VALID [2022-02-20 18:00:57,754 INFO L290 TraceCheckUtils]: 151: Hoare triple {5905#false} assume !false; {5905#false} is VALID [2022-02-20 18:00:57,755 INFO L134 CoverageAnalysis]: Checked inductivity of 46 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 44 trivial. 0 not checked. [2022-02-20 18:00:57,755 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:00:57,755 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1442701371] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:00:57,755 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:00:57,755 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:00:57,755 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [619459703] [2022-02-20 18:00:57,755 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:00:57,756 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.0) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 152 [2022-02-20 18:00:57,756 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:00:57,757 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 29.0) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:57,846 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 128 edges. 128 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:57,846 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:00:57,847 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:00:57,847 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:00:57,848 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:00:57,848 INFO L87 Difference]: Start difference. First operand 407 states and 617 transitions. Second operand has 3 states, 3 states have (on average 29.0) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:58,378 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:58,378 INFO L93 Difference]: Finished difference Result 867 states and 1334 transitions. [2022-02-20 18:00:58,378 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:00:58,378 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 29.0) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) Word has length 152 [2022-02-20 18:00:58,379 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:00:58,379 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 29.0) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:58,389 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1332 transitions. [2022-02-20 18:00:58,389 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 29.0) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:58,398 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1332 transitions. [2022-02-20 18:00:58,399 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1332 transitions. [2022-02-20 18:00:59,196 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1332 edges. 1332 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:00:59,209 INFO L225 Difference]: With dead ends: 867 [2022-02-20 18:00:59,209 INFO L226 Difference]: Without dead ends: 487 [2022-02-20 18:00:59,210 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 193 GetRequests, 185 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:00:59,211 INFO L933 BasicCegarLoop]: 634 mSDtfsCounter, 142 mSDsluCounter, 569 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 160 SdHoareTripleChecker+Valid, 1203 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:00:59,211 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [160 Valid, 1203 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:00:59,212 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 487 states. [2022-02-20 18:00:59,222 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 487 to 479. [2022-02-20 18:00:59,223 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:00:59,224 INFO L82 GeneralOperation]: Start isEquivalent. First operand 487 states. Second operand has 479 states, 373 states have (on average 1.5630026809651474) internal successors, (583), 377 states have internal predecessors, (583), 80 states have call successors, (80), 25 states have call predecessors, (80), 25 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) [2022-02-20 18:00:59,224 INFO L74 IsIncluded]: Start isIncluded. First operand 487 states. Second operand has 479 states, 373 states have (on average 1.5630026809651474) internal successors, (583), 377 states have internal predecessors, (583), 80 states have call successors, (80), 25 states have call predecessors, (80), 25 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) [2022-02-20 18:00:59,225 INFO L87 Difference]: Start difference. First operand 487 states. Second operand has 479 states, 373 states have (on average 1.5630026809651474) internal successors, (583), 377 states have internal predecessors, (583), 80 states have call successors, (80), 25 states have call predecessors, (80), 25 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) [2022-02-20 18:00:59,237 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:59,237 INFO L93 Difference]: Finished difference Result 487 states and 751 transitions. [2022-02-20 18:00:59,237 INFO L276 IsEmpty]: Start isEmpty. Operand 487 states and 751 transitions. [2022-02-20 18:00:59,239 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:59,239 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:59,240 INFO L74 IsIncluded]: Start isIncluded. First operand has 479 states, 373 states have (on average 1.5630026809651474) internal successors, (583), 377 states have internal predecessors, (583), 80 states have call successors, (80), 25 states have call predecessors, (80), 25 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) Second operand 487 states. [2022-02-20 18:00:59,240 INFO L87 Difference]: Start difference. First operand has 479 states, 373 states have (on average 1.5630026809651474) internal successors, (583), 377 states have internal predecessors, (583), 80 states have call successors, (80), 25 states have call predecessors, (80), 25 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) Second operand 487 states. [2022-02-20 18:00:59,252 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:00:59,252 INFO L93 Difference]: Finished difference Result 487 states and 751 transitions. [2022-02-20 18:00:59,252 INFO L276 IsEmpty]: Start isEmpty. Operand 487 states and 751 transitions. [2022-02-20 18:00:59,254 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:00:59,254 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:00:59,254 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:00:59,254 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:00:59,255 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 479 states, 373 states have (on average 1.5630026809651474) internal successors, (583), 377 states have internal predecessors, (583), 80 states have call successors, (80), 25 states have call predecessors, (80), 25 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) [2022-02-20 18:00:59,268 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 479 states to 479 states and 742 transitions. [2022-02-20 18:00:59,269 INFO L78 Accepts]: Start accepts. Automaton has 479 states and 742 transitions. Word has length 152 [2022-02-20 18:00:59,269 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:00:59,269 INFO L470 AbstractCegarLoop]: Abstraction has 479 states and 742 transitions. [2022-02-20 18:00:59,269 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 29.0) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 2 states have call successors, (19) [2022-02-20 18:00:59,270 INFO L276 IsEmpty]: Start isEmpty. Operand 479 states and 742 transitions. [2022-02-20 18:00:59,271 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 135 [2022-02-20 18:00:59,271 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:00:59,271 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:00:59,291 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:00:59,492 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:59,492 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:00:59,492 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:00:59,492 INFO L85 PathProgramCache]: Analyzing trace with hash 2117883540, now seen corresponding path program 1 times [2022-02-20 18:00:59,493 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:00:59,493 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2033680617] [2022-02-20 18:00:59,493 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:59,493 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:00:59,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:00:59,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,573 INFO L290 TraceCheckUtils]: 0: Hoare triple {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,573 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,573 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,574 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9288#true} #1261#return; {9288#true} is VALID [2022-02-20 18:00:59,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:00:59,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,581 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,582 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,582 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9288#true} #1263#return; {9288#true} is VALID [2022-02-20 18:00:59,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:00:59,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9357#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:59,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {9357#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9358#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:59,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {9358#(= |setClientId_#in~handle| 1)} assume true; {9358#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:59,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9358#(= |setClientId_#in~handle| 1)} {9298#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1265#return; {9289#false} is VALID [2022-02-20 18:00:59,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:00:59,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,605 INFO L290 TraceCheckUtils]: 0: Hoare triple {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1267#return; {9289#false} is VALID [2022-02-20 18:00:59,606 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:00:59,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,609 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,609 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1269#return; {9289#false} is VALID [2022-02-20 18:00:59,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:00:59,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,612 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1271#return; {9289#false} is VALID [2022-02-20 18:00:59,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:00:59,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,621 INFO L290 TraceCheckUtils]: 0: Hoare triple {9359#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,621 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,621 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,621 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1197#return; {9289#false} is VALID [2022-02-20 18:00:59,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:00:59,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {9360#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1199#return; {9289#false} is VALID [2022-02-20 18:00:59,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:00:59,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,633 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~7; {9288#true} is VALID [2022-02-20 18:00:59,633 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {9288#true} is VALID [2022-02-20 18:00:59,633 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,633 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1179#return; {9289#false} is VALID [2022-02-20 18:00:59,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:00:59,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~26; {9288#true} is VALID [2022-02-20 18:00:59,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {9288#true} is VALID [2022-02-20 18:00:59,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,636 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1211#return; {9289#false} is VALID [2022-02-20 18:00:59,636 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:00:59,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {9359#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,639 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,639 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,639 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1217#return; {9289#false} is VALID [2022-02-20 18:00:59,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:00:59,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,642 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~29; {9288#true} is VALID [2022-02-20 18:00:59,642 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {9288#true} is VALID [2022-02-20 18:00:59,642 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,642 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1219#return; {9289#false} is VALID [2022-02-20 18:00:59,643 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:00:59,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,645 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~26; {9288#true} is VALID [2022-02-20 18:00:59,645 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {9288#true} is VALID [2022-02-20 18:00:59,645 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,645 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1221#return; {9289#false} is VALID [2022-02-20 18:00:59,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:00:59,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,648 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~13; {9288#true} is VALID [2022-02-20 18:00:59,648 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {9288#true} is VALID [2022-02-20 18:00:59,648 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,648 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1223#return; {9289#false} is VALID [2022-02-20 18:00:59,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:00:59,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~30; {9288#true} is VALID [2022-02-20 18:00:59,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {9288#true} is VALID [2022-02-20 18:00:59,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,651 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1225#return; {9289#false} is VALID [2022-02-20 18:00:59,651 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:00:59,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,657 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {9288#true} is VALID [2022-02-20 18:00:59,658 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {9288#true} is VALID [2022-02-20 18:00:59,658 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,658 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9288#true} {9289#false} #1227#return; {9289#false} is VALID [2022-02-20 18:00:59,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {9288#true} is VALID [2022-02-20 18:00:59,658 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {9288#true} is VALID [2022-02-20 18:00:59,658 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9288#true} is VALID [2022-02-20 18:00:59,659 INFO L290 TraceCheckUtils]: 3: Hoare triple {9288#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {9288#true} is VALID [2022-02-20 18:00:59,659 INFO L290 TraceCheckUtils]: 4: Hoare triple {9288#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {9288#true} is VALID [2022-02-20 18:00:59,659 INFO L290 TraceCheckUtils]: 5: Hoare triple {9288#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9288#true} is VALID [2022-02-20 18:00:59,660 INFO L272 TraceCheckUtils]: 6: Hoare triple {9288#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:59,660 INFO L290 TraceCheckUtils]: 7: Hoare triple {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,660 INFO L290 TraceCheckUtils]: 8: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,660 INFO L290 TraceCheckUtils]: 9: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,660 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9288#true} {9288#true} #1261#return; {9288#true} is VALID [2022-02-20 18:00:59,660 INFO L290 TraceCheckUtils]: 11: Hoare triple {9288#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9288#true} is VALID [2022-02-20 18:00:59,661 INFO L272 TraceCheckUtils]: 12: Hoare triple {9288#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:59,661 INFO L290 TraceCheckUtils]: 13: Hoare triple {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,661 INFO L290 TraceCheckUtils]: 14: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,661 INFO L290 TraceCheckUtils]: 15: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,661 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9288#true} {9288#true} #1263#return; {9288#true} is VALID [2022-02-20 18:00:59,662 INFO L290 TraceCheckUtils]: 17: Hoare triple {9288#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9298#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:00:59,662 INFO L272 TraceCheckUtils]: 18: Hoare triple {9298#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:59,663 INFO L290 TraceCheckUtils]: 19: Hoare triple {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9357#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:00:59,663 INFO L290 TraceCheckUtils]: 20: Hoare triple {9357#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9358#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:59,663 INFO L290 TraceCheckUtils]: 21: Hoare triple {9358#(= |setClientId_#in~handle| 1)} assume true; {9358#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:00:59,664 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9358#(= |setClientId_#in~handle| 1)} {9298#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1265#return; {9289#false} is VALID [2022-02-20 18:00:59,664 INFO L290 TraceCheckUtils]: 23: Hoare triple {9289#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9289#false} is VALID [2022-02-20 18:00:59,664 INFO L272 TraceCheckUtils]: 24: Hoare triple {9289#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:59,664 INFO L290 TraceCheckUtils]: 25: Hoare triple {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,664 INFO L290 TraceCheckUtils]: 26: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,664 INFO L290 TraceCheckUtils]: 27: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,665 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9288#true} {9289#false} #1267#return; {9289#false} is VALID [2022-02-20 18:00:59,665 INFO L290 TraceCheckUtils]: 29: Hoare triple {9289#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9289#false} is VALID [2022-02-20 18:00:59,665 INFO L272 TraceCheckUtils]: 30: Hoare triple {9289#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:00:59,665 INFO L290 TraceCheckUtils]: 31: Hoare triple {9355#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,665 INFO L290 TraceCheckUtils]: 32: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,665 INFO L290 TraceCheckUtils]: 33: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,665 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9288#true} {9289#false} #1269#return; {9289#false} is VALID [2022-02-20 18:00:59,665 INFO L290 TraceCheckUtils]: 35: Hoare triple {9289#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9289#false} is VALID [2022-02-20 18:00:59,665 INFO L272 TraceCheckUtils]: 36: Hoare triple {9289#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:00:59,666 INFO L290 TraceCheckUtils]: 37: Hoare triple {9356#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,666 INFO L290 TraceCheckUtils]: 38: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,666 INFO L290 TraceCheckUtils]: 39: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,666 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9288#true} {9289#false} #1271#return; {9289#false} is VALID [2022-02-20 18:00:59,666 INFO L290 TraceCheckUtils]: 41: Hoare triple {9289#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {9289#false} is VALID [2022-02-20 18:00:59,666 INFO L290 TraceCheckUtils]: 42: Hoare triple {9289#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9289#false} is VALID [2022-02-20 18:00:59,666 INFO L290 TraceCheckUtils]: 43: Hoare triple {9289#false} assume !false; {9289#false} is VALID [2022-02-20 18:00:59,667 INFO L290 TraceCheckUtils]: 44: Hoare triple {9289#false} assume test_~splverifierCounter~0#1 < 4; {9289#false} is VALID [2022-02-20 18:00:59,667 INFO L290 TraceCheckUtils]: 45: Hoare triple {9289#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9289#false} is VALID [2022-02-20 18:00:59,667 INFO L290 TraceCheckUtils]: 46: Hoare triple {9289#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet58#1 && test_#t~nondet58#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet58#1;havoc test_#t~nondet58#1; {9289#false} is VALID [2022-02-20 18:00:59,667 INFO L290 TraceCheckUtils]: 47: Hoare triple {9289#false} assume !(0 != test_~tmp___9~0#1); {9289#false} is VALID [2022-02-20 18:00:59,667 INFO L290 TraceCheckUtils]: 48: Hoare triple {9289#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {9289#false} is VALID [2022-02-20 18:00:59,667 INFO L290 TraceCheckUtils]: 49: Hoare triple {9289#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {9289#false} is VALID [2022-02-20 18:00:59,667 INFO L290 TraceCheckUtils]: 50: Hoare triple {9289#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {9289#false} is VALID [2022-02-20 18:00:59,668 INFO L290 TraceCheckUtils]: 51: Hoare triple {9289#false} assume { :end_inline_setClientAutoResponse } true; {9289#false} is VALID [2022-02-20 18:00:59,668 INFO L290 TraceCheckUtils]: 52: Hoare triple {9289#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {9289#false} is VALID [2022-02-20 18:00:59,668 INFO L290 TraceCheckUtils]: 53: Hoare triple {9289#false} assume !false; {9289#false} is VALID [2022-02-20 18:00:59,668 INFO L290 TraceCheckUtils]: 54: Hoare triple {9289#false} assume !(test_~splverifierCounter~0#1 < 4); {9289#false} is VALID [2022-02-20 18:00:59,668 INFO L290 TraceCheckUtils]: 55: Hoare triple {9289#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {9289#false} is VALID [2022-02-20 18:00:59,668 INFO L272 TraceCheckUtils]: 56: Hoare triple {9289#false} call sendEmail(~bob~0, ~rjh~0); {9289#false} is VALID [2022-02-20 18:00:59,668 INFO L290 TraceCheckUtils]: 57: Hoare triple {9289#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9289#false} is VALID [2022-02-20 18:00:59,669 INFO L272 TraceCheckUtils]: 58: Hoare triple {9289#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9359#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:59,669 INFO L290 TraceCheckUtils]: 59: Hoare triple {9359#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,669 INFO L290 TraceCheckUtils]: 60: Hoare triple {9288#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,669 INFO L290 TraceCheckUtils]: 61: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,669 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {9288#true} {9289#false} #1197#return; {9289#false} is VALID [2022-02-20 18:00:59,669 INFO L272 TraceCheckUtils]: 63: Hoare triple {9289#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9360#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:00:59,669 INFO L290 TraceCheckUtils]: 64: Hoare triple {9360#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,669 INFO L290 TraceCheckUtils]: 65: Hoare triple {9288#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,670 INFO L290 TraceCheckUtils]: 66: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,670 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {9288#true} {9289#false} #1199#return; {9289#false} is VALID [2022-02-20 18:00:59,670 INFO L290 TraceCheckUtils]: 68: Hoare triple {9289#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {9289#false} is VALID [2022-02-20 18:00:59,670 INFO L290 TraceCheckUtils]: 69: Hoare triple {9289#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {9289#false} is VALID [2022-02-20 18:00:59,670 INFO L272 TraceCheckUtils]: 70: Hoare triple {9289#false} call outgoing(~sender#1, ~email~0#1); {9289#false} is VALID [2022-02-20 18:00:59,670 INFO L290 TraceCheckUtils]: 71: Hoare triple {9289#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {9289#false} is VALID [2022-02-20 18:00:59,670 INFO L272 TraceCheckUtils]: 72: Hoare triple {9289#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {9288#true} is VALID [2022-02-20 18:00:59,670 INFO L290 TraceCheckUtils]: 73: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~7; {9288#true} is VALID [2022-02-20 18:00:59,671 INFO L290 TraceCheckUtils]: 74: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {9288#true} is VALID [2022-02-20 18:00:59,671 INFO L290 TraceCheckUtils]: 75: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,671 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {9288#true} {9289#false} #1179#return; {9289#false} is VALID [2022-02-20 18:00:59,671 INFO L290 TraceCheckUtils]: 77: Hoare triple {9289#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {9289#false} is VALID [2022-02-20 18:00:59,671 INFO L290 TraceCheckUtils]: 78: Hoare triple {9289#false} assume !(0 != ~size~2#1); {9289#false} is VALID [2022-02-20 18:00:59,671 INFO L272 TraceCheckUtils]: 79: Hoare triple {9289#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {9289#false} is VALID [2022-02-20 18:00:59,671 INFO L290 TraceCheckUtils]: 80: Hoare triple {9289#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {9289#false} is VALID [2022-02-20 18:00:59,672 INFO L272 TraceCheckUtils]: 81: Hoare triple {9289#false} call #t~ret87#1 := getEmailTo(~msg#1); {9288#true} is VALID [2022-02-20 18:00:59,672 INFO L290 TraceCheckUtils]: 82: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~26; {9288#true} is VALID [2022-02-20 18:00:59,672 INFO L290 TraceCheckUtils]: 83: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {9288#true} is VALID [2022-02-20 18:00:59,672 INFO L290 TraceCheckUtils]: 84: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,672 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {9288#true} {9289#false} #1211#return; {9289#false} is VALID [2022-02-20 18:00:59,672 INFO L290 TraceCheckUtils]: 86: Hoare triple {9289#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {9289#false} is VALID [2022-02-20 18:00:59,672 INFO L290 TraceCheckUtils]: 87: Hoare triple {9289#false} assume 1 == findPublicKey_~handle#1; {9289#false} is VALID [2022-02-20 18:00:59,672 INFO L290 TraceCheckUtils]: 88: Hoare triple {9289#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {9289#false} is VALID [2022-02-20 18:00:59,673 INFO L290 TraceCheckUtils]: 89: Hoare triple {9289#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {9289#false} is VALID [2022-02-20 18:00:59,673 INFO L290 TraceCheckUtils]: 90: Hoare triple {9289#false} assume !