./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec6_product33.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec6_product33.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash f589c9222141e642cc5dd52da93380b476d19c138575c9f6da35a3e335e5e2df --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:01:18,523 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:01:18,526 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:01:18,567 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:01:18,568 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:01:18,572 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:01:18,575 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:01:18,580 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:01:18,583 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:01:18,588 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:01:18,589 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:01:18,590 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:01:18,591 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:01:18,593 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:01:18,595 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:01:18,596 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:01:18,597 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:01:18,598 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:01:18,602 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:01:18,604 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:01:18,609 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:01:18,610 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:01:18,612 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:01:18,612 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:01:18,617 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:01:18,617 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:01:18,617 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:01:18,619 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:01:18,619 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:01:18,620 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:01:18,620 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:01:18,621 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:01:18,623 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:01:18,624 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:01:18,625 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:01:18,625 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:01:18,625 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:01:18,626 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:01:18,626 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:01:18,626 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:01:18,627 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:01:18,628 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:01:18,664 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:01:18,664 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:01:18,664 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:01:18,665 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:01:18,666 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:01:18,666 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:01:18,666 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:01:18,667 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:01:18,667 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:01:18,667 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:01:18,668 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:01:18,668 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:01:18,668 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:01:18,668 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:01:18,669 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:01:18,669 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:01:18,669 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:01:18,669 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:01:18,669 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:01:18,669 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:01:18,670 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:01:18,670 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:01:18,670 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:01:18,670 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:01:18,670 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:01:18,671 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:01:18,671 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:01:18,671 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:01:18,671 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:01:18,671 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:01:18,672 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:01:18,672 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:01:18,672 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:01:18,672 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> f589c9222141e642cc5dd52da93380b476d19c138575c9f6da35a3e335e5e2df [2022-02-20 18:01:18,913 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:01:18,930 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:01:18,933 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:01:18,934 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:01:18,935 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:01:18,936 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec6_product33.cil.c [2022-02-20 18:01:18,992 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/95093cd8f/9cc253235b244796a5860be1df07c81d/FLAGcdf273eda [2022-02-20 18:01:19,479 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:01:19,480 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product33.cil.c [2022-02-20 18:01:19,524 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/95093cd8f/9cc253235b244796a5860be1df07c81d/FLAGcdf273eda [2022-02-20 18:01:19,757 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/95093cd8f/9cc253235b244796a5860be1df07c81d [2022-02-20 18:01:19,759 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:01:19,760 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:01:19,761 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:01:19,761 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:01:19,766 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:01:19,767 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:01:19" (1/1) ... [2022-02-20 18:01:19,768 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@79f15e8d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:19, skipping insertion in model container [2022-02-20 18:01:19,769 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:01:19" (1/1) ... [2022-02-20 18:01:19,775 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:01:19,825 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:01:20,022 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product33.cil.c[1934,1947] [2022-02-20 18:01:20,358 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:01:20,377 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:01:20,394 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec6_product33.cil.c[1934,1947] [2022-02-20 18:01:20,523 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:01:20,551 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:01:20,552 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20 WrapperNode [2022-02-20 18:01:20,552 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:01:20,553 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:01:20,553 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:01:20,553 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:01:20,560 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,584 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,646 INFO L137 Inliner]: procedures = 135, calls = 235, calls flagged for inlining = 66, calls inlined = 61, statements flattened = 1097 [2022-02-20 18:01:20,646 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:01:20,647 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:01:20,647 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:01:20,647 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:01:20,655 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,655 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,663 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,663 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,697 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,706 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,720 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,734 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:01:20,735 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:01:20,735 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:01:20,735 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:01:20,736 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (1/1) ... [2022-02-20 18:01:20,761 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:01:20,772 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:20,798 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:01:20,828 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:01:20,844 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:01:20,844 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:01:20,844 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:01:20,844 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:01:20,845 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:01:20,845 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:01:20,845 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:01:20,845 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:01:20,845 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:01:20,846 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:01:20,846 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:01:20,846 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:01:20,847 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:01:20,847 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:01:20,847 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:01:20,847 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:01:20,847 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:01:20,847 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:01:20,847 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:01:20,848 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:01:20,848 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:01:20,848 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:01:20,848 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:01:20,848 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:01:20,848 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:01:20,848 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:01:20,849 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:01:20,849 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:01:20,849 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:01:20,849 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:01:20,849 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:01:20,849 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:01:20,849 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:01:20,850 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:01:20,850 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:01:20,850 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:01:20,850 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:01:20,850 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:01:20,850 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:01:20,850 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:01:20,851 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:01:20,851 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:01:20,851 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:01:20,851 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:01:20,851 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:01:20,851 