(0 != ~pubkey~0#1); {9289#false} is VALID [2022-02-20 18:00:59,673 INFO L290 TraceCheckUtils]: 91: Hoare triple {9289#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {9289#false} is VALID [2022-02-20 18:00:59,673 INFO L290 TraceCheckUtils]: 92: Hoare triple {9289#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {9289#false} is VALID [2022-02-20 18:00:59,673 INFO L290 TraceCheckUtils]: 93: Hoare triple {9289#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {9289#false} is VALID [2022-02-20 18:00:59,673 INFO L272 TraceCheckUtils]: 94: Hoare triple {9289#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {9359#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:00:59,673 INFO L290 TraceCheckUtils]: 95: Hoare triple {9359#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:00:59,674 INFO L290 TraceCheckUtils]: 96: Hoare triple {9288#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9288#true} is VALID [2022-02-20 18:00:59,674 INFO L290 TraceCheckUtils]: 97: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,674 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {9288#true} {9289#false} #1217#return; {9289#false} is VALID [2022-02-20 18:00:59,674 INFO L290 TraceCheckUtils]: 99: Hoare triple {9289#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {9289#false} is VALID [2022-02-20 18:00:59,674 INFO L272 TraceCheckUtils]: 100: Hoare triple {9289#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {9288#true} is VALID [2022-02-20 18:00:59,674 INFO L290 TraceCheckUtils]: 101: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~29; {9288#true} is VALID [2022-02-20 18:00:59,674 INFO L290 TraceCheckUtils]: 102: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {9288#true} is VALID [2022-02-20 18:00:59,674 INFO L290 TraceCheckUtils]: 103: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,675 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {9288#true} {9289#false} #1219#return; {9289#false} is VALID [2022-02-20 18:00:59,675 INFO L290 TraceCheckUtils]: 105: Hoare triple {9289#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {9289#false} is VALID [2022-02-20 18:00:59,675 INFO L290 TraceCheckUtils]: 106: Hoare triple {9289#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {9289#false} is VALID [2022-02-20 18:00:59,675 INFO L272 TraceCheckUtils]: 107: Hoare triple {9289#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {9288#true} is VALID [2022-02-20 18:00:59,675 INFO L290 TraceCheckUtils]: 108: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~26; {9288#true} is VALID [2022-02-20 18:00:59,675 INFO L290 TraceCheckUtils]: 109: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {9288#true} is VALID [2022-02-20 18:00:59,675 INFO L290 TraceCheckUtils]: 110: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,675 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {9288#true} {9289#false} #1221#return; {9289#false} is VALID [2022-02-20 18:00:59,676 INFO L290 TraceCheckUtils]: 112: Hoare triple {9289#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {9289#false} is VALID [2022-02-20 18:00:59,676 INFO L290 TraceCheckUtils]: 113: Hoare triple {9289#false} assume 1 == ~sent_encrypted~0; {9289#false} is VALID [2022-02-20 18:00:59,676 INFO L272 TraceCheckUtils]: 114: Hoare triple {9289#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {9288#true} is VALID [2022-02-20 18:00:59,676 INFO L290 TraceCheckUtils]: 115: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~13; {9288#true} is VALID [2022-02-20 18:00:59,676 INFO L290 TraceCheckUtils]: 116: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {9288#true} is VALID [2022-02-20 18:00:59,676 INFO L290 TraceCheckUtils]: 117: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,676 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {9288#true} {9289#false} #1223#return; {9289#false} is VALID [2022-02-20 18:00:59,676 INFO L290 TraceCheckUtils]: 119: Hoare triple {9289#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {9289#false} is VALID [2022-02-20 18:00:59,677 INFO L272 TraceCheckUtils]: 120: Hoare triple {9289#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {9288#true} is VALID [2022-02-20 18:00:59,677 INFO L290 TraceCheckUtils]: 121: Hoare triple {9288#true} ~handle := #in~handle;havoc ~retValue_acc~30; {9288#true} is VALID [2022-02-20 18:00:59,677 INFO L290 TraceCheckUtils]: 122: Hoare triple {9288#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {9288#true} is VALID [2022-02-20 18:00:59,677 INFO L290 TraceCheckUtils]: 123: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,677 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {9288#true} {9289#false} #1225#return; {9289#false} is VALID [2022-02-20 18:00:59,677 INFO L290 TraceCheckUtils]: 125: Hoare triple {9289#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {9289#false} is VALID [2022-02-20 18:00:59,677 INFO L272 TraceCheckUtils]: 126: Hoare triple {9289#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {9288#true} is VALID [2022-02-20 18:00:59,677 INFO L290 TraceCheckUtils]: 127: Hoare triple {9288#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {9288#true} is VALID [2022-02-20 18:00:59,678 INFO L290 TraceCheckUtils]: 128: Hoare triple {9288#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {9288#true} is VALID [2022-02-20 18:00:59,678 INFO L290 TraceCheckUtils]: 129: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:00:59,678 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {9288#true} {9289#false} #1227#return; {9289#false} is VALID [2022-02-20 18:00:59,678 INFO L290 TraceCheckUtils]: 131: Hoare triple {9289#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {9289#false} is VALID [2022-02-20 18:00:59,678 INFO L290 TraceCheckUtils]: 132: Hoare triple {9289#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {9289#false} is VALID [2022-02-20 18:00:59,678 INFO L290 TraceCheckUtils]: 133: Hoare triple {9289#false} assume !false; {9289#false} is VALID [2022-02-20 18:00:59,679 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:00:59,679 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:00:59,679 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2033680617] [2022-02-20 18:00:59,679 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2033680617] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:00:59,679 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [482488852] [2022-02-20 18:00:59,679 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:00:59,680 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:00:59,680 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:00:59,681 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:00:59,682 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:00:59,897 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,900 INFO L263 TraceCheckSpWp]: Trace formula consists of 1197 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:00:59,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:00:59,946 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:00,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {9288#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {9288#true} is VALID [2022-02-20 18:01:00,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {9288#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {9288#true} is VALID [2022-02-20 18:01:00,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {9288#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9288#true} is VALID [2022-02-20 18:01:00,260 INFO L290 TraceCheckUtils]: 3: Hoare triple {9288#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {9288#true} is VALID [2022-02-20 18:01:00,260 INFO L290 TraceCheckUtils]: 4: Hoare triple {9288#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {9288#true} is VALID [2022-02-20 18:01:00,260 INFO L290 TraceCheckUtils]: 5: Hoare triple {9288#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9288#true} is VALID [2022-02-20 18:01:00,260 INFO L272 TraceCheckUtils]: 6: Hoare triple {9288#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9288#true} is VALID [2022-02-20 18:01:00,260 INFO L290 TraceCheckUtils]: 7: Hoare triple {9288#true} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L290 TraceCheckUtils]: 8: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L290 TraceCheckUtils]: 9: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9288#true} {9288#true} #1261#return; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L290 TraceCheckUtils]: 11: Hoare triple {9288#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L272 TraceCheckUtils]: 12: Hoare triple {9288#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L290 TraceCheckUtils]: 13: Hoare triple {9288#true} ~handle := #in~handle;~value := #in~value; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L290 TraceCheckUtils]: 14: Hoare triple {9288#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L290 TraceCheckUtils]: 15: Hoare triple {9288#true} assume true; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9288#true} {9288#true} #1263#return; {9288#true} is VALID [2022-02-20 18:01:00,261 INFO L290 TraceCheckUtils]: 17: Hoare triple {9288#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9415#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:01:00,261 INFO L272 TraceCheckUtils]: 18: Hoare triple {9415#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9288#true} is VALID [2022-02-20 18:01:00,262 INFO L290 TraceCheckUtils]: 19: Hoare triple {9288#true} ~handle := #in~handle;~value := #in~value; {9422#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:01:00,262 INFO L290 TraceCheckUtils]: 20: Hoare triple {9422#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9426#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:00,263 INFO L290 TraceCheckUtils]: 21: Hoare triple {9426#(<= |setClientId_#in~handle| 1)} assume true; {9426#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:00,263 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9426#(<= |setClientId_#in~handle| 1)} {9415#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1265#return; {9289#false} is VALID [2022-02-20 18:01:00,263 INFO L290 TraceCheckUtils]: 23: Hoare triple {9289#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9289#false} is VALID [2022-02-20 18:01:00,263 INFO L272 TraceCheckUtils]: 24: Hoare triple {9289#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9289#false} is VALID [2022-02-20 18:01:00,263 INFO L290 TraceCheckUtils]: 25: Hoare triple {9289#false} ~handle := #in~handle;~value := #in~value; {9289#false} is VALID [2022-02-20 18:01:00,263 INFO L290 TraceCheckUtils]: 26: Hoare triple {9289#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9289#false} is VALID [2022-02-20 18:01:00,263 INFO L290 TraceCheckUtils]: 27: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9289#false} {9289#false} #1267#return; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 29: Hoare triple {9289#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L272 TraceCheckUtils]: 30: Hoare triple {9289#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 31: Hoare triple {9289#false} ~handle := #in~handle;~value := #in~value; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 32: Hoare triple {9289#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 33: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9289#false} {9289#false} #1269#return; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 35: Hoare triple {9289#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L272 TraceCheckUtils]: 36: Hoare triple {9289#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 37: Hoare triple {9289#false} ~handle := #in~handle;~value := #in~value; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 38: Hoare triple {9289#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 39: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9289#false} {9289#false} #1271#return; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 41: Hoare triple {9289#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 42: Hoare triple {9289#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 43: Hoare triple {9289#false} assume !false; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 44: Hoare triple {9289#false} assume test_~splverifierCounter~0#1 < 4; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 45: Hoare triple {9289#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 46: Hoare triple {9289#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet58#1 && test_#t~nondet58#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet58#1;havoc test_#t~nondet58#1; {9289#false} is VALID [2022-02-20 18:01:00,264 INFO L290 TraceCheckUtils]: 47: Hoare triple {9289#false} assume !(0 != test_~tmp___9~0#1); {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 48: Hoare triple {9289#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 49: Hoare triple {9289#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 50: Hoare triple {9289#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 51: Hoare triple {9289#false} assume { :end_inline_setClientAutoResponse } true; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 52: Hoare triple {9289#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 53: Hoare triple {9289#false} assume !false; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 54: Hoare triple {9289#false} assume !(test_~splverifierCounter~0#1 < 4); {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 55: Hoare triple {9289#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L272 TraceCheckUtils]: 56: Hoare triple {9289#false} call sendEmail(~bob~0, ~rjh~0); {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 57: Hoare triple {9289#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L272 TraceCheckUtils]: 58: Hoare triple {9289#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 59: Hoare triple {9289#false} ~handle := #in~handle;~value := #in~value; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 60: Hoare triple {9289#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 61: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {9289#false} {9289#false} #1197#return; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L272 TraceCheckUtils]: 63: Hoare triple {9289#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 64: Hoare triple {9289#false} ~handle := #in~handle;~value := #in~value; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 65: Hoare triple {9289#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 66: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {9289#false} {9289#false} #1199#return; {9289#false} is VALID [2022-02-20 18:01:00,265 INFO L290 TraceCheckUtils]: 68: Hoare triple {9289#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 69: Hoare triple {9289#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L272 TraceCheckUtils]: 70: Hoare triple {9289#false} call outgoing(~sender#1, ~email~0#1); {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 71: Hoare triple {9289#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L272 TraceCheckUtils]: 72: Hoare triple {9289#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 73: Hoare triple {9289#false} ~handle := #in~handle;havoc ~retValue_acc~7; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 74: Hoare triple {9289#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 75: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {9289#false} {9289#false} #1179#return; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 77: Hoare triple {9289#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 78: Hoare triple {9289#false} assume !(0 != ~size~2#1); {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L272 TraceCheckUtils]: 79: Hoare triple {9289#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 80: Hoare triple {9289#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L272 TraceCheckUtils]: 81: Hoare triple {9289#false} call #t~ret87#1 := getEmailTo(~msg#1); {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 82: Hoare triple {9289#false} ~handle := #in~handle;havoc ~retValue_acc~26; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 83: Hoare triple {9289#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 84: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {9289#false} {9289#false} #1211#return; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 86: Hoare triple {9289#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 87: Hoare triple {9289#false} assume 1 == findPublicKey_~handle#1; {9289#false} is VALID [2022-02-20 18:01:00,266 INFO L290 TraceCheckUtils]: 88: Hoare triple {9289#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 89: Hoare triple {9289#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 90: Hoare triple {9289#false} assume !(0 != ~pubkey~0#1); {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 91: Hoare triple {9289#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 92: Hoare triple {9289#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 93: Hoare triple {9289#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L272 TraceCheckUtils]: 94: Hoare triple {9289#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 95: Hoare triple {9289#false} ~handle := #in~handle;~value := #in~value; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 96: Hoare triple {9289#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 97: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {9289#false} {9289#false} #1217#return; {9289#false} is VALID [2022-02-20 18:01:00,267 INFO L290 TraceCheckUtils]: 99: Hoare triple {9289#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L272 TraceCheckUtils]: 100: Hoare triple {9289#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 101: Hoare triple {9289#false} ~handle := #in~handle;havoc ~retValue_acc~29; {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 102: Hoare triple {9289#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 103: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {9289#false} {9289#false} #1219#return; {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 105: Hoare triple {9289#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 106: Hoare triple {9289#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L272 TraceCheckUtils]: 107: Hoare triple {9289#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {9289#false} is VALID [2022-02-20 18:01:00,269 INFO L290 TraceCheckUtils]: 108: Hoare triple {9289#false} ~handle := #in~handle;havoc ~retValue_acc~26; {9289#false} is VALID [2022-02-20 18:01:00,273 INFO L290 TraceCheckUtils]: 109: Hoare triple {9289#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {9289#false} is VALID [2022-02-20 18:01:00,273 INFO L290 TraceCheckUtils]: 110: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,273 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {9289#false} {9289#false} #1221#return; {9289#false} is VALID [2022-02-20 18:01:00,273 INFO L290 TraceCheckUtils]: 112: Hoare triple {9289#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {9289#false} is VALID [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 113: Hoare triple {9289#false} assume 1 == ~sent_encrypted~0; {9289#false} is VALID [2022-02-20 18:01:00,280 INFO L272 TraceCheckUtils]: 114: Hoare triple {9289#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {9289#false} is VALID [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 115: Hoare triple {9289#false} ~handle := #in~handle;havoc ~retValue_acc~13; {9289#false} is VALID [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 116: Hoare triple {9289#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {9289#false} is VALID [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 117: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,280 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {9289#false} {9289#false} #1223#return; {9289#false} is VALID [2022-02-20 18:01:00,280 INFO L290 TraceCheckUtils]: 119: Hoare triple {9289#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {9289#false} is VALID [2022-02-20 18:01:00,281 INFO L272 TraceCheckUtils]: 120: Hoare triple {9289#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {9289#false} is VALID [2022-02-20 18:01:00,281 INFO L290 TraceCheckUtils]: 121: Hoare triple {9289#false} ~handle := #in~handle;havoc ~retValue_acc~30; {9289#false} is VALID [2022-02-20 18:01:00,283 INFO L290 TraceCheckUtils]: 122: Hoare triple {9289#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {9289#false} is VALID [2022-02-20 18:01:00,283 INFO L290 TraceCheckUtils]: 123: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,283 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {9289#false} {9289#false} #1225#return; {9289#false} is VALID [2022-02-20 18:01:00,283 INFO L290 TraceCheckUtils]: 125: Hoare triple {9289#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {9289#false} is VALID [2022-02-20 18:01:00,283 INFO L272 TraceCheckUtils]: 126: Hoare triple {9289#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {9289#false} is VALID [2022-02-20 18:01:00,283 INFO L290 TraceCheckUtils]: 127: Hoare triple {9289#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {9289#false} is VALID [2022-02-20 18:01:00,284 INFO L290 TraceCheckUtils]: 128: Hoare triple {9289#false} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {9289#false} is VALID [2022-02-20 18:01:00,284 INFO L290 TraceCheckUtils]: 129: Hoare triple {9289#false} assume true; {9289#false} is VALID [2022-02-20 18:01:00,284 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {9289#false} {9289#false} #1227#return; {9289#false} is VALID [2022-02-20 18:01:00,284 INFO L290 TraceCheckUtils]: 131: Hoare triple {9289#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {9289#false} is VALID [2022-02-20 18:01:00,284 INFO L290 TraceCheckUtils]: 132: Hoare triple {9289#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {9289#false} is VALID [2022-02-20 18:01:00,284 INFO L290 TraceCheckUtils]: 133: Hoare triple {9289#false} assume !false; {9289#false} is VALID [2022-02-20 18:01:00,284 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 15 trivial. 0 not checked. [2022-02-20 18:01:00,285 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:00,285 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [482488852] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:00,285 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:00,285 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:01:00,285 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2097103550] [2022-02-20 18:01:00,285 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:00,286 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 22.25) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 134 [2022-02-20 18:01:00,291 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:00,291 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 22.25) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:00,373 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:00,374 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:01:00,374 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:00,374 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:01:00,374 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:01:00,374 INFO L87 Difference]: Start difference. First operand 479 states and 742 transitions. Second operand has 5 states, 4 states have (on average 22.25) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:01,458 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:01,459 INFO L93 Difference]: Finished difference Result 949 states and 1474 transitions. [2022-02-20 18:01:01,459 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:01:01,459 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 22.25) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 134 [2022-02-20 18:01:01,459 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:01,460 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 22.25) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:01,469 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1220 transitions. [2022-02-20 18:01:01,469 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 22.25) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:01,478 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1220 transitions. [2022-02-20 18:01:01,478 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1220 transitions. [2022-02-20 18:01:02,200 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1220 edges. 1220 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:02,220 INFO L225 Difference]: With dead ends: 949 [2022-02-20 18:01:02,221 INFO L226 Difference]: Without dead ends: 481 [2022-02-20 18:01:02,222 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 170 GetRequests, 159 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:01:02,224 INFO L933 BasicCegarLoop]: 606 mSDtfsCounter, 160 mSDsluCounter, 1636 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 2242 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:02,224 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 2242 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:02,226 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 481 states. [2022-02-20 18:01:02,272 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 481 to 481. [2022-02-20 18:01:02,272 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:02,273 INFO L82 GeneralOperation]: Start isEquivalent. First operand 481 states. Second operand has 481 states, 374 states have (on average 1.5614973262032086) internal successors, (584), 379 states have internal predecessors, (584), 80 states have call successors, (80), 25 states have call predecessors, (80), 26 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) [2022-02-20 18:01:02,274 INFO L74 IsIncluded]: Start isIncluded. First operand 481 states. Second operand has 481 states, 374 states have (on average 1.5614973262032086) internal successors, (584), 379 states have internal predecessors, (584), 80 states have call successors, (80), 25 states have call predecessors, (80), 26 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) [2022-02-20 18:01:02,275 INFO L87 Difference]: Start difference. First operand 481 states. Second operand has 481 states, 374 states have (on average 1.5614973262032086) internal successors, (584), 379 states have internal predecessors, (584), 80 states have call successors, (80), 25 states have call predecessors, (80), 26 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) [2022-02-20 18:01:02,286 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:02,287 INFO L93 Difference]: Finished difference Result 481 states and 745 transitions. [2022-02-20 18:01:02,287 INFO L276 IsEmpty]: Start isEmpty. Operand 481 states and 745 transitions. [2022-02-20 18:01:02,288 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:02,288 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:02,289 INFO L74 IsIncluded]: Start isIncluded. First operand has 481 states, 374 states have (on average 1.5614973262032086) internal successors, (584), 379 states have internal predecessors, (584), 80 states have call successors, (80), 25 states have call predecessors, (80), 26 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) Second operand 481 states. [2022-02-20 18:01:02,290 INFO L87 Difference]: Start difference. First operand has 481 states, 374 states have (on average 1.5614973262032086) internal successors, (584), 379 states have internal predecessors, (584), 80 states have call successors, (80), 25 states have call predecessors, (80), 26 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) Second operand 481 states. [2022-02-20 18:01:02,304 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:02,304 INFO L93 Difference]: Finished difference Result 481 states and 745 transitions. [2022-02-20 18:01:02,304 INFO L276 IsEmpty]: Start isEmpty. Operand 481 states and 745 transitions. [2022-02-20 18:01:02,305 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:02,305 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:02,306 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:02,306 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:02,307 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 481 states, 374 states have (on average 1.5614973262032086) internal successors, (584), 379 states have internal predecessors, (584), 80 states have call successors, (80), 25 states have call predecessors, (80), 26 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) [2022-02-20 18:01:02,320 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 481 states to 481 states and 745 transitions. [2022-02-20 18:01:02,320 INFO L78 Accepts]: Start accepts. Automaton has 481 states and 745 transitions. Word has length 134 [2022-02-20 18:01:02,320 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:02,320 INFO L470 AbstractCegarLoop]: Abstraction has 481 states and 745 transitions. [2022-02-20 18:01:02,320 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 22.25) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:02,320 INFO L276 IsEmpty]: Start isEmpty. Operand 481 states and 745 transitions. [2022-02-20 18:01:02,322 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 155 [2022-02-20 18:01:02,322 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:02,322 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:02,342 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:02,531 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:02,531 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:02,532 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:02,532 INFO L85 PathProgramCache]: Analyzing trace with hash -8021744, now seen corresponding path program 1 times [2022-02-20 18:01:02,532 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:02,532 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1767805301] [2022-02-20 18:01:02,532 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:02,532 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:02,565 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:02,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12721#true} #1261#return; {12721#true} is VALID [2022-02-20 18:01:02,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:02,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,608 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12721#true} #1263#return; {12721#true} is VALID [2022-02-20 18:01:02,608 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:02,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,623 INFO L290 TraceCheckUtils]: 0: Hoare triple {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12805#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:02,623 INFO L290 TraceCheckUtils]: 1: Hoare triple {12805#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12805#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:02,624 INFO L290 TraceCheckUtils]: 2: Hoare triple {12805#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12806#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:02,624 INFO L290 TraceCheckUtils]: 3: Hoare triple {12806#(= 2 |setClientId_#in~handle|)} assume true; {12806#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:02,624 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12806#(= 2 |setClientId_#in~handle|)} {12731#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1265#return; {12737#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:02,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:02,627 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12807#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:02,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {12807#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12808#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:02,641 INFO L290 TraceCheckUtils]: 2: Hoare triple {12808#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12808#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:02,641 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12808#(= |setClientPrivateKey_#in~handle| 1)} {12737#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1267#return; {12722#false} is VALID [2022-02-20 18:01:02,641 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:01:02,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,645 INFO L290 TraceCheckUtils]: 0: Hoare triple {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,645 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,645 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,645 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1269#return; {12722#false} is VALID [2022-02-20 18:01:02,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:01:02,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,648 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,648 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,648 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1271#return; {12722#false} is VALID [2022-02-20 18:01:02,655 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:01:02,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {12809#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,658 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,658 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,658 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1197#return; {12722#false} is VALID [2022-02-20 18:01:02,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:01:02,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {12810#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,669 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,670 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1199#return; {12722#false} is VALID [2022-02-20 18:01:02,670 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:01:02,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~7; {12721#true} is VALID [2022-02-20 18:01:02,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {12721#true} is VALID [2022-02-20 18:01:02,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,672 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1179#return; {12722#false} is VALID [2022-02-20 18:01:02,672 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:01:02,673 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,675 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1181#return; {12722#false} is VALID [2022-02-20 18:01:02,675 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:01:02,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,676 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {12721#true} is VALID [2022-02-20 18:01:02,677 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle; {12721#true} is VALID [2022-02-20 18:01:02,677 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {12721#true} is VALID [2022-02-20 18:01:02,677 INFO L290 TraceCheckUtils]: 3: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,677 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12721#true} {12722#false} #1183#return; {12722#false} is VALID [2022-02-20 18:01:02,677 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:01:02,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {12810#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,679 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1185#return; {12722#false} is VALID [2022-02-20 18:01:02,679 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:01:02,680 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,681 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,681 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,681 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1211#return; {12722#false} is VALID [2022-02-20 18:01:02,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:01:02,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {12809#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,683 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,683 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1217#return; {12722#false} is VALID [2022-02-20 18:01:02,683 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:01:02,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,685 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~29; {12721#true} is VALID [2022-02-20 18:01:02,685 