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:01:20,851 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:01:20,852 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:01:20,852 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:01:20,852 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:01:20,852 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:01:20,852 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:01:20,853 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:01:21,130 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:01:21,131 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:01:22,100 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:01:22,120 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:01:22,123 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:01:22,126 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:01:22 BoogieIcfgContainer [2022-02-20 18:01:22,126 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:01:22,128 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:01:22,128 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:01:22,131 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:01:22,132 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:01:19" (1/3) ... [2022-02-20 18:01:22,132 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2feb933d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:01:22, skipping insertion in model container [2022-02-20 18:01:22,132 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:20" (2/3) ... [2022-02-20 18:01:22,133 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2feb933d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:01:22, skipping insertion in model container [2022-02-20 18:01:22,133 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:01:22" (3/3) ... [2022-02-20 18:01:22,135 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec6_product33.cil.c [2022-02-20 18:01:22,140 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:01:22,140 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:01:22,194 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:01:22,202 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:01:22,202 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:01:22,250 INFO L276 IsEmpty]: Start isEmpty. Operand has 393 states, 302 states have (on average 1.4966887417218544) internal successors, (452), 306 states have internal predecessors, (452), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (65), 65 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 18:01:22,277 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 127 [2022-02-20 18:01:22,280 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:22,281 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:22,282 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:22,288 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:22,289 INFO L85 PathProgramCache]: Analyzing trace with hash -722514137, now seen corresponding path program 1 times [2022-02-20 18:01:22,302 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:22,303 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1328534690] [2022-02-20 18:01:22,303 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:22,304 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:22,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:22,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,741 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {396#true} #1144#return; {396#true} is VALID [2022-02-20 18:01:22,749 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:22,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,764 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,765 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,765 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {396#true} #1146#return; {396#true} is VALID [2022-02-20 18:01:22,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:22,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,794 INFO L290 TraceCheckUtils]: 0: Hoare triple {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {470#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:22,794 INFO L290 TraceCheckUtils]: 1: Hoare triple {470#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {471#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:22,795 INFO L290 TraceCheckUtils]: 2: Hoare triple {471#(= |setClientId_#in~handle| 1)} assume true; {471#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:22,796 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {471#(= |setClientId_#in~handle| 1)} {406#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1148#return; {397#false} is VALID [2022-02-20 18:01:22,797 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:22,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,814 INFO L290 TraceCheckUtils]: 0: Hoare triple {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,815 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,815 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,816 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1150#return; {397#false} is VALID [2022-02-20 18:01:22,817 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:22,821 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,825 INFO L290 TraceCheckUtils]: 0: Hoare triple {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,826 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,826 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,827 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1152#return; {397#false} is VALID [2022-02-20 18:01:22,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:22,834 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,845 INFO L290 TraceCheckUtils]: 0: Hoare triple {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,846 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,847 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1154#return; {397#false} is VALID [2022-02-20 18:01:22,856 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:01:22,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,867 INFO L290 TraceCheckUtils]: 0: Hoare triple {472#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,868 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,875 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,875 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1130#return; {397#false} is VALID [2022-02-20 18:01:22,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:01:22,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {473#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,897 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,897 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,897 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1132#return; {397#false} is VALID [2022-02-20 18:01:22,898 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:01:22,900 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,903 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~10; {396#true} is VALID [2022-02-20 18:01:22,903 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {396#true} is VALID [2022-02-20 18:01:22,903 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,904 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1060#return; {397#false} is VALID [2022-02-20 18:01:22,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:01:22,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,908 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~32; {396#true} is VALID [2022-02-20 18:01:22,909 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {396#true} is VALID [2022-02-20 18:01:22,909 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,909 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1062#return; {397#false} is VALID [2022-02-20 18:01:22,909 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:22,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {396#true} is VALID [2022-02-20 18:01:22,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle; {396#true} is VALID [2022-02-20 18:01:22,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {396#true} is VALID [2022-02-20 18:01:22,915 INFO L290 TraceCheckUtils]: 3: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,915 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {396#true} {397#false} #1064#return; {397#false} is VALID [2022-02-20 18:01:22,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:01:22,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {472#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,920 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,920 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,921 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1070#return; {397#false} is VALID [2022-02-20 18:01:22,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:01:22,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,926 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~35; {396#true} is VALID [2022-02-20 18:01:22,927 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {396#true} is VALID [2022-02-20 18:01:22,927 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,927 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1072#return; {397#false} is VALID [2022-02-20 18:01:22,927 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:01:22,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~32; {396#true} is VALID [2022-02-20 18:01:22,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {396#true} is VALID [2022-02-20 18:01:22,932 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,932 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1074#return; {397#false} is VALID [2022-02-20 18:01:22,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:01:22,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,937 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~10; {396#true} is VALID [2022-02-20 18:01:22,937 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {396#true} is VALID [2022-02-20 18:01:22,938 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1076#return; {397#false} is VALID [2022-02-20 18:01:22,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:01:22,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~36; {396#true} is VALID [2022-02-20 18:01:22,943 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {396#true} is VALID [2022-02-20 18:01:22,943 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,943 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1078#return; {397#false} is VALID [2022-02-20 18:01:22,943 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:01:22,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:22,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {396#true} is VALID [2022-02-20 18:01:22,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {396#true} is VALID [2022-02-20 18:01:22,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,949 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {396#true} {397#false} #1080#return; {397#false} is VALID [2022-02-20 18:01:22,950 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {396#true} is VALID [2022-02-20 18:01:22,950 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {396#true} is VALID [2022-02-20 18:01:22,950 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {396#true} is VALID [2022-02-20 18:01:22,950 INFO L290 TraceCheckUtils]: 3: Hoare triple {396#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {396#true} is VALID [2022-02-20 18:01:22,951 INFO L290 TraceCheckUtils]: 4: Hoare triple {396#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {396#true} is VALID [2022-02-20 18:01:22,951 INFO L290 TraceCheckUtils]: 5: Hoare triple {396#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {396#true} is VALID [2022-02-20 18:01:22,952 INFO L272 TraceCheckUtils]: 6: Hoare triple {396#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:22,952 INFO L290 TraceCheckUtils]: 7: Hoare triple {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,953 INFO L290 TraceCheckUtils]: 8: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,953 INFO L290 TraceCheckUtils]: 9: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,953 