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {12721#true} is VALID [2022-02-20 18:01:02,685 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,685 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1219#return; {12722#false} is VALID [2022-02-20 18:01:02,686 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:01:02,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,688 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1221#return; {12722#false} is VALID [2022-02-20 18:01:02,688 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 18:01:02,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~13; {12721#true} is VALID [2022-02-20 18:01:02,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {12721#true} is VALID [2022-02-20 18:01:02,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,690 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1223#return; {12722#false} is VALID [2022-02-20 18:01:02,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 140 [2022-02-20 18:01:02,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~30; {12721#true} is VALID [2022-02-20 18:01:02,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {12721#true} is VALID [2022-02-20 18:01:02,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1225#return; {12722#false} is VALID [2022-02-20 18:01:02,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 146 [2022-02-20 18:01:02,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,694 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {12721#true} is VALID [2022-02-20 18:01:02,694 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {12721#true} is VALID [2022-02-20 18:01:02,694 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,694 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12721#true} {12722#false} #1227#return; {12722#false} is VALID [2022-02-20 18:01:02,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {12721#true} is VALID [2022-02-20 18:01:02,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {12721#true} is VALID [2022-02-20 18:01:02,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12721#true} is VALID [2022-02-20 18:01:02,695 INFO L290 TraceCheckUtils]: 3: Hoare triple {12721#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {12721#true} is VALID [2022-02-20 18:01:02,695 INFO L290 TraceCheckUtils]: 4: Hoare triple {12721#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {12721#true} is VALID [2022-02-20 18:01:02,695 INFO L290 TraceCheckUtils]: 5: Hoare triple {12721#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12721#true} is VALID [2022-02-20 18:01:02,696 INFO L272 TraceCheckUtils]: 6: Hoare triple {12721#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:02,696 INFO L290 TraceCheckUtils]: 7: Hoare triple {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,696 INFO L290 TraceCheckUtils]: 8: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,696 INFO L290 TraceCheckUtils]: 9: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,696 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12721#true} {12721#true} #1261#return; {12721#true} is VALID [2022-02-20 18:01:02,696 INFO L290 TraceCheckUtils]: 11: Hoare triple {12721#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12721#true} is VALID [2022-02-20 18:01:02,697 INFO L272 TraceCheckUtils]: 12: Hoare triple {12721#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:02,697 INFO L290 TraceCheckUtils]: 13: Hoare triple {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,697 INFO L290 TraceCheckUtils]: 14: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,697 INFO L290 TraceCheckUtils]: 15: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,697 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12721#true} {12721#true} #1263#return; {12721#true} is VALID [2022-02-20 18:01:02,698 INFO L290 TraceCheckUtils]: 17: Hoare triple {12721#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12731#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:01:02,698 INFO L272 TraceCheckUtils]: 18: Hoare triple {12731#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:02,698 INFO L290 TraceCheckUtils]: 19: Hoare triple {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12805#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:02,699 INFO L290 TraceCheckUtils]: 20: Hoare triple {12805#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12805#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:02,699 INFO L290 TraceCheckUtils]: 21: Hoare triple {12805#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12806#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:02,699 INFO L290 TraceCheckUtils]: 22: Hoare triple {12806#(= 2 |setClientId_#in~handle|)} assume true; {12806#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:02,700 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12806#(= 2 |setClientId_#in~handle|)} {12731#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1265#return; {12737#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:02,700 INFO L290 TraceCheckUtils]: 24: Hoare triple {12737#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {12737#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:02,700 INFO L272 TraceCheckUtils]: 25: Hoare triple {12737#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:02,701 INFO L290 TraceCheckUtils]: 26: Hoare triple {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12807#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:02,701 INFO L290 TraceCheckUtils]: 27: Hoare triple {12807#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12808#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:02,701 INFO L290 TraceCheckUtils]: 28: Hoare triple {12808#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12808#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:02,702 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12808#(= |setClientPrivateKey_#in~handle| 1)} {12737#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1267#return; {12722#false} is VALID [2022-02-20 18:01:02,702 INFO L290 TraceCheckUtils]: 30: Hoare triple {12722#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12722#false} is VALID [2022-02-20 18:01:02,702 INFO L272 TraceCheckUtils]: 31: Hoare triple {12722#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:02,702 INFO L290 TraceCheckUtils]: 32: Hoare triple {12803#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,702 INFO L290 TraceCheckUtils]: 33: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,702 INFO L290 TraceCheckUtils]: 34: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,702 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12721#true} {12722#false} #1269#return; {12722#false} is VALID [2022-02-20 18:01:02,702 INFO L290 TraceCheckUtils]: 36: Hoare triple {12722#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12722#false} is VALID [2022-02-20 18:01:02,702 INFO L272 TraceCheckUtils]: 37: Hoare triple {12722#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:02,702 INFO L290 TraceCheckUtils]: 38: Hoare triple {12804#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,703 INFO L290 TraceCheckUtils]: 39: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,703 INFO L290 TraceCheckUtils]: 40: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,703 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12721#true} {12722#false} #1271#return; {12722#false} is VALID [2022-02-20 18:01:02,703 INFO L290 TraceCheckUtils]: 42: Hoare triple {12722#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {12722#false} is VALID [2022-02-20 18:01:02,703 INFO L290 TraceCheckUtils]: 43: Hoare triple {12722#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12722#false} is VALID [2022-02-20 18:01:02,703 INFO L290 TraceCheckUtils]: 44: Hoare triple {12722#false} assume !false; {12722#false} is VALID [2022-02-20 18:01:02,703 INFO L290 TraceCheckUtils]: 45: Hoare triple {12722#false} assume test_~splverifierCounter~0#1 < 4; {12722#false} is VALID [2022-02-20 18:01:02,703 INFO L290 TraceCheckUtils]: 46: Hoare triple {12722#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12722#false} is VALID [2022-02-20 18:01:02,703 INFO L290 TraceCheckUtils]: 47: Hoare triple {12722#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet58#1 && test_#t~nondet58#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet58#1;havoc test_#t~nondet58#1; {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 48: Hoare triple {12722#false} assume !(0 != test_~tmp___9~0#1); {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 49: Hoare triple {12722#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 50: Hoare triple {12722#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 51: Hoare triple {12722#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 52: Hoare triple {12722#false} assume { :end_inline_setClientAutoResponse } true; {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 53: Hoare triple {12722#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 54: Hoare triple {12722#false} assume !false; {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 55: Hoare triple {12722#false} assume !(test_~splverifierCounter~0#1 < 4); {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L290 TraceCheckUtils]: 56: Hoare triple {12722#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {12722#false} is VALID [2022-02-20 18:01:02,704 INFO L272 TraceCheckUtils]: 57: Hoare triple {12722#false} call sendEmail(~bob~0, ~rjh~0); {12722#false} is VALID [2022-02-20 18:01:02,705 INFO L290 TraceCheckUtils]: 58: Hoare triple {12722#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12722#false} is VALID [2022-02-20 18:01:02,705 INFO L272 TraceCheckUtils]: 59: Hoare triple {12722#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12809#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:02,705 INFO L290 TraceCheckUtils]: 60: Hoare triple {12809#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,705 INFO L290 TraceCheckUtils]: 61: Hoare triple {12721#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,705 INFO L290 TraceCheckUtils]: 62: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,705 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12721#true} {12722#false} #1197#return; {12722#false} is VALID [2022-02-20 18:01:02,705 INFO L272 TraceCheckUtils]: 64: Hoare triple {12722#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12810#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:02,705 INFO L290 TraceCheckUtils]: 65: Hoare triple {12810#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,705 INFO L290 TraceCheckUtils]: 66: Hoare triple {12721#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,705 INFO L290 TraceCheckUtils]: 67: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,706 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {12721#true} {12722#false} #1199#return; {12722#false} is VALID [2022-02-20 18:01:02,706 INFO L290 TraceCheckUtils]: 69: Hoare triple {12722#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {12722#false} is VALID [2022-02-20 18:01:02,706 INFO L290 TraceCheckUtils]: 70: Hoare triple {12722#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {12722#false} is VALID [2022-02-20 18:01:02,706 INFO L272 TraceCheckUtils]: 71: Hoare triple {12722#false} call outgoing(~sender#1, ~email~0#1); {12722#false} is VALID [2022-02-20 18:01:02,706 INFO L290 TraceCheckUtils]: 72: Hoare triple {12722#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {12722#false} is VALID [2022-02-20 18:01:02,706 INFO L272 TraceCheckUtils]: 73: Hoare triple {12722#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {12721#true} is VALID [2022-02-20 18:01:02,706 INFO L290 TraceCheckUtils]: 74: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~7; {12721#true} is VALID [2022-02-20 18:01:02,706 INFO L290 TraceCheckUtils]: 75: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {12721#true} is VALID [2022-02-20 18:01:02,706 INFO L290 TraceCheckUtils]: 76: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,707 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {12721#true} {12722#false} #1179#return; {12722#false} is VALID [2022-02-20 18:01:02,707 INFO L290 TraceCheckUtils]: 78: Hoare triple {12722#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {12722#false} is VALID [2022-02-20 18:01:02,707 INFO L290 TraceCheckUtils]: 79: Hoare triple {12722#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {12722#false} is VALID [2022-02-20 18:01:02,707 INFO L290 TraceCheckUtils]: 80: Hoare triple {12722#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {12722#false} is VALID [2022-02-20 18:01:02,707 INFO L272 TraceCheckUtils]: 81: Hoare triple {12722#false} call #t~ret91#1 := getEmailTo(~msg#1); {12721#true} is VALID [2022-02-20 18:01:02,707 INFO L290 TraceCheckUtils]: 82: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,707 INFO L290 TraceCheckUtils]: 83: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,707 INFO L290 TraceCheckUtils]: 84: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,707 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12721#true} {12722#false} #1181#return; {12722#false} is VALID [2022-02-20 18:01:02,707 INFO L290 TraceCheckUtils]: 86: Hoare triple {12722#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {12722#false} is VALID [2022-02-20 18:01:02,708 INFO L272 TraceCheckUtils]: 87: Hoare triple {12722#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {12721#true} is VALID [2022-02-20 18:01:02,708 INFO L290 TraceCheckUtils]: 88: Hoare triple {12721#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {12721#true} is VALID [2022-02-20 18:01:02,708 INFO L290 TraceCheckUtils]: 89: Hoare triple {12721#true} assume 1 == ~handle; {12721#true} is VALID [2022-02-20 18:01:02,708 INFO L290 TraceCheckUtils]: 90: Hoare triple {12721#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {12721#true} is VALID [2022-02-20 18:01:02,708 INFO L290 TraceCheckUtils]: 91: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,708 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {12721#true} {12722#false} #1183#return; {12722#false} is VALID [2022-02-20 18:01:02,708 INFO L290 TraceCheckUtils]: 93: Hoare triple {12722#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {12722#false} is VALID [2022-02-20 18:01:02,708 INFO L272 TraceCheckUtils]: 94: Hoare triple {12722#false} call setEmailTo(~msg#1, ~second~0#1); {12810#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:02,708 INFO L290 TraceCheckUtils]: 95: Hoare triple {12810#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,708 INFO L290 TraceCheckUtils]: 96: Hoare triple {12721#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,709 INFO L290 TraceCheckUtils]: 97: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,709 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {12721#true} {12722#false} #1185#return; {12722#false} is VALID [2022-02-20 18:01:02,709 INFO L272 TraceCheckUtils]: 99: Hoare triple {12722#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {12722#false} is VALID [2022-02-20 18:01:02,709 INFO L290 TraceCheckUtils]: 100: Hoare triple {12722#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {12722#false} is VALID [2022-02-20 18:01:02,709 INFO L272 TraceCheckUtils]: 101: Hoare triple {12722#false} call #t~ret87#1 := getEmailTo(~msg#1); {12721#true} is VALID [2022-02-20 18:01:02,709 INFO L290 TraceCheckUtils]: 102: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,709 INFO L290 TraceCheckUtils]: 103: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,709 INFO L290 TraceCheckUtils]: 104: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,709 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {12721#true} {12722#false} #1211#return; {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 106: Hoare triple {12722#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 107: Hoare triple {12722#false} assume 1 == findPublicKey_~handle#1; {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 108: Hoare triple {12722#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 109: Hoare triple {12722#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 110: Hoare triple {12722#false} assume !(0 != ~pubkey~0#1); {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 111: Hoare triple {12722#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 112: Hoare triple {12722#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 113: Hoare triple {12722#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {12722#false} is VALID [2022-02-20 18:01:02,710 INFO L272 TraceCheckUtils]: 114: Hoare triple {12722#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {12809#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:02,710 INFO L290 TraceCheckUtils]: 115: Hoare triple {12809#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:02,711 INFO L290 TraceCheckUtils]: 116: Hoare triple {12721#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:02,711 INFO L290 TraceCheckUtils]: 117: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,711 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {12721#true} {12722#false} #1217#return; {12722#false} is VALID [2022-02-20 18:01:02,711 INFO L290 TraceCheckUtils]: 119: Hoare triple {12722#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {12722#false} is VALID [2022-02-20 18:01:02,711 INFO L272 TraceCheckUtils]: 120: Hoare triple {12722#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {12721#true} is VALID [2022-02-20 18:01:02,711 INFO L290 TraceCheckUtils]: 121: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~29; {12721#true} is VALID [2022-02-20 18:01:02,711 INFO L290 TraceCheckUtils]: 122: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {12721#true} is VALID [2022-02-20 18:01:02,711 INFO L290 TraceCheckUtils]: 123: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,711 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {12721#true} {12722#false} #1219#return; {12722#false} is VALID [2022-02-20 18:01:02,711 INFO L290 TraceCheckUtils]: 125: Hoare triple {12722#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {12722#false} is VALID [2022-02-20 18:01:02,712 INFO L290 TraceCheckUtils]: 126: Hoare triple {12722#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {12722#false} is VALID [2022-02-20 18:01:02,712 INFO L272 TraceCheckUtils]: 127: Hoare triple {12722#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {12721#true} is VALID [2022-02-20 18:01:02,712 INFO L290 TraceCheckUtils]: 128: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,712 INFO L290 TraceCheckUtils]: 129: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12721#true} is VALID [2022-02-20 18:01:02,712 INFO L290 TraceCheckUtils]: 130: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,712 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {12721#true} {12722#false} #1221#return; {12722#false} is VALID [2022-02-20 18:01:02,712 INFO L290 TraceCheckUtils]: 132: Hoare triple {12722#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {12722#false} is VALID [2022-02-20 18:01:02,712 INFO L290 TraceCheckUtils]: 133: Hoare triple {12722#false} assume 1 == ~sent_encrypted~0; {12722#false} is VALID [2022-02-20 18:01:02,712 INFO L272 TraceCheckUtils]: 134: Hoare triple {12722#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {12721#true} is VALID [2022-02-20 18:01:02,713 INFO L290 TraceCheckUtils]: 135: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~13; {12721#true} is VALID [2022-02-20 18:01:02,713 INFO L290 TraceCheckUtils]: 136: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {12721#true} is VALID [2022-02-20 18:01:02,713 INFO L290 TraceCheckUtils]: 137: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,713 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {12721#true} {12722#false} #1223#return; {12722#false} is VALID [2022-02-20 18:01:02,713 INFO L290 TraceCheckUtils]: 139: Hoare triple {12722#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {12722#false} is VALID [2022-02-20 18:01:02,713 INFO L272 TraceCheckUtils]: 140: Hoare triple {12722#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {12721#true} is VALID [2022-02-20 18:01:02,713 INFO L290 TraceCheckUtils]: 141: Hoare triple {12721#true} ~handle := #in~handle;havoc ~retValue_acc~30; {12721#true} is VALID [2022-02-20 18:01:02,713 INFO L290 TraceCheckUtils]: 142: Hoare triple {12721#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {12721#true} is VALID [2022-02-20 18:01:02,713 INFO L290 TraceCheckUtils]: 143: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,714 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {12721#true} {12722#false} #1225#return; {12722#false} is VALID [2022-02-20 18:01:02,714 INFO L290 TraceCheckUtils]: 145: Hoare triple {12722#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {12722#false} is VALID [2022-02-20 18:01:02,714 INFO L272 TraceCheckUtils]: 146: Hoare triple {12722#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {12721#true} is VALID [2022-02-20 18:01:02,714 INFO L290 TraceCheckUtils]: 147: Hoare triple {12721#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {12721#true} is VALID [2022-02-20 18:01:02,714 INFO L290 TraceCheckUtils]: 148: Hoare triple {12721#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {12721#true} is VALID [2022-02-20 18:01:02,714 INFO L290 TraceCheckUtils]: 149: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:02,715 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {12721#true} {12722#false} #1227#return; {12722#false} is VALID [2022-02-20 18:01:02,715 INFO L290 TraceCheckUtils]: 151: Hoare triple {12722#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {12722#false} is VALID [2022-02-20 18:01:02,715 INFO L290 TraceCheckUtils]: 152: Hoare triple {12722#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {12722#false} is VALID [2022-02-20 18:01:02,715 INFO L290 TraceCheckUtils]: 153: Hoare triple {12722#false} assume !false; {12722#false} is VALID [2022-02-20 18:01:02,715 INFO L134 CoverageAnalysis]: Checked inductivity of 46 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:02,715 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:02,715 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1767805301] [2022-02-20 18:01:02,716 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1767805301] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:02,716 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1480527993] [2022-02-20 18:01:02,716 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:02,716 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:02,716 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:02,717 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:02,718 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:01:02,967 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:02,971 INFO L263 TraceCheckSpWp]: Trace formula consists of 1279 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:01:03,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:03,015 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:03,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {12721#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {12721#true} is VALID [2022-02-20 18:01:03,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {12721#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {12721#true} is VALID [2022-02-20 18:01:03,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {12721#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12721#true} is VALID [2022-02-20 18:01:03,325 INFO L290 TraceCheckUtils]: 3: Hoare triple {12721#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {12721#true} is VALID [2022-02-20 18:01:03,325 INFO L290 TraceCheckUtils]: 4: Hoare triple {12721#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {12721#true} is VALID [2022-02-20 18:01:03,325 INFO L290 TraceCheckUtils]: 5: Hoare triple {12721#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L272 TraceCheckUtils]: 6: Hoare triple {12721#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L290 TraceCheckUtils]: 7: Hoare triple {12721#true} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L290 TraceCheckUtils]: 8: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L290 TraceCheckUtils]: 9: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12721#true} {12721#true} #1261#return; {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L290 TraceCheckUtils]: 11: Hoare triple {12721#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L272 TraceCheckUtils]: 12: Hoare triple {12721#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L290 TraceCheckUtils]: 13: Hoare triple {12721#true} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:03,326 INFO L290 TraceCheckUtils]: 14: Hoare triple {12721#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:03,327 INFO L290 TraceCheckUtils]: 15: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:03,327 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12721#true} {12721#true} #1263#return; {12721#true} is VALID [2022-02-20 18:01:03,327 INFO L290 TraceCheckUtils]: 17: Hoare triple {12721#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12865#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:03,327 INFO L272 TraceCheckUtils]: 18: Hoare triple {12865#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12721#true} is VALID [2022-02-20 18:01:03,327 INFO L290 TraceCheckUtils]: 19: Hoare triple {12721#true} ~handle := #in~handle;~value := #in~value; {12721#true} is VALID [2022-02-20 18:01:03,327 INFO L290 TraceCheckUtils]: 20: Hoare triple {12721#true} assume !(1 == ~handle); {12721#true} is VALID [2022-02-20 18:01:03,328 INFO L290 TraceCheckUtils]: 21: Hoare triple {12721#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12721#true} is VALID [2022-02-20 18:01:03,328 INFO L290 TraceCheckUtils]: 22: Hoare triple {12721#true} assume true; {12721#true} is VALID [2022-02-20 18:01:03,328 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12721#true} {12865#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1265#return; {12865#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:03,329 INFO L290 TraceCheckUtils]: 24: Hoare triple {12865#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {12865#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:03,329 INFO L272 TraceCheckUtils]: 25: Hoare triple {12865#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12721#true} is VALID [2022-02-20 18:01:03,329 INFO L290 TraceCheckUtils]: 26: Hoare triple {12721#true} ~handle := #in~handle;~value := #in~value; {12893#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:01:03,329 INFO L290 TraceCheckUtils]: 27: Hoare triple {12893#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12897#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:03,330 INFO L290 TraceCheckUtils]: 28: Hoare triple {12897#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {12897#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:03,330 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12897#(<= |setClientPrivateKey_#in~handle| 1)} {12865#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1267#return; {12722#false} is VALID [2022-02-20 18:01:03,330 INFO L290 TraceCheckUtils]: 30: Hoare triple {12722#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12722#false} is VALID [2022-02-20 18:01:03,330 INFO L272 TraceCheckUtils]: 31: Hoare triple {12722#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L290 TraceCheckUtils]: 32: Hoare triple {12722#false} ~handle := #in~handle;~value := #in~value; {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L290 TraceCheckUtils]: 33: Hoare triple {12722#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L290 TraceCheckUtils]: 34: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12722#false} {12722#false} #1269#return; {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L290 TraceCheckUtils]: 36: Hoare triple {12722#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L272 TraceCheckUtils]: 37: Hoare triple {12722#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L290 TraceCheckUtils]: 38: Hoare triple {12722#false} ~handle := #in~handle;~value := #in~value; {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L290 TraceCheckUtils]: 39: Hoare triple {12722#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12722#false} is VALID [2022-02-20 18:01:03,331 INFO L290 TraceCheckUtils]: 40: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12722#false} {12722#false} #1271#return; {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L290 TraceCheckUtils]: 42: Hoare triple {12722#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L290 TraceCheckUtils]: 43: Hoare triple {12722#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L290 TraceCheckUtils]: 44: Hoare triple {12722#false} assume !false; {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L290 TraceCheckUtils]: 45: Hoare triple {12722#false} assume test_~splverifierCounter~0#1 < 4; {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L290 TraceCheckUtils]: 46: Hoare triple {12722#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L290 TraceCheckUtils]: 47: Hoare triple {12722#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet58#1 && test_#t~nondet58#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet58#1;havoc test_#t~nondet58#1; {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L290 TraceCheckUtils]: 48: Hoare triple {12722#false} assume !(0 != test_~tmp___9~0#1); {12722#false} is VALID [2022-02-20 18:01:03,332 INFO L290 TraceCheckUtils]: 49: Hoare triple {12722#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L290 TraceCheckUtils]: 50: Hoare triple {12722#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L290 TraceCheckUtils]: 51: Hoare triple {12722#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L290 TraceCheckUtils]: 52: Hoare triple {12722#false} assume { :end_inline_setClientAutoResponse } true; {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L290 TraceCheckUtils]: 53: Hoare triple {12722#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L290 TraceCheckUtils]: 54: Hoare triple {12722#false} assume !false; {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L290 TraceCheckUtils]: 55: Hoare triple {12722#false} assume !