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {396#true} {396#true} #1144#return; {396#true} is VALID [2022-02-20 18:01:22,953 INFO L290 TraceCheckUtils]: 11: Hoare triple {396#true} assume { :end_inline_setup_bob__wrappee__Base } true; {396#true} is VALID [2022-02-20 18:01:22,954 INFO L272 TraceCheckUtils]: 12: Hoare triple {396#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:22,955 INFO L290 TraceCheckUtils]: 13: Hoare triple {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,955 INFO L290 TraceCheckUtils]: 14: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,955 INFO L290 TraceCheckUtils]: 15: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,955 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {396#true} {396#true} #1146#return; {396#true} is VALID [2022-02-20 18:01:22,956 INFO L290 TraceCheckUtils]: 17: Hoare triple {396#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {406#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:22,957 INFO L272 TraceCheckUtils]: 18: Hoare triple {406#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:22,957 INFO L290 TraceCheckUtils]: 19: Hoare triple {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {470#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:22,958 INFO L290 TraceCheckUtils]: 20: Hoare triple {470#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {471#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:22,958 INFO L290 TraceCheckUtils]: 21: Hoare triple {471#(= |setClientId_#in~handle| 1)} assume true; {471#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:22,959 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {471#(= |setClientId_#in~handle| 1)} {406#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1148#return; {397#false} is VALID [2022-02-20 18:01:22,959 INFO L290 TraceCheckUtils]: 23: Hoare triple {397#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {397#false} is VALID [2022-02-20 18:01:22,960 INFO L272 TraceCheckUtils]: 24: Hoare triple {397#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:22,960 INFO L290 TraceCheckUtils]: 25: Hoare triple {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,960 INFO L290 TraceCheckUtils]: 26: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,960 INFO L290 TraceCheckUtils]: 27: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,961 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {396#true} {397#false} #1150#return; {397#false} is VALID [2022-02-20 18:01:22,961 INFO L290 TraceCheckUtils]: 29: Hoare triple {397#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {397#false} is VALID [2022-02-20 18:01:22,961 INFO L272 TraceCheckUtils]: 30: Hoare triple {397#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:22,961 INFO L290 TraceCheckUtils]: 31: Hoare triple {468#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,962 INFO L290 TraceCheckUtils]: 32: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,962 INFO L290 TraceCheckUtils]: 33: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,962 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {396#true} {397#false} #1152#return; {397#false} is VALID [2022-02-20 18:01:22,962 INFO L290 TraceCheckUtils]: 35: Hoare triple {397#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {397#false} is VALID [2022-02-20 18:01:22,962 INFO L272 TraceCheckUtils]: 36: Hoare triple {397#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:22,963 INFO L290 TraceCheckUtils]: 37: Hoare triple {469#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,963 INFO L290 TraceCheckUtils]: 38: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,963 INFO L290 TraceCheckUtils]: 39: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,963 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {396#true} {397#false} #1154#return; {397#false} is VALID [2022-02-20 18:01:22,964 INFO L290 TraceCheckUtils]: 41: Hoare triple {397#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {397#false} is VALID [2022-02-20 18:01:22,964 INFO L290 TraceCheckUtils]: 42: Hoare triple {397#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {397#false} is VALID [2022-02-20 18:01:22,964 INFO L290 TraceCheckUtils]: 43: Hoare triple {397#false} assume false; {397#false} is VALID [2022-02-20 18:01:22,964 INFO L290 TraceCheckUtils]: 44: Hoare triple {397#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {397#false} is VALID [2022-02-20 18:01:22,965 INFO L272 TraceCheckUtils]: 45: Hoare triple {397#false} call sendEmail(~bob~0, ~rjh~0); {397#false} is VALID [2022-02-20 18:01:22,965 INFO L290 TraceCheckUtils]: 46: Hoare triple {397#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {397#false} is VALID [2022-02-20 18:01:22,965 INFO L272 TraceCheckUtils]: 47: Hoare triple {397#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {472#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:22,966 INFO L290 TraceCheckUtils]: 48: Hoare triple {472#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,966 INFO L290 TraceCheckUtils]: 49: Hoare triple {396#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,966 INFO L290 TraceCheckUtils]: 50: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,966 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {396#true} {397#false} #1130#return; {397#false} is VALID [2022-02-20 18:01:22,966 INFO L272 TraceCheckUtils]: 52: Hoare triple {397#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {473#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:22,967 INFO L290 TraceCheckUtils]: 53: Hoare triple {473#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,967 INFO L290 TraceCheckUtils]: 54: Hoare triple {396#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,967 INFO L290 TraceCheckUtils]: 55: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,967 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {396#true} {397#false} #1132#return; {397#false} is VALID [2022-02-20 18:01:22,968 INFO L290 TraceCheckUtils]: 57: Hoare triple {397#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {397#false} is VALID [2022-02-20 18:01:22,968 INFO L290 TraceCheckUtils]: 58: Hoare triple {397#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {397#false} is VALID [2022-02-20 18:01:22,968 INFO L272 TraceCheckUtils]: 59: Hoare triple {397#false} call outgoing(~sender#1, ~email~0#1); {397#false} is VALID [2022-02-20 18:01:22,968 INFO L290 TraceCheckUtils]: 60: Hoare triple {397#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {397#false} is VALID [2022-02-20 18:01:22,969 INFO L272 TraceCheckUtils]: 61: Hoare triple {397#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {396#true} is VALID [2022-02-20 18:01:22,969 INFO L290 TraceCheckUtils]: 62: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~10; {396#true} is VALID [2022-02-20 18:01:22,969 INFO L290 TraceCheckUtils]: 63: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {396#true} is VALID [2022-02-20 18:01:22,969 INFO L290 TraceCheckUtils]: 64: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,969 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {396#true} {397#false} #1060#return; {397#false} is VALID [2022-02-20 18:01:22,970 INFO L290 TraceCheckUtils]: 66: Hoare triple {397#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {397#false} is VALID [2022-02-20 18:01:22,970 INFO L290 TraceCheckUtils]: 67: Hoare triple {397#false} assume 0 == sign_~privkey~1#1; {397#false} is VALID [2022-02-20 18:01:22,970 INFO L290 TraceCheckUtils]: 68: Hoare triple {397#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {397#false} is VALID [2022-02-20 18:01:22,970 INFO L272 TraceCheckUtils]: 69: Hoare triple {397#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {396#true} is VALID [2022-02-20 18:01:22,970 INFO L290 TraceCheckUtils]: 70: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~32; {396#true} is VALID [2022-02-20 18:01:22,971 INFO L290 TraceCheckUtils]: 71: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {396#true} is VALID [2022-02-20 18:01:22,971 INFO L290 TraceCheckUtils]: 72: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,971 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {396#true} {397#false} #1062#return; {397#false} is VALID [2022-02-20 18:01:22,971 INFO L290 TraceCheckUtils]: 74: Hoare triple {397#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {397#false} is VALID [2022-02-20 18:01:22,972 INFO L272 TraceCheckUtils]: 75: Hoare triple {397#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {396#true} is VALID [2022-02-20 18:01:22,972 INFO L290 TraceCheckUtils]: 76: Hoare triple {396#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {396#true} is VALID [2022-02-20 18:01:22,972 INFO L290 TraceCheckUtils]: 77: Hoare triple {396#true} assume 1 == ~handle; {396#true} is VALID [2022-02-20 18:01:22,972 INFO L290 TraceCheckUtils]: 78: Hoare triple {396#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {396#true} is VALID [2022-02-20 18:01:22,972 INFO L290 TraceCheckUtils]: 79: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,973 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {396#true} {397#false} #1064#return; {397#false} is VALID [2022-02-20 18:01:22,973 INFO L290 TraceCheckUtils]: 81: Hoare triple {397#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {397#false} is VALID [2022-02-20 18:01:22,973 INFO L290 TraceCheckUtils]: 82: Hoare triple {397#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {397#false} is VALID [2022-02-20 18:01:22,973 INFO L290 TraceCheckUtils]: 83: Hoare triple {397#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {397#false} is VALID [2022-02-20 18:01:22,974 INFO L290 TraceCheckUtils]: 84: Hoare triple {397#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {397#false} is VALID [2022-02-20 18:01:22,974 INFO L290 TraceCheckUtils]: 85: Hoare triple {397#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {397#false} is VALID [2022-02-20 18:01:22,974 INFO L272 TraceCheckUtils]: 86: Hoare triple {397#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {472#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:22,974 INFO L290 TraceCheckUtils]: 87: Hoare triple {472#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:22,975 INFO L290 TraceCheckUtils]: 88: Hoare triple {396#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:22,975 INFO L290 TraceCheckUtils]: 89: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,975 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {396#true} {397#false} #1070#return; {397#false} is VALID [2022-02-20 18:01:22,975 INFO L290 TraceCheckUtils]: 91: Hoare triple {397#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {397#false} is VALID [2022-02-20 18:01:22,976 INFO L272 TraceCheckUtils]: 92: Hoare triple {397#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {396#true} is VALID [2022-02-20 18:01:22,976 INFO L290 TraceCheckUtils]: 93: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~35; {396#true} is VALID [2022-02-20 18:01:22,976 INFO L290 TraceCheckUtils]: 94: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {396#true} is VALID [2022-02-20 18:01:22,976 INFO L290 TraceCheckUtils]: 95: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,976 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {396#true} {397#false} #1072#return; {397#false} is VALID [2022-02-20 18:01:22,977 INFO L290 TraceCheckUtils]: 97: Hoare triple {397#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {397#false} is VALID [2022-02-20 18:01:22,977 INFO L290 TraceCheckUtils]: 98: Hoare triple {397#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {397#false} is VALID [2022-02-20 18:01:22,977 INFO L272 TraceCheckUtils]: 99: Hoare triple {397#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {396#true} is VALID [2022-02-20 18:01:22,977 INFO L290 TraceCheckUtils]: 100: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~32; {396#true} is VALID [2022-02-20 18:01:22,978 INFO L290 TraceCheckUtils]: 101: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {396#true} is VALID [2022-02-20 18:01:22,978 INFO L290 TraceCheckUtils]: 102: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,978 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {396#true} {397#false} #1074#return; {397#false} is VALID [2022-02-20 18:01:22,978 INFO L290 TraceCheckUtils]: 104: Hoare triple {397#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {397#false} is VALID [2022-02-20 18:01:22,979 INFO L290 TraceCheckUtils]: 105: Hoare triple {397#false} assume 1 == ~sent_encrypted~0; {397#false} is VALID [2022-02-20 18:01:22,979 INFO L272 TraceCheckUtils]: 106: Hoare triple {397#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {396#true} is VALID [2022-02-20 18:01:22,979 INFO L290 TraceCheckUtils]: 107: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~10; {396#true} is VALID [2022-02-20 18:01:22,979 INFO L290 TraceCheckUtils]: 108: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {396#true} is VALID [2022-02-20 18:01:22,979 INFO L290 TraceCheckUtils]: 109: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,980 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {396#true} {397#false} #1076#return; {397#false} is VALID [2022-02-20 18:01:22,980 INFO L290 TraceCheckUtils]: 111: Hoare triple {397#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {397#false} is VALID [2022-02-20 18:01:22,980 INFO L272 TraceCheckUtils]: 112: Hoare triple {397#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {396#true} is VALID [2022-02-20 18:01:22,980 INFO L290 TraceCheckUtils]: 113: Hoare triple {396#true} ~handle := #in~handle;havoc ~retValue_acc~36; {396#true} is VALID [2022-02-20 18:01:22,981 INFO L290 TraceCheckUtils]: 114: Hoare triple {396#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {396#true} is VALID [2022-02-20 18:01:22,981 INFO L290 TraceCheckUtils]: 115: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,981 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {396#true} {397#false} #1078#return; {397#false} is VALID [2022-02-20 18:01:22,981 INFO L290 TraceCheckUtils]: 117: Hoare triple {397#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {397#false} is VALID [2022-02-20 18:01:22,981 INFO L272 TraceCheckUtils]: 118: Hoare triple {397#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {396#true} is VALID [2022-02-20 18:01:22,982 INFO L290 TraceCheckUtils]: 119: Hoare triple {396#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {396#true} is VALID [2022-02-20 18:01:22,982 INFO L290 TraceCheckUtils]: 120: Hoare triple {396#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {396#true} is VALID [2022-02-20 18:01:22,982 INFO L290 TraceCheckUtils]: 121: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:22,982 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {396#true} {397#false} #1080#return; {397#false} is VALID [2022-02-20 18:01:22,982 INFO L290 TraceCheckUtils]: 123: Hoare triple {397#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {397#false} is VALID [2022-02-20 18:01:22,983 INFO L290 TraceCheckUtils]: 124: Hoare triple {397#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {397#false} is VALID [2022-02-20 18:01:22,983 INFO L290 TraceCheckUtils]: 125: Hoare triple {397#false} assume !false; {397#false} is VALID [2022-02-20 18:01:22,984 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:01:22,984 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:22,985 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1328534690] [2022-02-20 18:01:22,985 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1328534690] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:22,986 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [25552766] [2022-02-20 18:01:22,986 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:22,986 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:22,986 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:22,988 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:22,997 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:01:23,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:23,327 INFO L263 TraceCheckSpWp]: Trace formula consists of 1179 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:01:23,390 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:23,397 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:23,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {396#true} is VALID [2022-02-20 18:01:23,673 INFO L290 TraceCheckUtils]: 1: Hoare triple {396#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {396#true} is VALID [2022-02-20 18:01:23,673 INFO L290 TraceCheckUtils]: 2: Hoare triple {396#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {396#true} is VALID [2022-02-20 18:01:23,673 INFO L290 TraceCheckUtils]: 3: Hoare triple {396#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {396#true} is VALID [2022-02-20 18:01:23,674 INFO L290 TraceCheckUtils]: 4: Hoare triple {396#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {396#true} is VALID [2022-02-20 18:01:23,674 INFO L290 TraceCheckUtils]: 5: Hoare triple {396#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {396#true} is VALID [2022-02-20 18:01:23,674 INFO L272 TraceCheckUtils]: 6: Hoare triple {396#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {396#true} is VALID [2022-02-20 18:01:23,674 INFO L290 TraceCheckUtils]: 7: Hoare triple {396#true} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:23,674 INFO L290 TraceCheckUtils]: 8: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:23,675 INFO L290 TraceCheckUtils]: 9: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:23,675 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {396#true} {396#true} #1144#return; {396#true} is VALID [2022-02-20 18:01:23,675 INFO L290 TraceCheckUtils]: 11: Hoare triple {396#true} assume { :end_inline_setup_bob__wrappee__Base } true; {396#true} is VALID [2022-02-20 18:01:23,675 INFO L272 TraceCheckUtils]: 12: Hoare triple {396#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {396#true} is VALID [2022-02-20 18:01:23,676 INFO L290 TraceCheckUtils]: 13: Hoare triple {396#true} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:23,676 INFO L290 TraceCheckUtils]: 14: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:23,676 INFO L290 TraceCheckUtils]: 15: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:23,676 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {396#true} {396#true} #1146#return; {396#true} is VALID [2022-02-20 