(test_~splverifierCounter~0#1 < 4); {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L290 TraceCheckUtils]: 56: Hoare triple {12722#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L272 TraceCheckUtils]: 57: Hoare triple {12722#false} call sendEmail(~bob~0, ~rjh~0); {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L290 TraceCheckUtils]: 58: Hoare triple {12722#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12722#false} is VALID [2022-02-20 18:01:03,333 INFO L272 TraceCheckUtils]: 59: Hoare triple {12722#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L290 TraceCheckUtils]: 60: Hoare triple {12722#false} ~handle := #in~handle;~value := #in~value; {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L290 TraceCheckUtils]: 61: Hoare triple {12722#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L290 TraceCheckUtils]: 62: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12722#false} {12722#false} #1197#return; {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L272 TraceCheckUtils]: 64: Hoare triple {12722#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L290 TraceCheckUtils]: 65: Hoare triple {12722#false} ~handle := #in~handle;~value := #in~value; {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L290 TraceCheckUtils]: 66: Hoare triple {12722#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L290 TraceCheckUtils]: 67: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,334 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {12722#false} {12722#false} #1199#return; {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L290 TraceCheckUtils]: 69: Hoare triple {12722#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L290 TraceCheckUtils]: 70: Hoare triple {12722#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L272 TraceCheckUtils]: 71: Hoare triple {12722#false} call outgoing(~sender#1, ~email~0#1); {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L290 TraceCheckUtils]: 72: Hoare triple {12722#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L272 TraceCheckUtils]: 73: Hoare triple {12722#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L290 TraceCheckUtils]: 74: Hoare triple {12722#false} ~handle := #in~handle;havoc ~retValue_acc~7; {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L290 TraceCheckUtils]: 75: Hoare triple {12722#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L290 TraceCheckUtils]: 76: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {12722#false} {12722#false} #1179#return; {12722#false} is VALID [2022-02-20 18:01:03,335 INFO L290 TraceCheckUtils]: 78: Hoare triple {12722#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L290 TraceCheckUtils]: 79: Hoare triple {12722#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L290 TraceCheckUtils]: 80: Hoare triple {12722#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L272 TraceCheckUtils]: 81: Hoare triple {12722#false} call #t~ret91#1 := getEmailTo(~msg#1); {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L290 TraceCheckUtils]: 82: Hoare triple {12722#false} ~handle := #in~handle;havoc ~retValue_acc~26; {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L290 TraceCheckUtils]: 83: Hoare triple {12722#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L290 TraceCheckUtils]: 84: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12722#false} {12722#false} #1181#return; {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L290 TraceCheckUtils]: 86: Hoare triple {12722#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {12722#false} is VALID [2022-02-20 18:01:03,336 INFO L272 TraceCheckUtils]: 87: Hoare triple {12722#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L290 TraceCheckUtils]: 88: Hoare triple {12722#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L290 TraceCheckUtils]: 89: Hoare triple {12722#false} assume 1 == ~handle; {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L290 TraceCheckUtils]: 90: Hoare triple {12722#false} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L290 TraceCheckUtils]: 91: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {12722#false} {12722#false} #1183#return; {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L290 TraceCheckUtils]: 93: Hoare triple {12722#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L272 TraceCheckUtils]: 94: Hoare triple {12722#false} call setEmailTo(~msg#1, ~second~0#1); {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L290 TraceCheckUtils]: 95: Hoare triple {12722#false} ~handle := #in~handle;~value := #in~value; {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L290 TraceCheckUtils]: 96: Hoare triple {12722#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12722#false} is VALID [2022-02-20 18:01:03,337 INFO L290 TraceCheckUtils]: 97: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {12722#false} {12722#false} #1185#return; {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L272 TraceCheckUtils]: 99: Hoare triple {12722#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L290 TraceCheckUtils]: 100: Hoare triple {12722#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L272 TraceCheckUtils]: 101: Hoare triple {12722#false} call #t~ret87#1 := getEmailTo(~msg#1); {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L290 TraceCheckUtils]: 102: Hoare triple {12722#false} ~handle := #in~handle;havoc ~retValue_acc~26; {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L290 TraceCheckUtils]: 103: Hoare triple {12722#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L290 TraceCheckUtils]: 104: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {12722#false} {12722#false} #1211#return; {12722#false} is VALID [2022-02-20 18:01:03,338 INFO L290 TraceCheckUtils]: 106: Hoare triple {12722#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L290 TraceCheckUtils]: 107: Hoare triple {12722#false} assume 1 == findPublicKey_~handle#1; {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L290 TraceCheckUtils]: 108: Hoare triple {12722#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L290 TraceCheckUtils]: 109: Hoare triple {12722#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L290 TraceCheckUtils]: 110: Hoare triple {12722#false} assume !(0 != ~pubkey~0#1); {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L290 TraceCheckUtils]: 111: Hoare triple {12722#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L290 TraceCheckUtils]: 112: Hoare triple {12722#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L290 TraceCheckUtils]: 113: Hoare triple {12722#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L272 TraceCheckUtils]: 114: Hoare triple {12722#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {12722#false} is VALID [2022-02-20 18:01:03,339 INFO L290 TraceCheckUtils]: 115: Hoare triple {12722#false} ~handle := #in~handle;~value := #in~value; {12722#false} is VALID [2022-02-20 18:01:03,340 INFO L290 TraceCheckUtils]: 116: Hoare triple {12722#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12722#false} is VALID [2022-02-20 18:01:03,340 INFO L290 TraceCheckUtils]: 117: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,340 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {12722#false} {12722#false} #1217#return; {12722#false} is VALID [2022-02-20 18:01:03,340 INFO L290 TraceCheckUtils]: 119: Hoare triple {12722#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {12722#false} is VALID [2022-02-20 18:01:03,340 INFO L272 TraceCheckUtils]: 120: Hoare triple {12722#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {12722#false} is VALID [2022-02-20 18:01:03,340 INFO L290 TraceCheckUtils]: 121: Hoare triple {12722#false} ~handle := #in~handle;havoc ~retValue_acc~29; {12722#false} is VALID [2022-02-20 18:01:03,340 INFO L290 TraceCheckUtils]: 122: Hoare triple {12722#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {12722#false} is VALID [2022-02-20 18:01:03,340 INFO L290 TraceCheckUtils]: 123: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {12722#false} {12722#false} #1219#return; {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L290 TraceCheckUtils]: 125: Hoare triple {12722#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L290 TraceCheckUtils]: 126: Hoare triple {12722#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L272 TraceCheckUtils]: 127: Hoare triple {12722#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L290 TraceCheckUtils]: 128: Hoare triple {12722#false} ~handle := #in~handle;havoc ~retValue_acc~26; {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L290 TraceCheckUtils]: 129: Hoare triple {12722#false} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L290 TraceCheckUtils]: 130: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {12722#false} {12722#false} #1221#return; {12722#false} is VALID [2022-02-20 18:01:03,341 INFO L290 TraceCheckUtils]: 132: Hoare triple {12722#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L290 TraceCheckUtils]: 133: Hoare triple {12722#false} assume 1 == ~sent_encrypted~0; {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L272 TraceCheckUtils]: 134: Hoare triple {12722#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L290 TraceCheckUtils]: 135: Hoare triple {12722#false} ~handle := #in~handle;havoc ~retValue_acc~13; {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L290 TraceCheckUtils]: 136: Hoare triple {12722#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L290 TraceCheckUtils]: 137: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {12722#false} {12722#false} #1223#return; {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L290 TraceCheckUtils]: 139: Hoare triple {12722#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L272 TraceCheckUtils]: 140: Hoare triple {12722#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {12722#false} is VALID [2022-02-20 18:01:03,342 INFO L290 TraceCheckUtils]: 141: Hoare triple {12722#false} ~handle := #in~handle;havoc ~retValue_acc~30; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L290 TraceCheckUtils]: 142: Hoare triple {12722#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L290 TraceCheckUtils]: 143: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {12722#false} {12722#false} #1225#return; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L290 TraceCheckUtils]: 145: Hoare triple {12722#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L272 TraceCheckUtils]: 146: Hoare triple {12722#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L290 TraceCheckUtils]: 147: Hoare triple {12722#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L290 TraceCheckUtils]: 148: Hoare triple {12722#false} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L290 TraceCheckUtils]: 149: Hoare triple {12722#false} assume true; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {12722#false} {12722#false} #1227#return; {12722#false} is VALID [2022-02-20 18:01:03,343 INFO L290 TraceCheckUtils]: 151: Hoare triple {12722#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {12722#false} is VALID [2022-02-20 18:01:03,344 INFO L290 TraceCheckUtils]: 152: Hoare triple {12722#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {12722#false} is VALID [2022-02-20 18:01:03,344 INFO L290 TraceCheckUtils]: 153: Hoare triple {12722#false} assume !false; {12722#false} is VALID [2022-02-20 18:01:03,344 INFO L134 CoverageAnalysis]: Checked inductivity of 46 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 27 trivial. 0 not checked. [2022-02-20 18:01:03,344 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:03,344 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1480527993] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:03,345 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:03,345 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:01:03,345 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [440209161] [2022-02-20 18:01:03,345 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:03,346 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 19.6) internal successors, (98), 5 states have internal predecessors, (98), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) Word has length 154 [2022-02-20 18:01:03,346 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:03,346 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 19.6) internal successors, (98), 5 states have internal predecessors, (98), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:03,435 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 139 edges. 139 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:03,435 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:01:03,435 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:03,436 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:01:03,436 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:01:03,436 INFO L87 Difference]: Start difference. First operand 481 states and 745 transitions. Second operand has 5 states, 5 states have (on average 19.6) internal successors, (98), 5 states have internal predecessors, (98), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:04,468 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:04,468 INFO L93 Difference]: Finished difference Result 951 states and 1479 transitions. [2022-02-20 18:01:04,468 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:01:04,469 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 19.6) internal successors, (98), 5 states have internal predecessors, (98), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) Word has length 154 [2022-02-20 18:01:04,469 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:04,469 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 19.6) internal successors, (98), 5 states have internal predecessors, (98), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:04,477 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1219 transitions. [2022-02-20 18:01:04,477 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 19.6) internal successors, (98), 5 states have internal predecessors, (98), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:04,486 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1219 transitions. [2022-02-20 18:01:04,487 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1219 transitions. [2022-02-20 18:01:05,239 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1219 edges. 1219 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:05,275 INFO L225 Difference]: With dead ends: 951 [2022-02-20 18:01:05,276 INFO L226 Difference]: Without dead ends: 483 [2022-02-20 18:01:05,277 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 198 GetRequests, 184 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:01:05,277 INFO L933 BasicCegarLoop]: 604 mSDtfsCounter, 159 mSDsluCounter, 1627 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 182 SdHoareTripleChecker+Valid, 2231 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:05,277 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [182 Valid, 2231 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:05,278 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 483 states. [2022-02-20 18:01:05,360 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 483 to 483. [2022-02-20 18:01:05,360 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:05,361 INFO L82 GeneralOperation]: Start isEquivalent. First operand 483 states. Second operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 18:01:05,362 INFO L74 IsIncluded]: Start isIncluded. First operand 483 states. Second operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 18:01:05,363 INFO L87 Difference]: Start difference. First operand 483 states. Second operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 18:01:05,374 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:05,374 INFO L93 Difference]: Finished difference Result 483 states and 751 transitions. [2022-02-20 18:01:05,374 INFO L276 IsEmpty]: Start isEmpty. Operand 483 states and 751 transitions. [2022-02-20 18:01:05,375 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:05,376 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:05,377 INFO L74 IsIncluded]: Start isIncluded. First operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) Second operand 483 states. [2022-02-20 18:01:05,377 INFO L87 Difference]: Start difference. First operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) Second operand 483 states. [2022-02-20 18:01:05,388 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:05,388 INFO L93 Difference]: Finished difference Result 483 states and 751 transitions. [2022-02-20 18:01:05,389 INFO L276 IsEmpty]: Start isEmpty. Operand 483 states and 751 transitions. [2022-02-20 18:01:05,391 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:05,391 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:05,391 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:05,391 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:05,393 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 18:01:05,405 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 483 states to 483 states and 751 transitions. [2022-02-20 18:01:05,406 INFO L78 Accepts]: Start accepts. Automaton has 483 states and 751 transitions. Word has length 154 [2022-02-20 18:01:05,407 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:05,407 INFO L470 AbstractCegarLoop]: Abstraction has 483 states and 751 transitions. [2022-02-20 18:01:05,407 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 19.6) internal successors, (98), 5 states have internal predecessors, (98), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:05,407 INFO L276 IsEmpty]: Start isEmpty. Operand 483 states and 751 transitions. [2022-02-20 18:01:05,409 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 137 [2022-02-20 18:01:05,409 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:05,409 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:05,431 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:05,627 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:05,627 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:05,627 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:05,627 INFO L85 PathProgramCache]: Analyzing trace with hash 710296192, now seen corresponding path program 1 times [2022-02-20 18:01:05,627 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:05,628 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [339514347] [2022-02-20 18:01:05,628 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:05,628 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:05,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:05,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,689 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16237#true} #1261#return; {16237#true} is VALID [2022-02-20 18:01:05,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:05,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,696 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,696 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16237#true} #1263#return; {16237#true} is VALID [2022-02-20 18:01:05,696 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:05,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume !(1 == ~handle); {16237#true} is VALID [2022-02-20 18:01:05,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,699 INFO L290 TraceCheckUtils]: 3: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,699 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16237#true} {16237#true} #1265#return; {16237#true} is VALID [2022-02-20 18:01:05,699 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:05,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume !(1 == ~handle); {16237#true} is VALID [2022-02-20 18:01:05,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,704 INFO L290 TraceCheckUtils]: 3: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,704 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16237#true} {16237#true} #1267#return; {16237#true} is VALID [2022-02-20 18:01:05,704 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:05,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16308#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:05,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {16308#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16309#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:05,715 INFO L290 TraceCheckUtils]: 2: Hoare triple {16309#(= |setClientId_#in~handle| 1)} assume true; {16309#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:05,715 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16309#(= |setClientId_#in~handle| 1)} {16257#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1269#return; {16238#false} is VALID [2022-02-20 18:01:05,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:05,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,718 INFO L290 TraceCheckUtils]: 0: Hoare triple {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,718 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,718 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,718 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1271#return; {16238#false} is VALID [2022-02-20 18:01:05,723 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:01:05,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,725 INFO L290 TraceCheckUtils]: 0: Hoare triple {16310#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,725 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,725 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,725 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1197#return; {16238#false} is VALID [2022-02-20 18:01:05,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:01:05,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,732 INFO L290 TraceCheckUtils]: 0: Hoare triple {16311#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,732 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,732 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,733 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1199#return; {16238#false} is VALID [2022-02-20 18:01:05,733 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:01:05,733 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~7; {16237#true} is VALID [2022-02-20 18:01:05,734 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {16237#true} is VALID [2022-02-20 18:01:05,734 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,735 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1179#return; {16238#false} is VALID [2022-02-20 18:01:05,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:01:05,735 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~26; {16237#true} is VALID [2022-02-20 18:01:05,739 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {16237#true} is VALID [2022-02-20 18:01:05,739 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,739 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1211#return; {16238#false} is VALID [2022-02-20 18:01:05,739 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:01:05,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,741 INFO L290 TraceCheckUtils]: 0: Hoare triple {16310#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,741 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,741 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1217#return; {16238#false} is VALID [2022-02-20 18:01:05,741 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:01:05,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,743 INFO L290 TraceCheckUtils]: 0: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~29; {16237#true} is VALID [2022-02-20 18:01:05,743 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {16237#true} is VALID [2022-02-20 18:01:05,743 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,743 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1219#return; {16238#false} is VALID [2022-02-20 18:01:05,744 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:01:05,744 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,745 INFO L290 TraceCheckUtils]: 0: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~26; {16237#true} is VALID [2022-02-20 18:01:05,745 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {16237#true} is VALID [2022-02-20 18:01:05,746 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,746 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1221#return; {16238#false} is VALID [2022-02-20 18:01:05,746 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:01:05,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,747 INFO L290 TraceCheckUtils]: 0: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~13; {16237#true} is VALID [2022-02-20 18:01:05,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {16237#true} is VALID [2022-02-20 18:01:05,748 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,748 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1223#return; {16238#false} is VALID [2022-02-20 18:01:05,748 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:01:05,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~30; {16237#true} is VALID [2022-02-20 18:01:05,750 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {16237#true} is VALID [2022-02-20 18:01:05,750 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,750 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1225#return; {16238#false} is VALID [2022-02-20 18:01:05,750 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:01:05,750 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:05,752 INFO L290 TraceCheckUtils]: 0: Hoare triple {16237#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {16237#true} is VALID [2022-02-20 18:01:05,752 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {16237#true} is VALID [2022-02-20 18:01:05,752 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,752 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16237#true} {16238#false} #1227#return; {16238#false} is VALID [2022-02-20 18:01:05,752 INFO L290 TraceCheckUtils]: 0: Hoare triple {16237#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {16237#true} is VALID [2022-02-20 18:01:05,752 INFO L290 TraceCheckUtils]: 1: Hoare triple {16237#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {16237#true} is VALID [2022-02-20 18:01:05,752 INFO L290 TraceCheckUtils]: 2: Hoare triple {16237#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16237#true} is VALID [2022-02-20 18:01:05,753 INFO L290 TraceCheckUtils]: 3: Hoare triple {16237#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {16237#true} is VALID [2022-02-20 18:01:05,753 INFO L290 TraceCheckUtils]: 4: Hoare triple {16237#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {16237#true} is VALID [2022-02-20 18:01:05,753 INFO L290 TraceCheckUtils]: 5: Hoare triple {16237#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16237#true} is VALID [2022-02-20 18:01:05,753 INFO L272 TraceCheckUtils]: 6: Hoare triple {16237#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:05,753 INFO L290 TraceCheckUtils]: 7: Hoare triple {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,754 INFO L290 TraceCheckUtils]: 8: Hoare triple {16237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,754 INFO L290 TraceCheckUtils]: 9: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,754 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16237#true} {16237#true} #1261#return; {16237#true} is VALID [2022-02-20 18:01:05,754 INFO L290 TraceCheckUtils]: 11: Hoare triple {16237#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16237#true} is VALID [2022-02-20 18:01:05,754 INFO L272 TraceCheckUtils]: 12: Hoare triple {16237#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:05,754 INFO L290 TraceCheckUtils]: 13: Hoare triple {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,755 INFO L290 TraceCheckUtils]: 14: Hoare triple {16237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,755 INFO L290 TraceCheckUtils]: 15: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,755 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16237#true} {16237#true} #1263#return; {16237#true} is VALID [2022-02-20 18:01:05,755 INFO L290 TraceCheckUtils]: 17: Hoare triple {16237#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16237#true} is VALID [2022-02-20 18:01:05,755 INFO L272 TraceCheckUtils]: 18: Hoare triple {16237#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:05,755 INFO L290 TraceCheckUtils]: 19: Hoare triple {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,756 INFO L290 TraceCheckUtils]: 20: Hoare triple {16237#true} assume !(1 == ~handle); {16237#true} is VALID [2022-02-20 18:01:05,756 INFO L290 TraceCheckUtils]: 21: Hoare triple {16237#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,756 INFO L290 TraceCheckUtils]: 22: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,756 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16237#true} {16237#true} #1265#return; {16237#true} is VALID [2022-02-20 18:01:05,756 INFO L290 TraceCheckUtils]: 24: Hoare triple {16237#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16237#true} is VALID [2022-02-20 18:01:05,756 INFO L272 TraceCheckUtils]: 25: Hoare triple {16237#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:05,757 INFO L290 TraceCheckUtils]: 26: Hoare triple {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,757 INFO L290 TraceCheckUtils]: 27: Hoare triple {16237#true} assume !(1 == ~handle); {16237#true} is VALID [2022-02-20 18:01:05,757 INFO L290 TraceCheckUtils]: 28: Hoare triple {16237#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,757 INFO L290 TraceCheckUtils]: 29: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,757 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16237#true} {16237#true} #1267#return; {16237#true} is VALID [2022-02-20 18:01:05,757 INFO L290 TraceCheckUtils]: 31: Hoare triple {16237#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16257#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:05,758 INFO L272 TraceCheckUtils]: 32: Hoare triple {16257#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:05,758 INFO L290 TraceCheckUtils]: 33: Hoare triple {16306#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16308#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:05,758 INFO L290 TraceCheckUtils]: 34: Hoare triple {16308#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16309#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:05,759 INFO L290 TraceCheckUtils]: 35: Hoare triple {16309#(= |setClientId_#in~handle| 1)} assume true; {16309#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:05,759 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {16309#(= |setClientId_#in~handle| 1)} {16257#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1269#return; {16238#false} is VALID [2022-02-20 18:01:05,759 INFO L290 TraceCheckUtils]: 37: Hoare triple {16238#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {16238#false} is VALID [2022-02-20 18:01:05,759 INFO L272 TraceCheckUtils]: 38: Hoare triple {16238#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:05,759 INFO L290 TraceCheckUtils]: 39: Hoare triple {16307#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,759 INFO L290 TraceCheckUtils]: 40: Hoare triple {16237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 41: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,760 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {16237#true} {16238#false} #1271#return; {16238#false} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 43: Hoare triple {16238#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {16238#false} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 44: Hoare triple {16238#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16238#false} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 45: Hoare triple {16238#false} assume !false; {16238#false} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 46: Hoare triple {16238#false} assume test_~splverifierCounter~0#1 < 4; {16238#false} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 47: Hoare triple {16238#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16238#false} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 48: Hoare triple {16238#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet58#1 && test_#t~nondet58#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet58#1;havoc test_#t~nondet58#1; {16238#false} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 49: Hoare triple {16238#false} assume !(0 != test_~tmp___9~0#1); {16238#false} is VALID [2022-02-20 18:01:05,760 INFO L290 TraceCheckUtils]: 50: Hoare triple {16238#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L290 TraceCheckUtils]: 51: Hoare triple {16238#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L290 TraceCheckUtils]: 52: Hoare triple {16238#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L290 TraceCheckUtils]: 53: Hoare triple {16238#false} assume { :end_inline_setClientAutoResponse } true; {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L290 TraceCheckUtils]: 54: Hoare triple {16238#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L290 TraceCheckUtils]: 55: Hoare triple {16238#false} assume !false; {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L290 TraceCheckUtils]: 56: Hoare triple {16238#false} assume !(test_~splverifierCounter~0#1 < 4); {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L290 TraceCheckUtils]: 57: Hoare triple {16238#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L272 TraceCheckUtils]: 58: Hoare triple {16238#false} call sendEmail(~bob~0, ~rjh~0); {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L290 TraceCheckUtils]: 59: Hoare triple {16238#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16238#false} is VALID [2022-02-20 18:01:05,761 INFO L272 TraceCheckUtils]: 60: Hoare triple {16238#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16310#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:05,762 INFO L290 TraceCheckUtils]: 61: Hoare triple {16310#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,762 INFO L290 TraceCheckUtils]: 62: Hoare triple {16237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,762 INFO L290 TraceCheckUtils]: 63: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,762 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {16237#true} {16238#false} #1197#return; {16238#false} is VALID [2022-02-20 18:01:05,762 INFO L272 TraceCheckUtils]: 65: Hoare triple {16238#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16311#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:05,762 INFO L290 TraceCheckUtils]: 66: Hoare triple {16311#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,762 INFO L290 TraceCheckUtils]: 67: Hoare triple {16237#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,762 INFO L290 TraceCheckUtils]: 68: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,762 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {16237#true} {16238#false} #1199#return; {16238#false} is VALID [2022-02-20 18:01:05,762 INFO L290 TraceCheckUtils]: 70: Hoare triple {16238#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {16238#false} is VALID [2022-02-20 18:01:05,763 INFO L290 TraceCheckUtils]: 71: Hoare triple {16238#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {16238#false} is VALID [2022-02-20 18:01:05,763 INFO L272 TraceCheckUtils]: 72: Hoare triple {16238#false} call outgoing(~sender#1, ~email~0#1); {16238#false} is VALID [2022-02-20 18:01:05,763 INFO L290 TraceCheckUtils]: 73: Hoare triple {16238#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {16238#false} is VALID [2022-02-20 18:01:05,763 INFO L272 TraceCheckUtils]: 74: Hoare triple {16238#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {16237#true} is VALID [2022-02-20 18:01:05,763 INFO L290 TraceCheckUtils]: 75: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~7; {16237#true} is VALID [2022-02-20 18:01:05,763 INFO L290 TraceCheckUtils]: 76: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {16237#true} is VALID [2022-02-20 18:01:05,763 INFO L290 TraceCheckUtils]: 77: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,763 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {16237#true} {16238#false} #1179#return; {16238#false} is VALID [2022-02-20 18:01:05,763 INFO L290 TraceCheckUtils]: 79: Hoare triple {16238#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {16238#false} is VALID [2022-02-20 18:01:05,764 INFO L290 TraceCheckUtils]: 80: Hoare triple {16238#false} assume !(0 != ~size~2#1); {16238#false} is VALID [2022-02-20 18:01:05,764 INFO L272 TraceCheckUtils]: 81: Hoare triple {16238#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {16238#false} is VALID [2022-02-20 18:01:05,764 INFO L290 TraceCheckUtils]: 82: Hoare triple {16238#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {16238#false} is VALID [2022-02-20 18:01:05,764 INFO L272 TraceCheckUtils]: 83: Hoare triple {16238#false} call #t~ret87#1 := getEmailTo(~msg#1); {16237#true} is VALID [2022-02-20 18:01:05,764 INFO L290 TraceCheckUtils]: 84: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~26; {16237#true} is VALID [2022-02-20 18:01:05,764 INFO L290 TraceCheckUtils]: 85: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {16237#true} is VALID [2022-02-20 18:01:05,764 INFO L290 TraceCheckUtils]: 86: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,764 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {16237#true} {16238#false} #1211#return; {16238#false} is VALID [2022-02-20 18:01:05,764 INFO L290 TraceCheckUtils]: 88: Hoare triple {16238#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {16238#false} is VALID [2022-02-20 18:01:05,764 INFO L290 TraceCheckUtils]: 89: Hoare triple {16238#false} assume 1 == findPublicKey_~handle#1; {16238#false} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 90: Hoare triple {16238#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {16238#false} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 91: Hoare triple {16238#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {16238#false} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 92: Hoare triple {16238#false} assume !(0 != ~pubkey~0#1); {16238#false} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 93: Hoare triple {16238#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {16238#false} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 94: Hoare triple {16238#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {16238#false} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 95: Hoare triple {16238#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {16238#false} is VALID [2022-02-20 18:01:05,765 INFO L272 TraceCheckUtils]: 96: Hoare triple {16238#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {16310#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 97: Hoare triple {16310#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16237#true} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 98: Hoare triple {16237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16237#true} is VALID [2022-02-20 18:01:05,765 INFO L290 TraceCheckUtils]: 99: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,766 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {16237#true} {16238#false} #1217#return; {16238#false} is VALID [2022-02-20 18:01:05,766 INFO L290 TraceCheckUtils]: 101: Hoare triple {16238#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {16238#false} is VALID [2022-02-20 18:01:05,766 INFO L272 TraceCheckUtils]: 102: Hoare triple {16238#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {16237#true} is VALID [2022-02-20 18:01:05,766 INFO L290 TraceCheckUtils]: 103: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~29; {16237#true} is VALID [2022-02-20 18:01:05,766 INFO L290 TraceCheckUtils]: 104: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {16237#true} is VALID [2022-02-20 18:01:05,766 INFO L290 TraceCheckUtils]: 105: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,766 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {16237#true} {16238#false} #1219#return; {16238#false} is VALID [2022-02-20 18:01:05,766 INFO L290 TraceCheckUtils]: 107: Hoare triple {16238#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {16238#false} is VALID [2022-02-20 18:01:05,766 INFO L290 TraceCheckUtils]: 108: Hoare triple {16238#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {16238#false} is VALID [2022-02-20 18:01:05,766 INFO L272 TraceCheckUtils]: 109: Hoare triple {16238#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {16237#true} is VALID [2022-02-20 18:01:05,767 INFO L290 TraceCheckUtils]: 110: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~26; {16237#true} is VALID [2022-02-20 18:01:05,767 INFO L290 TraceCheckUtils]: 111: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {16237#true} is VALID [2022-02-20 18:01:05,767 INFO L290 TraceCheckUtils]: 112: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,767 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {16237#true} {16238#false} #1221#return; {16238#false} is VALID [2022-02-20 18:01:05,767 INFO L290 TraceCheckUtils]: 114: Hoare triple {16238#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {16238#false} is VALID [2022-02-20 18:01:05,767 INFO L290 TraceCheckUtils]: 115: Hoare triple {16238#false} assume 1 == ~sent_encrypted~0; {16238#false} is VALID [2022-02-20 18:01:05,767 INFO L272 TraceCheckUtils]: 116: Hoare triple {16238#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {16237#true} is VALID [2022-02-20 18:01:05,767 INFO L290 TraceCheckUtils]: 117: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~13; {16237#true} is VALID [2022-02-20 18:01:05,767 INFO L290 TraceCheckUtils]: 118: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {16237#true} is VALID [2022-02-20 18:01:05,767 INFO L290 TraceCheckUtils]: 119: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,768 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {16237#true} {16238#false} #1223#return; {16238#false} is VALID [2022-02-20 18:01:05,768 INFO L290 TraceCheckUtils]: 121: Hoare triple {16238#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {16238#false} is VALID [2022-02-20 18:01:05,768 INFO L272 TraceCheckUtils]: 122: Hoare triple {16238#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {16237#true} is VALID [2022-02-20 18:01:05,768 INFO L290 TraceCheckUtils]: 123: Hoare triple {16237#true} ~handle := #in~handle;havoc ~retValue_acc~30; {16237#true} is VALID [2022-02-20 18:01:05,768 INFO L290 TraceCheckUtils]: 124: Hoare triple {16237#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {16237#true} is VALID [2022-02-20 18:01:05,768 INFO L290 TraceCheckUtils]: 125: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,768 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {16237#true} {16238#false} #1225#return; {16238#false} is VALID [2022-02-20 18:01:05,768 INFO L290 TraceCheckUtils]: 127: Hoare triple {16238#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {16238#false} is VALID [2022-02-20 18:01:05,768 INFO L272 TraceCheckUtils]: 128: Hoare triple {16238#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {16237#true} is VALID [2022-02-20 18:01:05,768 INFO L290 TraceCheckUtils]: 129: Hoare triple {16237#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {16237#true} is VALID [2022-02-20 18:01:05,769 INFO L290 TraceCheckUtils]: 130: Hoare triple {16237#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {16237#true} is VALID [2022-02-20 18:01:05,769 INFO L290 TraceCheckUtils]: 131: Hoare triple {16237#true} assume true; {16237#true} is VALID [2022-02-20 18:01:05,769 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {16237#true} {16238#false} #1227#return; {16238#false} is VALID [2022-02-20 18:01:05,769 INFO L290 TraceCheckUtils]: 133: Hoare triple {16238#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {16238#false} is VALID [2022-02-20 18:01:05,769 INFO L290 TraceCheckUtils]: 134: Hoare triple {16238#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {16238#false} is VALID [2022-02-20 18:01:05,769 INFO L290 TraceCheckUtils]: 135: Hoare triple {16238#false} assume !false; {16238#false} is VALID [2022-02-20 18:01:05,769 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:01:05,770 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:05,770 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [339514347] [2022-02-20 18:01:05,770 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [339514347] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:05,770 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:05,770 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:01:05,770 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1091330392] [2022-02-20 18:01:05,770 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:05,771 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 136 [2022-02-20 18:01:05,771 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:05,771 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:05,839 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 122 edges. 122 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:05,840 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:01:05,840 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:05,840 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:01:05,840 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:05,841 INFO L87 Difference]: Start difference. First operand 483 states and 751 transitions. Second operand has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:14,315 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:14,315 INFO L93 Difference]: Finished difference Result 1137 states and 1794 transitions. [2022-02-20 18:01:14,315 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:01:14,316 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 136 [2022-02-20 18:01:14,316 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:14,316 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:14,329 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1526 transitions. [2022-02-20 18:01:14,329 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:14,342 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1526 transitions. [2022-02-20 18:01:14,342 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1526 transitions. [2022-02-20 18:01:15,745 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1526 edges. 1526 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:15,778 INFO L225 Difference]: With dead ends: 1137 [2022-02-20 18:01:15,778 INFO L226 Difference]: Without dead ends: 677 [2022-02-20 18:01:15,780 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 35 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:01:15,781 INFO L933 BasicCegarLoop]: 726 mSDtfsCounter, 1494 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2598 mSolverCounterSat, 629 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1514 SdHoareTripleChecker+Valid, 1760 SdHoareTripleChecker+Invalid, 3227 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 629 IncrementalHoareTripleChecker+Valid, 2598 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:15,781 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1514 Valid, 1760 Invalid, 3227 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [629 Valid, 2598 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 18:01:15,783 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 677 states. [2022-02-20 18:01:15,934 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 677 to 483. [2022-02-20 18:01:15,934 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:15,935 INFO L82 GeneralOperation]: Start isEquivalent. First operand 677 states. Second operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) [2022-02-20 18:01:15,936 INFO L74 IsIncluded]: Start isIncluded. First operand 677 states. Second operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) [2022-02-20 18:01:15,937 INFO L87 Difference]: Start difference. First operand 677 states. Second operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) [2022-02-20 18:01:15,956 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:15,957 INFO L93 Difference]: Finished difference Result 677 states and 1074 transitions. [2022-02-20 18:01:15,957 INFO L276 IsEmpty]: Start isEmpty. Operand 677 states and 1074 transitions. [2022-02-20 18:01:15,960 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:15,960 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:15,961 INFO L74 IsIncluded]: Start isIncluded. First operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) Second operand 677 states. [2022-02-20 18:01:15,962 INFO L87 Difference]: Start difference. First operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) Second operand 677 states. [2022-02-20 18:01:15,982 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:15,982 INFO L93 Difference]: Finished difference Result 677 states and 1074 transitions. [2022-02-20 18:01:15,983 INFO L276 IsEmpty]: Start isEmpty. Operand 677 states and 1074 transitions. [2022-02-20 18:01:15,986 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:15,986 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:15,986 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:15,986 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:15,987 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 483 states, 375 states have (on average 1.56) internal successors, (585), 381 states have internal predecessors, (585), 80 states have call successors, (80), 25 states have call predecessors, (80), 27 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) [2022-02-20 18:01:15,999 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 483 states to 483 states and 750 transitions. [2022-02-20 18:01:16,000 INFO L78 Accepts]: Start accepts. Automaton has 483 states and 750 transitions. Word has length 136 [2022-02-20 18:01:16,000 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:16,000 INFO L470 AbstractCegarLoop]: Abstraction has 483 states and 750 transitions. [2022-02-20 18:01:16,000 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:01:16,001 INFO L276 IsEmpty]: Start isEmpty. Operand 483 states and 750 transitions. [2022-02-20 18:01:16,002 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 157 [2022-02-20 18:01:16,002 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:16,002 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:16,003 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:01:16,003 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:16,003 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:16,003 INFO L85 PathProgramCache]: Analyzing trace with hash 1070696002, now seen corresponding path program 1 times [2022-02-20 18:01:16,003 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:16,003 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1515156128] [2022-02-20 18:01:16,003 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:16,004 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:16,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:16,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,067 INFO L290 TraceCheckUtils]: 0: Hoare triple {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,067 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,067 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,067 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19965#true} #1261#return; {19965#true} is VALID [2022-02-20 18:01:16,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:16,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,079 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,079 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19965#true} #1263#return; {19965#true} is VALID [2022-02-20 18:01:16,079 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:16,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,083 INFO L290 TraceCheckUtils]: 0: Hoare triple {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,083 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume !(1 == ~handle); {19965#true} is VALID [2022-02-20 18:01:16,083 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,083 INFO L290 TraceCheckUtils]: 3: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,083 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19965#true} {19965#true} #1265#return; {19965#true} is VALID [2022-02-20 18:01:16,083 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:16,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,102 INFO L290 TraceCheckUtils]: 0: Hoare triple {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume !(1 == ~handle); {19965#true} is VALID [2022-02-20 18:01:16,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,102 INFO L290 TraceCheckUtils]: 3: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,102 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19965#true} {19965#true} #1267#return; {19965#true} is VALID [2022-02-20 18:01:16,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:16,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20050#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:16,114 INFO L290 TraceCheckUtils]: 1: Hoare triple {20050#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20050#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:16,115 INFO L290 TraceCheckUtils]: 2: Hoare triple {20050#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20051#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:16,115 INFO L290 TraceCheckUtils]: 3: Hoare triple {20051#(= 2 |setClientId_#in~handle|)} assume true; {20051#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:16,116 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20051#(= 2 |setClientId_#in~handle|)} {19985#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1269#return; {19966#false} is VALID [2022-02-20 18:01:16,116 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:01:16,117 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,119 INFO L290 TraceCheckUtils]: 0: Hoare triple {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,119 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,119 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,119 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1271#return; {19966#false} is VALID [2022-02-20 18:01:16,127 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:01:16,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {20052#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,145 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,145 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,145 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1197#return; {19966#false} is VALID [2022-02-20 18:01:16,151 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:01:16,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {20053#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,153 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,153 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,154 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1199#return; {19966#false} is VALID [2022-02-20 18:01:16,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:16,154 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,155 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~7; {19965#true} is VALID [2022-02-20 18:01:16,156 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {19965#true} is VALID [2022-02-20 18:01:16,156 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,156 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1179#return; {19966#false} is VALID [2022-02-20 18:01:16,156 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:01:16,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,158 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1181#return; {19966#false} is VALID [2022-02-20 18:01:16,158 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:01:16,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,160 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {19965#true} is VALID [2022-02-20 18:01:16,160 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle; {19965#true} is VALID [2022-02-20 18:01:16,160 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {19965#true} is VALID [2022-02-20 18:01:16,160 INFO L290 TraceCheckUtils]: 3: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,160 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19965#true} {19966#false} #1183#return; {19966#false} is VALID [2022-02-20 18:01:16,160 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:01:16,161 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,162 INFO L290 TraceCheckUtils]: 0: Hoare triple {20053#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,162 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,162 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,163 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1185#return; {19966#false} is VALID [2022-02-20 18:01:16,163 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:01:16,163 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,165 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,165 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1211#return; {19966#false} is VALID [2022-02-20 18:01:16,165 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:01:16,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {20052#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,167 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,167 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,167 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1217#return; {19966#false} is VALID [2022-02-20 18:01:16,167 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:01:16,168 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,169 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~29; {19965#true} is VALID [2022-02-20 18:01:16,169 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {19965#true} is VALID [2022-02-20 18:01:16,169 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,169 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1219#return; {19966#false} is VALID [2022-02-20 18:01:16,169 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:01:16,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,171 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,171 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,171 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,171 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1221#return; {19966#false} is VALID [2022-02-20 18:01:16,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 18:01:16,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~13; {19965#true} is VALID [2022-02-20 18:01:16,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {19965#true} is VALID [2022-02-20 18:01:16,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,174 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1223#return; {19966#false} is VALID [2022-02-20 18:01:16,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 18:01:16,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,176 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~30; {19965#true} is VALID [2022-02-20 18:01:16,176 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {19965#true} is VALID [2022-02-20 18:01:16,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,176 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1225#return; {19966#false} is VALID [2022-02-20 18:01:16,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 148 [2022-02-20 18:01:16,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:16,179 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {19965#true} is VALID [2022-02-20 18:01:16,179 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {19965#true} is VALID [2022-02-20 18:01:16,179 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,179 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19965#true} {19966#false} #1227#return; {19966#false} is VALID [2022-02-20 18:01:16,179 INFO L290 TraceCheckUtils]: 0: Hoare triple {19965#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {19965#true} is VALID [2022-02-20 18:01:16,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {19965#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {19965#true} is VALID [2022-02-20 18:01:16,180 INFO L290 TraceCheckUtils]: 2: Hoare triple {19965#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19965#true} is VALID [2022-02-20 18:01:16,180 INFO L290 TraceCheckUtils]: 3: Hoare triple {19965#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {19965#true} is VALID [2022-02-20 18:01:16,180 INFO L290 TraceCheckUtils]: 4: Hoare triple {19965#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {19965#true} is VALID [2022-02-20 18:01:16,180 INFO L290 TraceCheckUtils]: 5: Hoare triple {19965#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19965#true} is VALID [2022-02-20 18:01:16,181 INFO L272 TraceCheckUtils]: 6: Hoare triple {19965#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:16,181 INFO L290 TraceCheckUtils]: 7: Hoare triple {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,181 INFO L290 TraceCheckUtils]: 8: Hoare triple {19965#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,181 INFO L290 TraceCheckUtils]: 9: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,181 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19965#true} {19965#true} #1261#return; {19965#true} is VALID [2022-02-20 18:01:16,181 INFO L290 TraceCheckUtils]: 11: Hoare triple {19965#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19965#true} is VALID [2022-02-20 18:01:16,182 INFO L272 TraceCheckUtils]: 12: Hoare triple {19965#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:16,182 INFO L290 TraceCheckUtils]: 13: Hoare triple {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,182 INFO L290 TraceCheckUtils]: 14: Hoare triple {19965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,182 INFO L290 TraceCheckUtils]: 15: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,182 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19965#true} {19965#true} #1263#return; {19965#true} is VALID [2022-02-20 18:01:16,182 INFO L290 TraceCheckUtils]: 17: Hoare triple {19965#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19965#true} is VALID [2022-02-20 18:01:16,183 INFO L272 TraceCheckUtils]: 18: Hoare triple {19965#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:16,183 INFO L290 TraceCheckUtils]: 19: Hoare triple {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,183 INFO L290 TraceCheckUtils]: 20: Hoare triple {19965#true} assume !(1 == ~handle); {19965#true} is VALID [2022-02-20 18:01:16,183 INFO L290 TraceCheckUtils]: 21: Hoare triple {19965#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,183 INFO L290 TraceCheckUtils]: 22: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,184 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19965#true} {19965#true} #1265#return; {19965#true} is VALID [2022-02-20 18:01:16,184 INFO L290 TraceCheckUtils]: 24: Hoare triple {19965#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19965#true} is VALID [2022-02-20 18:01:16,184 INFO L272 TraceCheckUtils]: 25: Hoare triple {19965#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:16,184 INFO L290 TraceCheckUtils]: 26: Hoare triple {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,188 INFO L290 TraceCheckUtils]: 27: Hoare triple {19965#true} assume !(1 == ~handle); {19965#true} is VALID [2022-02-20 18:01:16,188 INFO L290 TraceCheckUtils]: 28: Hoare triple {19965#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,188 INFO L290 TraceCheckUtils]: 29: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,188 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19965#true} {19965#true} #1267#return; {19965#true} is VALID [2022-02-20 18:01:16,189 INFO L290 TraceCheckUtils]: 31: Hoare triple {19965#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19985#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:16,190 INFO L272 TraceCheckUtils]: 32: Hoare triple {19985#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:16,190 INFO L290 TraceCheckUtils]: 33: Hoare triple {20048#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20050#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:16,190 INFO L290 TraceCheckUtils]: 34: Hoare triple {20050#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20050#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:16,191 INFO L290 TraceCheckUtils]: 35: Hoare triple {20050#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20051#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:16,191 INFO L290 TraceCheckUtils]: 36: Hoare triple {20051#(= 2 |setClientId_#in~handle|)} assume true; {20051#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:16,191 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {20051#(= 2 |setClientId_#in~handle|)} {19985#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1269#return; {19966#false} is VALID [2022-02-20 18:01:16,191 INFO L290 TraceCheckUtils]: 38: Hoare triple {19966#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {19966#false} is VALID [2022-02-20 18:01:16,192 INFO L272 TraceCheckUtils]: 39: Hoare triple {19966#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:16,192 INFO L290 TraceCheckUtils]: 40: Hoare triple {20049#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,192 INFO L290 TraceCheckUtils]: 41: Hoare triple {19965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,192 INFO L290 TraceCheckUtils]: 42: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,192 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {19965#true} {19966#false} #1271#return; {19966#false} is VALID [2022-02-20 18:01:16,192 INFO L290 TraceCheckUtils]: 44: Hoare triple {19966#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {19966#false} is VALID [2022-02-20 18:01:16,192 INFO L290 TraceCheckUtils]: 45: Hoare triple {19966#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19966#false} is VALID [2022-02-20 18:01:16,192 INFO L290 TraceCheckUtils]: 46: Hoare triple {19966#false} assume !false; {19966#false} is VALID [2022-02-20 18:01:16,192 INFO L290 TraceCheckUtils]: 47: Hoare triple {19966#false} assume test_~splverifierCounter~0#1 < 4; {19966#false} is VALID [2022-02-20 18:01:16,192 INFO L290 TraceCheckUtils]: 48: Hoare triple {19966#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 49: Hoare triple {19966#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet58#1 && test_#t~nondet58#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet58#1;havoc test_#t~nondet58#1; {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 50: Hoare triple {19966#false} assume !(0 != test_~tmp___9~0#1); {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 51: Hoare triple {19966#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 52: Hoare triple {19966#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 53: Hoare triple {19966#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 54: Hoare triple {19966#false} assume { :end_inline_setClientAutoResponse } true; {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 55: Hoare triple {19966#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 56: Hoare triple {19966#false} assume !false; {19966#false} is VALID [2022-02-20 18:01:16,193 INFO L290 TraceCheckUtils]: 57: Hoare triple {19966#false} assume !(test_~splverifierCounter~0#1 < 4); {19966#false} is VALID [2022-02-20 18:01:16,194 INFO L290 TraceCheckUtils]: 58: Hoare triple {19966#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {19966#false} is VALID [2022-02-20 18:01:16,194 INFO L272 TraceCheckUtils]: 59: Hoare triple {19966#false} call sendEmail(~bob~0, ~rjh~0); {19966#false} is VALID [2022-02-20 18:01:16,194 INFO L290 TraceCheckUtils]: 60: Hoare triple {19966#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19966#false} is VALID [2022-02-20 18:01:16,194 INFO L272 TraceCheckUtils]: 61: Hoare triple {19966#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20052#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:16,194 INFO L290 TraceCheckUtils]: 62: Hoare triple {20052#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,194 INFO L290 TraceCheckUtils]: 63: Hoare triple {19965#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,194 INFO L290 TraceCheckUtils]: 64: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,194 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {19965#true} {19966#false} #1197#return; {19966#false} is VALID [2022-02-20 18:01:16,194 INFO L272 TraceCheckUtils]: 66: Hoare triple {19966#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {20053#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:16,194 INFO L290 TraceCheckUtils]: 67: Hoare triple {20053#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,195 INFO L290 TraceCheckUtils]: 68: Hoare triple {19965#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,195 INFO L290 TraceCheckUtils]: 69: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,195 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {19965#true} {19966#false} #1199#return; {19966#false} is VALID [2022-02-20 18:01:16,195 INFO L290 TraceCheckUtils]: 71: Hoare triple {19966#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {19966#false} is VALID [2022-02-20 18:01:16,195 INFO L290 TraceCheckUtils]: 72: Hoare triple {19966#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {19966#false} is VALID [2022-02-20 18:01:16,195 INFO L272 TraceCheckUtils]: 73: Hoare triple {19966#false} call outgoing(~sender#1, ~email~0#1); {19966#false} is VALID [2022-02-20 18:01:16,195 INFO L290 TraceCheckUtils]: 74: Hoare triple {19966#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {19966#false} is VALID [2022-02-20 18:01:16,195 INFO L272 TraceCheckUtils]: 75: Hoare triple {19966#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {19965#true} is VALID [2022-02-20 18:01:16,195 INFO L290 TraceCheckUtils]: 76: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~7; {19965#true} is VALID [2022-02-20 18:01:16,196 INFO L290 TraceCheckUtils]: 77: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {19965#true} is VALID [2022-02-20 18:01:16,196 INFO L290 TraceCheckUtils]: 78: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,196 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {19965#true} {19966#false} #1179#return; {19966#false} is VALID [2022-02-20 18:01:16,196 INFO L290 TraceCheckUtils]: 80: Hoare triple {19966#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {19966#false} is VALID [2022-02-20 18:01:16,196 INFO L290 TraceCheckUtils]: 81: Hoare triple {19966#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {19966#false} is VALID [2022-02-20 18:01:16,196 INFO L290 TraceCheckUtils]: 82: Hoare triple {19966#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {19966#false} is VALID [2022-02-20 18:01:16,196 INFO L272 TraceCheckUtils]: 83: Hoare triple {19966#false} call #t~ret91#1 := getEmailTo(~msg#1); {19965#true} is VALID [2022-02-20 18:01:16,196 INFO L290 TraceCheckUtils]: 84: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,196 INFO L290 TraceCheckUtils]: 85: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,196 INFO L290 TraceCheckUtils]: 86: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,197 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {19965#true} {19966#false} #1181#return; {19966#false} is VALID [2022-02-20 18:01:16,197 INFO L290 TraceCheckUtils]: 88: Hoare triple {19966#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {19966#false} is VALID [2022-02-20 18:01:16,197 INFO L272 TraceCheckUtils]: 89: Hoare triple {19966#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {19965#true} is VALID [2022-02-20 18:01:16,197 INFO L290 TraceCheckUtils]: 90: Hoare triple {19965#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {19965#true} is VALID [2022-02-20 18:01:16,197 INFO L290 TraceCheckUtils]: 91: Hoare triple {19965#true} assume 1 == ~handle; {19965#true} is VALID [2022-02-20 18:01:16,197 INFO L290 TraceCheckUtils]: 92: Hoare triple {19965#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {19965#true} is VALID [2022-02-20 18:01:16,197 INFO L290 TraceCheckUtils]: 93: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,197 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {19965#true} {19966#false} #1183#return; {19966#false} is VALID [2022-02-20 18:01:16,197 INFO L290 TraceCheckUtils]: 95: Hoare triple {19966#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {19966#false} is VALID [2022-02-20 18:01:16,198 INFO L272 TraceCheckUtils]: 96: Hoare triple {19966#false} call setEmailTo(~msg#1, ~second~0#1); {20053#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:16,198 INFO L290 TraceCheckUtils]: 97: Hoare triple {20053#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,198 INFO L290 TraceCheckUtils]: 98: Hoare triple {19965#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,198 INFO L290 TraceCheckUtils]: 99: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,198 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {19965#true} {19966#false} #1185#return; {19966#false} is VALID [2022-02-20 18:01:16,198 INFO L272 TraceCheckUtils]: 101: Hoare triple {19966#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {19966#false} is VALID [2022-02-20 18:01:16,198 INFO L290 TraceCheckUtils]: 102: Hoare triple {19966#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {19966#false} is VALID [2022-02-20 18:01:16,198 INFO L272 TraceCheckUtils]: 103: Hoare triple {19966#false} call #t~ret87#1 := getEmailTo(~msg#1); {19965#true} is VALID [2022-02-20 18:01:16,198 INFO L290 TraceCheckUtils]: 104: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,198 INFO L290 TraceCheckUtils]: 105: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 106: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,199 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {19965#true} {19966#false} #1211#return; {19966#false} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 108: Hoare triple {19966#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {19966#false} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 109: Hoare triple {19966#false} assume 1 == findPublicKey_~handle#1; {19966#false} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 110: Hoare triple {19966#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {19966#false} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 111: Hoare triple {19966#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {19966#false} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 112: Hoare triple {19966#false} assume !(0 != ~pubkey~0#1); {19966#false} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 113: Hoare triple {19966#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {19966#false} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 114: Hoare triple {19966#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {19966#false} is VALID [2022-02-20 18:01:16,199 INFO L290 TraceCheckUtils]: 115: Hoare triple {19966#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {19966#false} is VALID [2022-02-20 18:01:16,200 INFO L272 TraceCheckUtils]: 116: Hoare triple {19966#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {20052#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:16,200 INFO L290 TraceCheckUtils]: 117: Hoare triple {20052#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19965#true} is VALID [2022-02-20 18:01:16,200 INFO L290 TraceCheckUtils]: 118: Hoare triple {19965#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19965#true} is VALID [2022-02-20 18:01:16,200 INFO L290 TraceCheckUtils]: 119: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,200 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {19965#true} {19966#false} #1217#return; {19966#false} is VALID [2022-02-20 18:01:16,200 INFO L290 TraceCheckUtils]: 121: Hoare triple {19966#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {19966#false} is VALID [2022-02-20 18:01:16,200 INFO L272 TraceCheckUtils]: 122: Hoare triple {19966#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {19965#true} is VALID [2022-02-20 18:01:16,200 INFO L290 TraceCheckUtils]: 123: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~29; {19965#true} is VALID [2022-02-20 18:01:16,200 INFO L290 TraceCheckUtils]: 124: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {19965#true} is VALID [2022-02-20 18:01:16,201 INFO L290 TraceCheckUtils]: 125: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,201 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {19965#true} {19966#false} #1219#return; {19966#false} is VALID [2022-02-20 18:01:16,201 INFO L290 TraceCheckUtils]: 127: Hoare triple {19966#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {19966#false} is VALID [2022-02-20 18:01:16,201 INFO L290 TraceCheckUtils]: 128: Hoare triple {19966#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {19966#false} is VALID [2022-02-20 18:01:16,201 INFO L272 TraceCheckUtils]: 129: Hoare triple {19966#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {19965#true} is VALID [2022-02-20 18:01:16,201 INFO L290 TraceCheckUtils]: 130: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,201 INFO L290 TraceCheckUtils]: 131: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {19965#true} is VALID [2022-02-20 18:01:16,201 INFO L290 TraceCheckUtils]: 132: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,201 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {19965#true} {19966#false} #1221#return; {19966#false} is VALID [2022-02-20 18:01:16,201 INFO L290 TraceCheckUtils]: 134: Hoare triple {19966#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {19966#false} is VALID [2022-02-20 18:01:16,202 INFO L290 TraceCheckUtils]: 135: Hoare triple {19966#false} assume 1 == ~sent_encrypted~0; {19966#false} is VALID [2022-02-20 18:01:16,202 INFO L272 TraceCheckUtils]: 136: Hoare triple {19966#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {19965#true} is VALID [2022-02-20 18:01:16,202 INFO L290 TraceCheckUtils]: 137: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~13; {19965#true} is VALID [2022-02-20 18:01:16,202 INFO L290 TraceCheckUtils]: 138: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {19965#true} is VALID [2022-02-20 18:01:16,202 INFO L290 TraceCheckUtils]: 139: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,202 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {19965#true} {19966#false} #1223#return; {19966#false} is VALID [2022-02-20 18:01:16,202 INFO L290 TraceCheckUtils]: 141: Hoare triple {19966#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {19966#false} is VALID [2022-02-20 18:01:16,202 INFO L272 TraceCheckUtils]: 142: Hoare triple {19966#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {19965#true} is VALID [2022-02-20 18:01:16,202 INFO L290 TraceCheckUtils]: 143: Hoare triple {19965#true} ~handle := #in~handle;havoc ~retValue_acc~30; {19965#true} is VALID [2022-02-20 18:01:16,203 INFO L290 TraceCheckUtils]: 144: Hoare triple {19965#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {19965#true} is VALID [2022-02-20 18:01:16,203 INFO L290 TraceCheckUtils]: 145: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,203 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {19965#true} {19966#false} #1225#return; {19966#false} is VALID [2022-02-20 18:01:16,203 INFO L290 TraceCheckUtils]: 147: Hoare triple {19966#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {19966#false} is VALID [2022-02-20 18:01:16,203 INFO L272 TraceCheckUtils]: 148: Hoare triple {19966#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {19965#true} is VALID [2022-02-20 18:01:16,203 INFO L290 TraceCheckUtils]: 149: Hoare triple {19965#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {19965#true} is VALID [2022-02-20 18:01:16,203 INFO L290 TraceCheckUtils]: 150: Hoare triple {19965#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {19965#true} is VALID [2022-02-20 18:01:16,203 INFO L290 TraceCheckUtils]: 151: Hoare triple {19965#true} assume true; {19965#true} is VALID [2022-02-20 18:01:16,203 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {19965#true} {19966#false} #1227#return; {19966#false} is VALID [2022-02-20 18:01:16,203 INFO L290 TraceCheckUtils]: 153: Hoare triple {19966#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {19966#false} is VALID [2022-02-20 18:01:16,204 INFO L290 TraceCheckUtils]: 154: Hoare triple {19966#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {19966#false} is VALID [2022-02-20 18:01:16,204 INFO L290 TraceCheckUtils]: 155: Hoare triple {19966#false} assume !false; {19966#false} is VALID [2022-02-20 18:01:16,204 INFO L134 CoverageAnalysis]: Checked inductivity of 47 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2022-02-20 18:01:16,204 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:16,204 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1515156128] [2022-02-20 18:01:16,204 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1515156128] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:16,204 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:16,205 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:01:16,205 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [547890789] [2022-02-20 18:01:16,205 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:16,205 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.875) internal successors, (95), 5 states have internal predecessors, (95), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 3 states have call successors, (19) Word has length 156 [2022-02-20 18:01:16,206 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:16,206 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 11.875) internal successors, (95), 5 states have internal predecessors, (95), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:16,291 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 136 edges. 136 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:16,291 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:01:16,291 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:16,292 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:01:16,292 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:16,292 INFO L87 Difference]: Start difference. First operand 483 states and 750 transitions. Second operand has 9 states, 8 states have (on average 11.875) internal successors, (95), 5 states have internal predecessors, (95), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:25,028 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:25,029 INFO L93 Difference]: Finished difference Result 1139 states and 1797 transitions. [2022-02-20 18:01:25,029 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:01:25,029 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.875) internal successors, (95), 5 states have internal predecessors, (95), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 3 states have call successors, (19) Word has length 156 [2022-02-20 18:01:25,030 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:25,030 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.875) internal successors, (95), 5 states have internal predecessors, (95), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:25,042 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1527 transitions. [2022-02-20 18:01:25,049 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.875) internal successors, (95), 5 states have internal predecessors, (95), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:25,061 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1527 transitions. [2022-02-20 18:01:25,062 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1527 transitions. [2022-02-20 18:01:26,310 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1527 edges. 1527 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:26,332 INFO L225 Difference]: With dead ends: 1139 [2022-02-20 18:01:26,332 INFO L226 Difference]: Without dead ends: 679 [2022-02-20 18:01:26,334 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 56 GetRequests, 41 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:01:26,335 INFO L933 BasicCegarLoop]: 716 mSDtfsCounter, 1505 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2567 mSolverCounterSat, 641 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1525 SdHoareTripleChecker+Valid, 1750 SdHoareTripleChecker+Invalid, 3208 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 641 IncrementalHoareTripleChecker+Valid, 2567 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:26,335 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1525 Valid, 1750 Invalid, 3208 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [641 Valid, 2567 Invalid, 0 Unknown, 0 Unchecked, 3.9s Time] [2022-02-20 18:01:26,336 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 679 states. [2022-02-20 18:01:26,421 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 679 to 485. [2022-02-20 18:01:26,421 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:26,424 INFO L82 GeneralOperation]: Start isEquivalent. First operand 679 states. Second operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) [2022-02-20 18:01:26,425 INFO L74 IsIncluded]: Start isIncluded. First operand 679 states. Second operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) [2022-02-20 18:01:26,425 INFO L87 Difference]: Start difference. First operand 679 states. Second operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) [2022-02-20 18:01:26,444 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:26,445 INFO L93 Difference]: Finished difference Result 679 states and 1077 transitions. [2022-02-20 18:01:26,445 INFO L276 IsEmpty]: Start isEmpty. Operand 679 states and 1077 transitions. [2022-02-20 18:01:26,448 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:26,448 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:26,449 INFO L74 IsIncluded]: Start isIncluded. First operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) Second operand 679 states. [2022-02-20 18:01:26,450 INFO L87 Difference]: Start difference. First operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) Second operand 679 states. [2022-02-20 18:01:26,469 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:26,470 INFO L93 Difference]: Finished difference Result 679 states and 1077 transitions. [2022-02-20 18:01:26,470 INFO L276 IsEmpty]: Start isEmpty. Operand 679 states and 1077 transitions. [2022-02-20 18:01:26,472 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:26,473 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:26,473 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:26,473 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:26,473 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) [2022-02-20 18:01:26,486 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 485 states to 485 states and 753 transitions. [2022-02-20 18:01:26,486 INFO L78 Accepts]: Start accepts. Automaton has 485 states and 753 transitions. Word has length 156 [2022-02-20 18:01:26,486 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:26,486 INFO L470 AbstractCegarLoop]: Abstraction has 485 states and 753 transitions. [2022-02-20 18:01:26,487 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 11.875) internal successors, (95), 5 states have internal predecessors, (95), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (19), 2 states have call predecessors, (19), 3 states have call successors, (19) [2022-02-20 18:01:26,487 INFO L276 IsEmpty]: Start isEmpty. Operand 485 states and 753 transitions. [2022-02-20 18:01:26,489 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 158 [2022-02-20 18:01:26,489 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:26,489 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:26,489 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:01:26,489 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:26,489 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:26,489 INFO L85 PathProgramCache]: Analyzing trace with hash -1725524485, now seen corresponding path program 1 times [2022-02-20 18:01:26,490 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:26,490 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [992747520] [2022-02-20 18:01:26,490 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:26,490 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:26,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:26,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,565 INFO L290 TraceCheckUtils]: 0: Hoare triple {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,565 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,565 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,566 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23715#true} #1261#return; {23715#true} is VALID [2022-02-20 18:01:26,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:26,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,573 INFO L290 TraceCheckUtils]: 0: Hoare triple {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,573 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,573 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,573 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23715#true} #1263#return; {23715#true} is VALID [2022-02-20 18:01:26,574 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:26,575 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,576 INFO L290 TraceCheckUtils]: 0: Hoare triple {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,576 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume !(1 == ~handle); {23715#true} is VALID [2022-02-20 18:01:26,576 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,576 INFO L290 TraceCheckUtils]: 3: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,576 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23715#true} {23715#true} #1265#return; {23715#true} is VALID [2022-02-20 18:01:26,577 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:26,577 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume !(1 == ~handle); {23715#true} is VALID [2022-02-20 18:01:26,579 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,579 INFO L290 TraceCheckUtils]: 3: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,579 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23715#true} {23715#true} #1267#return; {23715#true} is VALID [2022-02-20 18:01:26,579 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:26,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,591 INFO L290 TraceCheckUtils]: 0: Hoare triple {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23802#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,592 INFO L290 TraceCheckUtils]: 1: Hoare triple {23802#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23802#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,592 INFO L290 TraceCheckUtils]: 2: Hoare triple {23802#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23802#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,592 INFO L290 TraceCheckUtils]: 3: Hoare triple {23802#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23803#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,592 INFO L290 TraceCheckUtils]: 4: Hoare triple {23803#(= 3 |setClientId_#in~handle|)} assume true; {23803#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,593 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {23803#(= 3 |setClientId_#in~handle|)} {23735#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1269#return; {23742#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:01:26,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:01:26,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23804#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:26,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {23804#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23805#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:26,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {23805#(= |setClientPrivateKey_#in~handle| 1)} assume true; {23805#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:26,609 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23805#(= |setClientPrivateKey_#in~handle| 1)} {23742#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1271#return; {23716#false} is VALID [2022-02-20 18:01:26,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:01:26,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,623 INFO L290 TraceCheckUtils]: 0: Hoare triple {23806#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,623 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,623 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,623 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1197#return; {23716#false} is VALID [2022-02-20 18:01:26,635 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:01:26,636 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,638 INFO L290 TraceCheckUtils]: 0: Hoare triple {23807#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,638 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,638 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,638 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1199#return; {23716#false} is VALID [2022-02-20 18:01:26,638 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:01:26,639 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~7; {23715#true} is VALID [2022-02-20 18:01:26,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {23715#true} is VALID [2022-02-20 18:01:26,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,644 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1179#return; {23716#false} is VALID [2022-02-20 18:01:26,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:01:26,644 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,646 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,646 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,646 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,646 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1181#return; {23716#false} is VALID [2022-02-20 18:01:26,646 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:01:26,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,648 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {23715#true} is VALID [2022-02-20 18:01:26,648 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle; {23715#true} is VALID [2022-02-20 18:01:26,648 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {23715#true} is VALID [2022-02-20 18:01:26,648 INFO L290 TraceCheckUtils]: 3: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,648 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23715#true} {23716#false} #1183#return; {23716#false} is VALID [2022-02-20 18:01:26,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:01:26,648 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {23807#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,650 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1185#return; {23716#false} is VALID [2022-02-20 18:01:26,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:01:26,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,653 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,653 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,653 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,653 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1211#return; {23716#false} is VALID [2022-02-20 18:01:26,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:01:26,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {23806#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,656 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1217#return; {23716#false} is VALID [2022-02-20 18:01:26,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:01:26,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~29; {23715#true} is VALID [2022-02-20 18:01:26,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {23715#true} is VALID [2022-02-20 18:01:26,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,661 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1219#return; {23716#false} is VALID [2022-02-20 18:01:26,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 18:01:26,662 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,663 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,663 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,663 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1221#return; {23716#false} is VALID [2022-02-20 18:01:26,663 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 18:01:26,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,665 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~13; {23715#true} is VALID [2022-02-20 18:01:26,665 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {23715#true} is VALID [2022-02-20 18:01:26,665 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,665 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1223#return; {23716#false} is VALID [2022-02-20 18:01:26,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 18:01:26,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~30; {23715#true} is VALID [2022-02-20 18:01:26,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {23715#true} is VALID [2022-02-20 18:01:26,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1225#return; {23716#false} is VALID [2022-02-20 18:01:26,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 18:01:26,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,670 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {23715#true} is VALID [2022-02-20 18:01:26,670 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {23715#true} is VALID [2022-02-20 18:01:26,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,670 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23715#true} {23716#false} #1227#return; {23716#false} is VALID [2022-02-20 18:01:26,670 INFO L290 TraceCheckUtils]: 0: Hoare triple {23715#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {23715#true} is VALID [2022-02-20 18:01:26,670 INFO L290 TraceCheckUtils]: 1: Hoare triple {23715#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {23715#true} is VALID [2022-02-20 18:01:26,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {23715#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23715#true} is VALID [2022-02-20 18:01:26,670 INFO L290 TraceCheckUtils]: 3: Hoare triple {23715#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {23715#true} is VALID [2022-02-20 18:01:26,670 INFO L290 TraceCheckUtils]: 4: Hoare triple {23715#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {23715#true} is VALID [2022-02-20 18:01:26,671 INFO L290 TraceCheckUtils]: 5: Hoare triple {23715#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {23715#true} is VALID [2022-02-20 18:01:26,671 INFO L272 TraceCheckUtils]: 6: Hoare triple {23715#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:26,671 INFO L290 TraceCheckUtils]: 7: Hoare triple {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,671 INFO L290 TraceCheckUtils]: 8: Hoare triple {23715#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,671 INFO L290 TraceCheckUtils]: 9: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,672 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {23715#true} {23715#true} #1261#return; {23715#true} is VALID [2022-02-20 18:01:26,672 INFO L290 TraceCheckUtils]: 11: Hoare triple {23715#true} assume { :end_inline_setup_bob__wrappee__Base } true; {23715#true} is VALID [2022-02-20 18:01:26,672 INFO L272 TraceCheckUtils]: 12: Hoare triple {23715#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:26,672 INFO L290 TraceCheckUtils]: 13: Hoare triple {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,672 INFO L290 TraceCheckUtils]: 14: Hoare triple {23715#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,672 INFO L290 TraceCheckUtils]: 15: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,673 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {23715#true} {23715#true} #1263#return; {23715#true} is VALID [2022-02-20 18:01:26,673 INFO L290 TraceCheckUtils]: 17: Hoare triple {23715#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {23715#true} is VALID [2022-02-20 18:01:26,673 INFO L272 TraceCheckUtils]: 18: Hoare triple {23715#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:26,673 INFO L290 TraceCheckUtils]: 19: Hoare triple {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,673 INFO L290 TraceCheckUtils]: 20: Hoare triple {23715#true} assume !(1 == ~handle); {23715#true} is VALID [2022-02-20 18:01:26,673 INFO L290 TraceCheckUtils]: 21: Hoare triple {23715#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,674 INFO L290 TraceCheckUtils]: 22: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,674 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {23715#true} {23715#true} #1265#return; {23715#true} is VALID [2022-02-20 18:01:26,674 INFO L290 TraceCheckUtils]: 24: Hoare triple {23715#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {23715#true} is VALID [2022-02-20 18:01:26,674 INFO L272 TraceCheckUtils]: 25: Hoare triple {23715#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:26,674 INFO L290 TraceCheckUtils]: 26: Hoare triple {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,674 INFO L290 TraceCheckUtils]: 27: Hoare triple {23715#true} assume !(1 == ~handle); {23715#true} is VALID [2022-02-20 18:01:26,675 INFO L290 TraceCheckUtils]: 28: Hoare triple {23715#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,675 INFO L290 TraceCheckUtils]: 29: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,675 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {23715#true} {23715#true} #1267#return; {23715#true} is VALID [2022-02-20 18:01:26,675 INFO L290 TraceCheckUtils]: 31: Hoare triple {23715#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {23735#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:26,676 INFO L272 TraceCheckUtils]: 32: Hoare triple {23735#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:26,676 INFO L290 TraceCheckUtils]: 33: Hoare triple {23800#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23802#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,676 INFO L290 TraceCheckUtils]: 34: Hoare triple {23802#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23802#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,677 INFO L290 TraceCheckUtils]: 35: Hoare triple {23802#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23802#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,677 INFO L290 TraceCheckUtils]: 36: Hoare triple {23802#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23803#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,677 INFO L290 TraceCheckUtils]: 37: Hoare triple {23803#(= 3 |setClientId_#in~handle|)} assume true; {23803#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:26,678 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {23803#(= 3 |setClientId_#in~handle|)} {23735#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1269#return; {23742#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:01:26,678 INFO L290 TraceCheckUtils]: 39: Hoare triple {23742#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {23742#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:01:26,678 INFO L272 TraceCheckUtils]: 40: Hoare triple {23742#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:26,679 INFO L290 TraceCheckUtils]: 41: Hoare triple {23801#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23804#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:26,679 INFO L290 TraceCheckUtils]: 42: Hoare triple {23804#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23805#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:26,679 INFO L290 TraceCheckUtils]: 43: Hoare triple {23805#(= |setClientPrivateKey_#in~handle| 1)} assume true; {23805#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:26,680 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {23805#(= |setClientPrivateKey_#in~handle| 1)} {23742#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1271#return; {23716#false} is VALID [2022-02-20 18:01:26,680 INFO L290 TraceCheckUtils]: 45: Hoare triple {23716#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {23716#false} is VALID [2022-02-20 18:01:26,680 INFO L290 TraceCheckUtils]: 46: Hoare triple {23716#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23716#false} is VALID [2022-02-20 18:01:26,680 INFO L290 TraceCheckUtils]: 47: Hoare triple {23716#false} assume !false; {23716#false} is VALID [2022-02-20 18:01:26,680 INFO L290 TraceCheckUtils]: 48: Hoare triple {23716#false} assume test_~splverifierCounter~0#1 < 4; {23716#false} is VALID [2022-02-20 18:01:26,680 INFO L290 TraceCheckUtils]: 49: Hoare triple {23716#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23716#false} is VALID [2022-02-20 18:01:26,680 INFO L290 TraceCheckUtils]: 50: Hoare triple {23716#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet58#1 && test_#t~nondet58#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet58#1;havoc test_#t~nondet58#1; {23716#false} is VALID [2022-02-20 18:01:26,680 INFO L290 TraceCheckUtils]: 51: Hoare triple {23716#false} assume !(0 != test_~tmp___9~0#1); {23716#false} is VALID [2022-02-20 18:01:26,680 INFO L290 TraceCheckUtils]: 52: Hoare triple {23716#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L290 TraceCheckUtils]: 53: Hoare triple {23716#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L290 TraceCheckUtils]: 54: Hoare triple {23716#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L290 TraceCheckUtils]: 55: Hoare triple {23716#false} assume { :end_inline_setClientAutoResponse } true; {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L290 TraceCheckUtils]: 56: Hoare triple {23716#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L290 TraceCheckUtils]: 57: Hoare triple {23716#false} assume !false; {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L290 TraceCheckUtils]: 58: Hoare triple {23716#false} assume !(test_~splverifierCounter~0#1 < 4); {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L290 TraceCheckUtils]: 59: Hoare triple {23716#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L272 TraceCheckUtils]: 60: Hoare triple {23716#false} call sendEmail(~bob~0, ~rjh~0); {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L290 TraceCheckUtils]: 61: Hoare triple {23716#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {23716#false} is VALID [2022-02-20 18:01:26,681 INFO L272 TraceCheckUtils]: 62: Hoare triple {23716#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {23806#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:26,682 INFO L290 TraceCheckUtils]: 63: Hoare triple {23806#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,682 INFO L290 TraceCheckUtils]: 64: Hoare triple {23715#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,682 INFO L290 TraceCheckUtils]: 65: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,682 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {23715#true} {23716#false} #1197#return; {23716#false} is VALID [2022-02-20 18:01:26,682 INFO L272 TraceCheckUtils]: 67: Hoare triple {23716#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {23807#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:26,682 INFO L290 TraceCheckUtils]: 68: Hoare triple {23807#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,682 INFO L290 TraceCheckUtils]: 69: Hoare triple {23715#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,682 INFO L290 TraceCheckUtils]: 70: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,682 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {23715#true} {23716#false} #1199#return; {23716#false} is VALID [2022-02-20 18:01:26,683 INFO L290 TraceCheckUtils]: 72: Hoare triple {23716#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {23716#false} is VALID [2022-02-20 18:01:26,683 INFO L290 TraceCheckUtils]: 73: Hoare triple {23716#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {23716#false} is VALID [2022-02-20 18:01:26,683 INFO L272 TraceCheckUtils]: 74: Hoare triple {23716#false} call outgoing(~sender#1, ~email~0#1); {23716#false} is VALID [2022-02-20 18:01:26,683 INFO L290 TraceCheckUtils]: 75: Hoare triple {23716#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {23716#false} is VALID [2022-02-20 18:01:26,683 INFO L272 TraceCheckUtils]: 76: Hoare triple {23716#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {23715#true} is VALID [2022-02-20 18:01:26,683 INFO L290 TraceCheckUtils]: 77: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~7; {23715#true} is VALID [2022-02-20 18:01:26,683 INFO L290 TraceCheckUtils]: 78: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {23715#true} is VALID [2022-02-20 18:01:26,683 INFO L290 TraceCheckUtils]: 79: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,683 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {23715#true} {23716#false} #1179#return; {23716#false} is VALID [2022-02-20 18:01:26,683 INFO L290 TraceCheckUtils]: 81: Hoare triple {23716#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {23716#false} is VALID [2022-02-20 18:01:26,684 INFO L290 TraceCheckUtils]: 82: Hoare triple {23716#false} assume 0 != ~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {23716#false} is VALID [2022-02-20 18:01:26,684 INFO L290 TraceCheckUtils]: 83: Hoare triple {23716#false} assume { :end_inline_sendToAddressBook } true;call #t~ret90#1 := puts(36, 0);assume -2147483648 <= #t~ret90#1 && #t~ret90#1 <= 2147483647;havoc #t~ret90#1; {23716#false} is VALID [2022-02-20 18:01:26,684 INFO L272 TraceCheckUtils]: 84: Hoare triple {23716#false} call #t~ret91#1 := getEmailTo(~msg#1); {23715#true} is VALID [2022-02-20 18:01:26,684 INFO L290 TraceCheckUtils]: 85: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,684 INFO L290 TraceCheckUtils]: 86: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,684 INFO L290 TraceCheckUtils]: 87: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,684 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {23715#true} {23716#false} #1181#return; {23716#false} is VALID [2022-02-20 18:01:26,684 INFO L290 TraceCheckUtils]: 89: Hoare triple {23716#false} assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp___0~7#1 := #t~ret91#1;havoc #t~ret91#1;~receiver~1#1 := ~tmp___0~7#1;call #t~ret92#1 := puts(37, 0);assume -2147483648 <= #t~ret92#1 && #t~ret92#1 <= 2147483647;havoc #t~ret92#1; {23716#false} is VALID [2022-02-20 18:01:26,684 INFO L272 TraceCheckUtils]: 90: Hoare triple {23716#false} call #t~ret93#1 := getClientAddressBookAddress(~client#1, 1); {23715#true} is VALID [2022-02-20 18:01:26,685 INFO L290 TraceCheckUtils]: 91: Hoare triple {23715#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~11; {23715#true} is VALID [2022-02-20 18:01:26,685 INFO L290 TraceCheckUtils]: 92: Hoare triple {23715#true} assume 1 == ~handle; {23715#true} is VALID [2022-02-20 18:01:26,685 INFO L290 TraceCheckUtils]: 93: Hoare triple {23715#true} assume 0 == ~index;~retValue_acc~11 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~11; {23715#true} is VALID [2022-02-20 18:01:26,685 INFO L290 TraceCheckUtils]: 94: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,685 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {23715#true} {23716#false} #1183#return; {23716#false} is VALID [2022-02-20 18:01:26,685 INFO L290 TraceCheckUtils]: 96: Hoare triple {23716#false} assume -2147483648 <= #t~ret93#1 && #t~ret93#1 <= 2147483647;~tmp___1~4#1 := #t~ret93#1;havoc #t~ret93#1;~second~0#1 := ~tmp___1~4#1; {23716#false} is VALID [2022-02-20 18:01:26,685 INFO L272 TraceCheckUtils]: 97: Hoare triple {23716#false} call setEmailTo(~msg#1, ~second~0#1); {23807#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:26,685 INFO L290 TraceCheckUtils]: 98: Hoare triple {23807#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,685 INFO L290 TraceCheckUtils]: 99: Hoare triple {23715#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,685 INFO L290 TraceCheckUtils]: 100: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,686 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {23715#true} {23716#false} #1185#return; {23716#false} is VALID [2022-02-20 18:01:26,686 INFO L272 TraceCheckUtils]: 102: Hoare triple {23716#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {23716#false} is VALID [2022-02-20 18:01:26,686 INFO L290 TraceCheckUtils]: 103: Hoare triple {23716#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {23716#false} is VALID [2022-02-20 18:01:26,686 INFO L272 TraceCheckUtils]: 104: Hoare triple {23716#false} call #t~ret87#1 := getEmailTo(~msg#1); {23715#true} is VALID [2022-02-20 18:01:26,686 INFO L290 TraceCheckUtils]: 105: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,686 INFO L290 TraceCheckUtils]: 106: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,686 INFO L290 TraceCheckUtils]: 107: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,686 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {23715#true} {23716#false} #1211#return; {23716#false} is VALID [2022-02-20 18:01:26,686 INFO L290 TraceCheckUtils]: 109: Hoare triple {23716#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {23716#false} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 110: Hoare triple {23716#false} assume 1 == findPublicKey_~handle#1; {23716#false} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 111: Hoare triple {23716#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {23716#false} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 112: Hoare triple {23716#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {23716#false} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 113: Hoare triple {23716#false} assume !(0 != ~pubkey~0#1); {23716#false} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 114: Hoare triple {23716#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {23716#false} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 115: Hoare triple {23716#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {23716#false} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 116: Hoare triple {23716#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {23716#false} is VALID [2022-02-20 18:01:26,687 INFO L272 TraceCheckUtils]: 117: Hoare triple {23716#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {23806#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 118: Hoare triple {23806#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23715#true} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 119: Hoare triple {23715#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23715#true} is VALID [2022-02-20 18:01:26,687 INFO L290 TraceCheckUtils]: 120: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,687 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {23715#true} {23716#false} #1217#return; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 122: Hoare triple {23716#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L272 TraceCheckUtils]: 123: Hoare triple {23716#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 124: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~29; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 125: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 126: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {23715#true} {23716#false} #1219#return; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 128: Hoare triple {23716#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 129: Hoare triple {23716#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L272 TraceCheckUtils]: 130: Hoare triple {23716#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 131: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 132: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 133: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {23715#true} {23716#false} #1221#return; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 135: Hoare triple {23716#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 136: Hoare triple {23716#false} assume 1 == ~sent_encrypted~0; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L272 TraceCheckUtils]: 137: Hoare triple {23716#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 138: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~13; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 139: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 140: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,688 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {23715#true} {23716#false} #1223#return; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L290 TraceCheckUtils]: 142: Hoare triple {23716#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {23716#false} is VALID [2022-02-20 18:01:26,688 INFO L272 TraceCheckUtils]: 143: Hoare triple {23716#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {23715#true} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 144: Hoare triple {23715#true} ~handle := #in~handle;havoc ~retValue_acc~30; {23715#true} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 145: Hoare triple {23715#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {23715#true} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 146: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,689 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {23715#true} {23716#false} #1225#return; {23716#false} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 148: Hoare triple {23716#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {23716#false} is VALID [2022-02-20 18:01:26,689 INFO L272 TraceCheckUtils]: 149: Hoare triple {23716#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {23715#true} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 150: Hoare triple {23715#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {23715#true} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 151: Hoare triple {23715#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {23715#true} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 152: Hoare triple {23715#true} assume true; {23715#true} is VALID [2022-02-20 18:01:26,689 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {23715#true} {23716#false} #1227#return; {23716#false} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 154: Hoare triple {23716#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {23716#false} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 155: Hoare triple {23716#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {23716#false} is VALID [2022-02-20 18:01:26,689 INFO L290 TraceCheckUtils]: 156: Hoare triple {23716#false} assume !false; {23716#false} is VALID [2022-02-20 18:01:26,695 INFO L134 CoverageAnalysis]: Checked inductivity of 47 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 34 trivial. 0 not checked. [2022-02-20 18:01:26,696 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:26,696 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [992747520] [2022-02-20 18:01:26,696 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [992747520] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:26,696 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:26,696 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:01:26,696 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [658200351] [2022-02-20 18:01:26,696 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:26,697 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 9.0) internal successors, (99), 8 states have internal predecessors, (99), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 4 states have call successors, (19) Word has length 157 [2022-02-20 18:01:26,697 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:26,697 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 9.0) internal successors, (99), 8 states have internal predecessors, (99), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 4 states have call successors, (19) [2022-02-20 18:01:26,774 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 140 edges. 140 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:26,775 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:01:26,775 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:26,775 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:01:26,775 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:01:26,775 INFO L87 Difference]: Start difference. First operand 485 states and 753 transitions. Second operand has 12 states, 11 states have (on average 9.0) internal successors, (99), 8 states have internal predecessors, (99), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 4 states have call successors, (19) [2022-02-20 18:01:39,589 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:39,589 INFO L93 Difference]: Finished difference Result 1137 states and 1792 transitions. [2022-02-20 18:01:39,589 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:01:39,589 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 9.0) internal successors, (99), 8 states have internal predecessors, (99), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 4 states have call successors, (19) Word has length 157 [2022-02-20 18:01:39,589 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:39,590 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 9.0) internal successors, (99), 8 states have internal predecessors, (99), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 4 states have call successors, (19) [2022-02-20 18:01:39,601 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1528 transitions. [2022-02-20 18:01:39,602 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 9.0) internal successors, (99), 8 states have internal predecessors, (99), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 4 states have call successors, (19) [2022-02-20 18:01:39,614 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1528 transitions. [2022-02-20 18:01:39,614 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1528 transitions. [2022-02-20 18:01:40,985 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1528 edges. 1528 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:41,028 INFO L225 Difference]: With dead ends: 1137 [2022-02-20 18:01:41,029 INFO L226 Difference]: Without dead ends: 679 [2022-02-20 18:01:41,031 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 63 GetRequests, 41 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:01:41,031 INFO L933 BasicCegarLoop]: 718 mSDtfsCounter, 1633 mSDsluCounter, 1430 mSDsCounter, 0 mSdLazyCounter, 4671 mSolverCounterSat, 689 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 6.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1633 SdHoareTripleChecker+Valid, 2148 SdHoareTripleChecker+Invalid, 5360 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 689 IncrementalHoareTripleChecker+Valid, 4671 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 6.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:41,031 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1633 Valid, 2148 Invalid, 5360 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [689 Valid, 4671 Invalid, 0 Unknown, 0 Unchecked, 6.1s Time] [2022-02-20 18:01:41,032 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 679 states. [2022-02-20 18:01:41,166 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 679 to 485. [2022-02-20 18:01:41,167 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:41,168 INFO L82 GeneralOperation]: Start isEquivalent. First operand 679 states. Second operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 18:01:41,169 INFO L74 IsIncluded]: Start isIncluded. First operand 679 states. Second operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 18:01:41,170 INFO L87 Difference]: Start difference. First operand 679 states. Second operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 18:01:41,196 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:41,196 INFO L93 Difference]: Finished difference Result 679 states and 1076 transitions. [2022-02-20 18:01:41,196 INFO L276 IsEmpty]: Start isEmpty. Operand 679 states and 1076 transitions. [2022-02-20 18:01:41,200 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:41,200 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:41,202 INFO L74 IsIncluded]: Start isIncluded. First operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) Second operand 679 states. [2022-02-20 18:01:41,202 INFO L87 Difference]: Start difference. First operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) Second operand 679 states. [2022-02-20 18:01:41,229 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:41,229 INFO L93 Difference]: Finished difference Result 679 states and 1076 transitions. [2022-02-20 18:01:41,229 INFO L276 IsEmpty]: Start isEmpty. Operand 679 states and 1076 transitions. [2022-02-20 18:01:41,233 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:41,233 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:41,233 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:41,233 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:41,234 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 485 states, 376 states have (on average 1.5585106382978724) internal successors, (586), 383 states have internal predecessors, (586), 80 states have call successors, (80), 25 states have call predecessors, (80), 28 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 18:01:41,250 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 485 states to 485 states and 752 transitions. [2022-02-20 18:01:41,251 INFO L78 Accepts]: Start accepts. Automaton has 485 states and 752 transitions. Word has length 157 [2022-02-20 18:01:41,251 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:41,251 INFO L470 AbstractCegarLoop]: Abstraction has 485 states and 752 transitions. [2022-02-20 18:01:41,251 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 9.0) internal successors, (99), 8 states have internal predecessors, (99), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (19), 3 states have call predecessors, (19), 4 states have call successors, (19) [2022-02-20 18:01:41,251 INFO L276 IsEmpty]: Start isEmpty. Operand 485 states and 752 transitions. [2022-02-20 18:01:41,254 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 140 [2022-02-20 18:01:41,254 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:41,254 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:41,254 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:01:41,254 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:41,255 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:41,255 INFO L85 PathProgramCache]: Analyzing trace with hash -962715799, now seen corresponding path program 1 times [2022-02-20 18:01:41,255 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:41,255 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [122382072] [2022-02-20 18:01:41,255 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:41,255 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:41,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:41,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,311 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,312 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27474#true} #1261#return; {27474#true} is VALID [2022-02-20 18:01:41,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:41,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,320 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27474#true} #1263#return; {27474#true} is VALID [2022-02-20 18:01:41,320 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:41,322 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume !(1 == ~handle); {27474#true} is VALID [2022-02-20 18:01:41,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,325 INFO L290 TraceCheckUtils]: 3: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,325 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27474#true} {27474#true} #1265#return; {27474#true} is VALID [2022-02-20 18:01:41,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:41,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume !(1 == ~handle); {27474#true} is VALID [2022-02-20 18:01:41,328 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,328 INFO L290 TraceCheckUtils]: 3: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,328 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27474#true} {27474#true} #1267#return; {27474#true} is VALID [2022-02-20 18:01:41,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:41,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27549#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {27549#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {27549#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,344 INFO L290 TraceCheckUtils]: 2: Hoare triple {27549#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {27549#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,345 INFO L290 TraceCheckUtils]: 3: Hoare triple {27549#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27550#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,345 INFO L290 TraceCheckUtils]: 4: Hoare triple {27550#(= 3 |setClientId_#in~handle|)} assume true; {27550#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,346 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27550#(= 3 |setClientId_#in~handle|)} {27494#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1269#return; {27501#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:01:41,346 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:01:41,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27551#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:41,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {27551#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {27551#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:41,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {27551#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27552#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:41,364 INFO L290 TraceCheckUtils]: 3: Hoare triple {27552#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {27552#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:41,364 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27552#(= 2 |setClientPrivateKey_#in~handle|)} {27501#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1271#return; {27475#false} is VALID [2022-02-20 18:01:41,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:01:41,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {27553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,376 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1197#return; {27475#false} is VALID [2022-02-20 18:01:41,385 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:01:41,386 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,388 INFO L290 TraceCheckUtils]: 0: Hoare triple {27554#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,388 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,389 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,389 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1199#return; {27475#false} is VALID [2022-02-20 18:01:41,389 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:01:41,390 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~7; {27474#true} is VALID [2022-02-20 18:01:41,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {27474#true} is VALID [2022-02-20 18:01:41,391 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,392 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1179#return; {27475#false} is VALID [2022-02-20 18:01:41,392 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:01:41,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,394 INFO L290 TraceCheckUtils]: 0: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~26; {27474#true} is VALID [2022-02-20 18:01:41,394 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {27474#true} is VALID [2022-02-20 18:01:41,394 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,394 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1211#return; {27475#false} is VALID [2022-02-20 18:01:41,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:01:41,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {27553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,397 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,397 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,397 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1217#return; {27475#false} is VALID [2022-02-20 18:01:41,397 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:01:41,398 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,408 INFO L290 TraceCheckUtils]: 0: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~29; {27474#true} is VALID [2022-02-20 18:01:41,408 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {27474#true} is VALID [2022-02-20 18:01:41,408 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,409 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1219#return; {27475#false} is VALID [2022-02-20 18:01:41,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:01:41,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,413 INFO L290 TraceCheckUtils]: 0: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~26; {27474#true} is VALID [2022-02-20 18:01:41,414 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {27474#true} is VALID [2022-02-20 18:01:41,414 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,414 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1221#return; {27475#false} is VALID [2022-02-20 18:01:41,414 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:01:41,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~13; {27474#true} is VALID [2022-02-20 18:01:41,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {27474#true} is VALID [2022-02-20 18:01:41,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,417 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1223#return; {27475#false} is VALID [2022-02-20 18:01:41,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:01:41,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~30; {27474#true} is VALID [2022-02-20 18:01:41,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {27474#true} is VALID [2022-02-20 18:01:41,420 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,420 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1225#return; {27475#false} is VALID [2022-02-20 18:01:41,420 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 18:01:41,421 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:41,422 INFO L290 TraceCheckUtils]: 0: Hoare triple {27474#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {27474#true} is VALID [2022-02-20 18:01:41,422 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {27474#true} is VALID [2022-02-20 18:01:41,422 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,423 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27474#true} {27475#false} #1227#return; {27475#false} is VALID [2022-02-20 18:01:41,423 INFO L290 TraceCheckUtils]: 0: Hoare triple {27474#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(19, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(115, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(34, 36);call #Ultimate.allocInit(30, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(20, 39);call #Ultimate.allocInit(22, 40);call #Ultimate.allocInit(21, 41);~head~0.base, ~head~0.offset := 0, 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_encrypted~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {27474#true} is VALID [2022-02-20 18:01:41,423 INFO L290 TraceCheckUtils]: 1: Hoare triple {27474#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~3#1, main_~tmp~4#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {27474#true} is VALID [2022-02-20 18:01:41,423 INFO L290 TraceCheckUtils]: 2: Hoare triple {27474#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27474#true} is VALID [2022-02-20 18:01:41,423 INFO L290 TraceCheckUtils]: 3: Hoare triple {27474#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {27474#true} is VALID [2022-02-20 18:01:41,423 INFO L290 TraceCheckUtils]: 4: Hoare triple {27474#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {27474#true} is VALID [2022-02-20 18:01:41,423 INFO L290 TraceCheckUtils]: 5: Hoare triple {27474#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27474#true} is VALID [2022-02-20 18:01:41,424 INFO L272 TraceCheckUtils]: 6: Hoare triple {27474#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:41,424 INFO L290 TraceCheckUtils]: 7: Hoare triple {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,424 INFO L290 TraceCheckUtils]: 8: Hoare triple {27474#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,424 INFO L290 TraceCheckUtils]: 9: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,425 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27474#true} {27474#true} #1261#return; {27474#true} is VALID [2022-02-20 18:01:41,425 INFO L290 TraceCheckUtils]: 11: Hoare triple {27474#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27474#true} is VALID [2022-02-20 18:01:41,425 INFO L272 TraceCheckUtils]: 12: Hoare triple {27474#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:41,425 INFO L290 TraceCheckUtils]: 13: Hoare triple {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,426 INFO L290 TraceCheckUtils]: 14: Hoare triple {27474#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,426 INFO L290 TraceCheckUtils]: 15: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,426 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27474#true} {27474#true} #1263#return; {27474#true} is VALID [2022-02-20 18:01:41,426 INFO L290 TraceCheckUtils]: 17: Hoare triple {27474#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27474#true} is VALID [2022-02-20 18:01:41,427 INFO L272 TraceCheckUtils]: 18: Hoare triple {27474#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:41,427 INFO L290 TraceCheckUtils]: 19: Hoare triple {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,427 INFO L290 TraceCheckUtils]: 20: Hoare triple {27474#true} assume !(1 == ~handle); {27474#true} is VALID [2022-02-20 18:01:41,427 INFO L290 TraceCheckUtils]: 21: Hoare triple {27474#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,427 INFO L290 TraceCheckUtils]: 22: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,427 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27474#true} {27474#true} #1265#return; {27474#true} is VALID [2022-02-20 18:01:41,427 INFO L290 TraceCheckUtils]: 24: Hoare triple {27474#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27474#true} is VALID [2022-02-20 18:01:41,428 INFO L272 TraceCheckUtils]: 25: Hoare triple {27474#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:41,428 INFO L290 TraceCheckUtils]: 26: Hoare triple {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,428 INFO L290 TraceCheckUtils]: 27: Hoare triple {27474#true} assume !(1 == ~handle); {27474#true} is VALID [2022-02-20 18:01:41,428 INFO L290 TraceCheckUtils]: 28: Hoare triple {27474#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,428 INFO L290 TraceCheckUtils]: 29: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,428 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27474#true} {27474#true} #1267#return; {27474#true} is VALID [2022-02-20 18:01:41,429 INFO L290 TraceCheckUtils]: 31: Hoare triple {27474#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27494#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:41,429 INFO L272 TraceCheckUtils]: 32: Hoare triple {27494#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:41,430 INFO L290 TraceCheckUtils]: 33: Hoare triple {27547#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27549#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,430 INFO L290 TraceCheckUtils]: 34: Hoare triple {27549#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {27549#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,430 INFO L290 TraceCheckUtils]: 35: Hoare triple {27549#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {27549#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,431 INFO L290 TraceCheckUtils]: 36: Hoare triple {27549#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27550#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,431 INFO L290 TraceCheckUtils]: 37: Hoare triple {27550#(= 3 |setClientId_#in~handle|)} assume true; {27550#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:41,432 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27550#(= 3 |setClientId_#in~handle|)} {27494#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1269#return; {27501#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:01:41,432 INFO L290 TraceCheckUtils]: 39: Hoare triple {27501#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {27501#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:01:41,432 INFO L272 TraceCheckUtils]: 40: Hoare triple {27501#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:41,433 INFO L290 TraceCheckUtils]: 41: Hoare triple {27548#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27551#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:41,433 INFO L290 TraceCheckUtils]: 42: Hoare triple {27551#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {27551#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:41,433 INFO L290 TraceCheckUtils]: 43: Hoare triple {27551#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27552#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:41,434 INFO L290 TraceCheckUtils]: 44: Hoare triple {27552#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {27552#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:41,434 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {27552#(= 2 |setClientPrivateKey_#in~handle|)} {27501#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1271#return; {27475#false} is VALID [2022-02-20 18:01:41,434 INFO L290 TraceCheckUtils]: 46: Hoare triple {27475#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 20, 0;havoc setup_#t~nondet34#1; {27475#false} is VALID [2022-02-20 18:01:41,434 INFO L290 TraceCheckUtils]: 47: Hoare triple {27475#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_#t~nondet61#1, test_#t~nondet62#1, test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~3#1, test_~tmp___1~2#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~3#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {27475#false} is VALID [2022-02-20 18:01:41,435 INFO L290 TraceCheckUtils]: 48: Hoare triple {27475#false} assume !false; {27475#false} is VALID [2022-02-20 18:01:41,435 INFO L290 TraceCheckUtils]: 49: Hoare triple {27475#false} assume test_~splverifierCounter~0#1 < 4; {27475#false} is VALID [2022-02-20 18:01:41,435 INFO L290 TraceCheckUtils]: 50: Hoare triple {27475#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {27475#false} is VALID [2022-02-20 18:01:41,435 INFO L290 TraceCheckUtils]: 51: Hoare triple {27475#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet58#1 && test_#t~nondet58#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet58#1;havoc test_#t~nondet58#1; {27475#false} is VALID [2022-02-20 18:01:41,435 INFO L290 TraceCheckUtils]: 52: Hoare triple {27475#false} assume !(0 != test_~tmp___9~0#1); {27475#false} is VALID [2022-02-20 18:01:41,435 INFO L290 TraceCheckUtils]: 53: Hoare triple {27475#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet59#1 && test_#t~nondet59#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet59#1;havoc test_#t~nondet59#1; {27475#false} is VALID [2022-02-20 18:01:41,435 INFO L290 TraceCheckUtils]: 54: Hoare triple {27475#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {27475#false} is VALID [2022-02-20 18:01:41,436 INFO L290 TraceCheckUtils]: 55: Hoare triple {27475#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {27475#false} is VALID [2022-02-20 18:01:41,436 INFO L290 TraceCheckUtils]: 56: Hoare triple {27475#false} assume { :end_inline_setClientAutoResponse } true; {27475#false} is VALID [2022-02-20 18:01:41,436 INFO L290 TraceCheckUtils]: 57: Hoare triple {27475#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {27475#false} is VALID [2022-02-20 18:01:41,436 INFO L290 TraceCheckUtils]: 58: Hoare triple {27475#false} assume !false; {27475#false} is VALID [2022-02-20 18:01:41,436 INFO L290 TraceCheckUtils]: 59: Hoare triple {27475#false} assume !(test_~splverifierCounter~0#1 < 4); {27475#false} is VALID [2022-02-20 18:01:41,436 INFO L290 TraceCheckUtils]: 60: Hoare triple {27475#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~3#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~3#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret27#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {27475#false} is VALID [2022-02-20 18:01:41,436 INFO L272 TraceCheckUtils]: 61: Hoare triple {27475#false} call sendEmail(~bob~0, ~rjh~0); {27475#false} is VALID [2022-02-20 18:01:41,437 INFO L290 TraceCheckUtils]: 62: Hoare triple {27475#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~21#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~38#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~38#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27475#false} is VALID [2022-02-20 18:01:41,437 INFO L272 TraceCheckUtils]: 63: Hoare triple {27475#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:41,437 INFO L290 TraceCheckUtils]: 64: Hoare triple {27553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,437 INFO L290 TraceCheckUtils]: 65: Hoare triple {27474#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,437 INFO L290 TraceCheckUtils]: 66: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,437 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {27474#true} {27475#false} #1197#return; {27475#false} is VALID [2022-02-20 18:01:41,437 INFO L272 TraceCheckUtils]: 68: Hoare triple {27475#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {27554#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:41,437 INFO L290 TraceCheckUtils]: 69: Hoare triple {27554#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,438 INFO L290 TraceCheckUtils]: 70: Hoare triple {27474#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,438 INFO L290 TraceCheckUtils]: 71: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,438 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {27474#true} {27475#false} #1199#return; {27475#false} is VALID [2022-02-20 18:01:41,438 INFO L290 TraceCheckUtils]: 73: Hoare triple {27475#false} createEmail_~retValue_acc~38#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~38#1; {27475#false} is VALID [2022-02-20 18:01:41,438 INFO L290 TraceCheckUtils]: 74: Hoare triple {27475#false} #t~ret103#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret103#1 && #t~ret103#1 <= 2147483647;~tmp~21#1 := #t~ret103#1;havoc #t~ret103#1;~email~0#1 := ~tmp~21#1; {27475#false} is VALID [2022-02-20 18:01:41,438 INFO L272 TraceCheckUtils]: 75: Hoare triple {27475#false} call outgoing(~sender#1, ~email~0#1); {27475#false} is VALID [2022-02-20 18:01:41,438 INFO L290 TraceCheckUtils]: 76: Hoare triple {27475#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~16#1;havoc ~receiver~1#1;havoc ~tmp___0~7#1;havoc ~second~0#1;havoc ~tmp___1~4#1;havoc ~tmp___2~2#1; {27475#false} is VALID [2022-02-20 18:01:41,439 INFO L272 TraceCheckUtils]: 77: Hoare triple {27475#false} call #t~ret89#1 := getClientAddressBookSize(~client#1); {27474#true} is VALID [2022-02-20 18:01:41,439 INFO L290 TraceCheckUtils]: 78: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~7; {27474#true} is VALID [2022-02-20 18:01:41,439 INFO L290 TraceCheckUtils]: 79: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {27474#true} is VALID [2022-02-20 18:01:41,439 INFO L290 TraceCheckUtils]: 80: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,439 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {27474#true} {27475#false} #1179#return; {27475#false} is VALID [2022-02-20 18:01:41,439 INFO L290 TraceCheckUtils]: 82: Hoare triple {27475#false} assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~16#1 := #t~ret89#1;havoc #t~ret89#1;~size~2#1 := ~tmp~16#1; {27475#false} is VALID [2022-02-20 18:01:41,439 INFO L290 TraceCheckUtils]: 83: Hoare triple {27475#false} assume !(0 != ~size~2#1); {27475#false} is VALID [2022-02-20 18:01:41,439 INFO L272 TraceCheckUtils]: 84: Hoare triple {27475#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {27475#false} is VALID [2022-02-20 18:01:41,440 INFO L290 TraceCheckUtils]: 85: Hoare triple {27475#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {27475#false} is VALID [2022-02-20 18:01:41,440 INFO L272 TraceCheckUtils]: 86: Hoare triple {27475#false} call #t~ret87#1 := getEmailTo(~msg#1); {27474#true} is VALID [2022-02-20 18:01:41,440 INFO L290 TraceCheckUtils]: 87: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~26; {27474#true} is VALID [2022-02-20 18:01:41,440 INFO L290 TraceCheckUtils]: 88: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {27474#true} is VALID [2022-02-20 18:01:41,440 INFO L290 TraceCheckUtils]: 89: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,440 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {27474#true} {27475#false} #1211#return; {27475#false} is VALID [2022-02-20 18:01:41,440 INFO L290 TraceCheckUtils]: 91: Hoare triple {27475#false} assume -2147483648 <= #t~ret87#1 && #t~ret87#1 <= 2147483647;~tmp~15#1 := #t~ret87#1;havoc #t~ret87#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~18#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~18#1; {27475#false} is VALID [2022-02-20 18:01:41,440 INFO L290 TraceCheckUtils]: 92: Hoare triple {27475#false} assume 1 == findPublicKey_~handle#1; {27475#false} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 93: Hoare triple {27475#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~18#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~18#1; {27475#false} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 94: Hoare triple {27475#false} #t~ret88#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp___0~6#1 := #t~ret88#1;havoc #t~ret88#1;~pubkey~0#1 := ~tmp___0~6#1; {27475#false} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 95: Hoare triple {27475#false} assume !(0 != ~pubkey~0#1); {27475#false} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 96: Hoare triple {27475#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret86#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {27475#false} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 97: Hoare triple {27475#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {27475#false} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 98: Hoare triple {27475#false} outgoing__wrappee__Keys_#t~ret86#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret86#1 && outgoing__wrappee__Keys_#t~ret86#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret86#1;havoc outgoing__wrappee__Keys_#t~ret86#1; {27475#false} is VALID [2022-02-20 18:01:41,441 INFO L272 TraceCheckUtils]: 99: Hoare triple {27475#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {27553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 100: Hoare triple {27553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27474#true} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 101: Hoare triple {27474#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27474#true} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 102: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,441 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {27474#true} {27475#false} #1217#return; {27475#false} is VALID [2022-02-20 18:01:41,441 INFO L290 TraceCheckUtils]: 104: Hoare triple {27475#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret84#1, mail_#t~ret85#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 := puts(24, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret50#1; {27475#false} is VALID [2022-02-20 18:01:41,442 INFO L272 TraceCheckUtils]: 105: Hoare triple {27475#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {27474#true} is VALID [2022-02-20 18:01:41,442 INFO L290 TraceCheckUtils]: 106: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~29; {27474#true} is VALID [2022-02-20 18:01:41,442 INFO L290 TraceCheckUtils]: 107: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~29; {27474#true} is VALID [2022-02-20 18:01:41,442 INFO L290 TraceCheckUtils]: 108: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,442 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {27474#true} {27475#false} #1219#return; {27475#false} is VALID [2022-02-20 18:01:41,442 INFO L290 TraceCheckUtils]: 110: Hoare triple {27475#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret51#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~1#1.offset := 25, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet52#1; {27475#false} is VALID [2022-02-20 18:01:41,442 INFO L290 TraceCheckUtils]: 111: Hoare triple {27475#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret84#1 := puts(35, 0);assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;havoc mail_#t~ret84#1; {27475#false} is VALID [2022-02-20 18:01:41,443 INFO L272 TraceCheckUtils]: 112: Hoare triple {27475#false} call mail_#t~ret85#1 := getEmailTo(mail_~msg#1); {27474#true} is VALID [2022-02-20 18:01:41,443 INFO L290 TraceCheckUtils]: 113: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~26; {27474#true} is VALID [2022-02-20 18:01:41,443 INFO L290 TraceCheckUtils]: 114: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~26 := ~__ste_email_to0~0;#res := ~retValue_acc~26; {27474#true} is VALID [2022-02-20 18:01:41,449 INFO L290 TraceCheckUtils]: 115: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,449 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {27474#true} {27475#false} #1221#return; {27475#false} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 117: Hoare triple {27475#false} assume -2147483648 <= mail_#t~ret85#1 && mail_#t~ret85#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret85#1;havoc mail_#t~ret85#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_#t~ret98#1, incoming_#t~ret99#1, incoming_#t~ret100#1, incoming_#t~ret101#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~19#1, incoming_~tmp___0~8#1, incoming_~tmp___1~5#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~19#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~5#1;havoc incoming_~tmp___2~3#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 := puts(26, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret53#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~4#1.offset := 27, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet54#1; {27475#false} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 118: Hoare triple {27475#false} assume 1 == ~sent_encrypted~0; {27475#false} is VALID [2022-02-20 18:01:41,450 INFO L272 TraceCheckUtils]: 119: Hoare triple {27475#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {27474#true} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 120: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~13; {27474#true} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 121: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~13; {27474#true} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 122: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,450 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {27474#true} {27475#false} #1223#return; {27475#false} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 124: Hoare triple {27475#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~8#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret55#1; {27475#false} is VALID [2022-02-20 18:01:41,450 INFO L272 TraceCheckUtils]: 125: Hoare triple {27475#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {27474#true} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 126: Hoare triple {27474#true} ~handle := #in~handle;havoc ~retValue_acc~30; {27474#true} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 127: Hoare triple {27474#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~30; {27474#true} is VALID [2022-02-20 18:01:41,450 INFO L290 TraceCheckUtils]: 128: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,450 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {27474#true} {27475#false} #1225#return; {27475#false} is VALID [2022-02-20 18:01:41,451 INFO L290 TraceCheckUtils]: 130: Hoare triple {27475#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret56#1; {27475#false} is VALID [2022-02-20 18:01:41,451 INFO L272 TraceCheckUtils]: 131: Hoare triple {27475#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~2#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~8#1); {27474#true} is VALID [2022-02-20 18:01:41,451 INFO L290 TraceCheckUtils]: 132: Hoare triple {27474#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~43;havoc ~__cil_tmp4~5.base, ~__cil_tmp4~5.offset;~__cil_tmp4~5.base, ~__cil_tmp4~5.offset := 39, 0;havoc #t~nondet104; {27474#true} is VALID [2022-02-20 18:01:41,451 INFO L290 TraceCheckUtils]: 133: Hoare triple {27474#true} assume 0 == ~publicKey;~retValue_acc~43 := 0;#res := ~retValue_acc~43; {27474#true} is VALID [2022-02-20 18:01:41,451 INFO L290 TraceCheckUtils]: 134: Hoare triple {27474#true} assume true; {27474#true} is VALID [2022-02-20 18:01:41,451 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {27474#true} {27475#false} #1227#return; {27475#false} is VALID [2022-02-20 18:01:41,451 INFO L290 TraceCheckUtils]: 136: Hoare triple {27475#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret57#1; {27475#false} is VALID [2022-02-20 18:01:41,451 INFO L290 TraceCheckUtils]: 137: Hoare triple {27475#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~1#1);assume { :begin_inline___automaton_fail } true; {27475#false} is VALID [2022-02-20 18:01:41,451 INFO L290 TraceCheckUtils]: 138: Hoare triple {27475#false} assume !false; {27475#false} is VALID [2022-02-20 18:01:41,452 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:01:41,452 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:41,452 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [122382072] [2022-02-20 18:01:41,452 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [122382072] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:41,452 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:41,452 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:01:41,452 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1872380295] [2022-02-20 18:01:41,453 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:41,453 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.454545454545455) internal successors, (93), 8 states have internal predecessors, (93), 4 states have call successors, (19), 6 states have call predecessors, (19), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) Word has length 139 [2022-02-20 18:01:41,454 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:41,454 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.454545454545455) internal successors, (93), 8 states have internal predecessors, (93), 4 states have call successors, (19), 6 states have call predecessors, (19), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) [2022-02-20 18:01:41,537 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 128 edges. 128 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:41,538 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:01:41,538 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:41,538 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:01:41,538 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:01:41,538 INFO L87 Difference]: Start difference. First operand 485 states and 752 transitions. Second operand has 12 states, 11 states have (on average 8.454545454545455) internal successors, (93), 8 states have internal predecessors, (93), 4 states have call successors, (19), 6 states have call predecessors, (19), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16)