18:01:23,676 INFO L290 TraceCheckUtils]: 17: Hoare triple {396#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {396#true} is VALID [2022-02-20 18:01:23,677 INFO L272 TraceCheckUtils]: 18: Hoare triple {396#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {396#true} is VALID [2022-02-20 18:01:23,677 INFO L290 TraceCheckUtils]: 19: Hoare triple {396#true} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:23,677 INFO L290 TraceCheckUtils]: 20: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:23,677 INFO L290 TraceCheckUtils]: 21: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:23,677 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {396#true} {396#true} #1148#return; {396#true} is VALID [2022-02-20 18:01:23,678 INFO L290 TraceCheckUtils]: 23: Hoare triple {396#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {396#true} is VALID [2022-02-20 18:01:23,678 INFO L272 TraceCheckUtils]: 24: Hoare triple {396#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {396#true} is VALID [2022-02-20 18:01:23,678 INFO L290 TraceCheckUtils]: 25: Hoare triple {396#true} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:23,678 INFO L290 TraceCheckUtils]: 26: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:23,678 INFO L290 TraceCheckUtils]: 27: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:23,679 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {396#true} {396#true} #1150#return; {396#true} is VALID [2022-02-20 18:01:23,679 INFO L290 TraceCheckUtils]: 29: Hoare triple {396#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {396#true} is VALID [2022-02-20 18:01:23,679 INFO L272 TraceCheckUtils]: 30: Hoare triple {396#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {396#true} is VALID [2022-02-20 18:01:23,679 INFO L290 TraceCheckUtils]: 31: Hoare triple {396#true} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:23,679 INFO L290 TraceCheckUtils]: 32: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:23,680 INFO L290 TraceCheckUtils]: 33: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:23,680 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {396#true} {396#true} #1152#return; {396#true} is VALID [2022-02-20 18:01:23,680 INFO L290 TraceCheckUtils]: 35: Hoare triple {396#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {396#true} is VALID [2022-02-20 18:01:23,680 INFO L272 TraceCheckUtils]: 36: Hoare triple {396#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {396#true} is VALID [2022-02-20 18:01:23,680 INFO L290 TraceCheckUtils]: 37: Hoare triple {396#true} ~handle := #in~handle;~value := #in~value; {396#true} is VALID [2022-02-20 18:01:23,681 INFO L290 TraceCheckUtils]: 38: Hoare triple {396#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {396#true} is VALID [2022-02-20 18:01:23,681 INFO L290 TraceCheckUtils]: 39: Hoare triple {396#true} assume true; {396#true} is VALID [2022-02-20 18:01:23,681 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {396#true} {396#true} #1154#return; {396#true} is VALID [2022-02-20 18:01:23,681 INFO L290 TraceCheckUtils]: 41: Hoare triple {396#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {396#true} is VALID [2022-02-20 18:01:23,681 INFO L290 TraceCheckUtils]: 42: Hoare triple {396#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {396#true} is VALID [2022-02-20 18:01:23,682 INFO L290 TraceCheckUtils]: 43: Hoare triple {396#true} assume false; {397#false} is VALID [2022-02-20 18:01:23,682 INFO L290 TraceCheckUtils]: 44: Hoare triple {397#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {397#false} is VALID [2022-02-20 18:01:23,682 INFO L272 TraceCheckUtils]: 45: Hoare triple {397#false} call sendEmail(~bob~0, ~rjh~0); {397#false} is VALID [2022-02-20 18:01:23,683 INFO L290 TraceCheckUtils]: 46: Hoare triple {397#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {397#false} is VALID [2022-02-20 18:01:23,683 INFO L272 TraceCheckUtils]: 47: Hoare triple {397#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {397#false} is VALID [2022-02-20 18:01:23,683 INFO L290 TraceCheckUtils]: 48: Hoare triple {397#false} ~handle := #in~handle;~value := #in~value; {397#false} is VALID [2022-02-20 18:01:23,683 INFO L290 TraceCheckUtils]: 49: Hoare triple {397#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {397#false} is VALID [2022-02-20 18:01:23,683 INFO L290 TraceCheckUtils]: 50: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,684 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {397#false} {397#false} #1130#return; {397#false} is VALID [2022-02-20 18:01:23,684 INFO L272 TraceCheckUtils]: 52: Hoare triple {397#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {397#false} is VALID [2022-02-20 18:01:23,684 INFO L290 TraceCheckUtils]: 53: Hoare triple {397#false} ~handle := #in~handle;~value := #in~value; {397#false} is VALID [2022-02-20 18:01:23,684 INFO L290 TraceCheckUtils]: 54: Hoare triple {397#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {397#false} is VALID [2022-02-20 18:01:23,684 INFO L290 TraceCheckUtils]: 55: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,685 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {397#false} {397#false} #1132#return; {397#false} is VALID [2022-02-20 18:01:23,685 INFO L290 TraceCheckUtils]: 57: Hoare triple {397#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {397#false} is VALID [2022-02-20 18:01:23,685 INFO L290 TraceCheckUtils]: 58: Hoare triple {397#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {397#false} is VALID [2022-02-20 18:01:23,685 INFO L272 TraceCheckUtils]: 59: Hoare triple {397#false} call outgoing(~sender#1, ~email~0#1); {397#false} is VALID [2022-02-20 18:01:23,685 INFO L290 TraceCheckUtils]: 60: Hoare triple {397#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {397#false} is VALID [2022-02-20 18:01:23,686 INFO L272 TraceCheckUtils]: 61: Hoare triple {397#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {397#false} is VALID [2022-02-20 18:01:23,686 INFO L290 TraceCheckUtils]: 62: Hoare triple {397#false} ~handle := #in~handle;havoc ~retValue_acc~10; {397#false} is VALID [2022-02-20 18:01:23,686 INFO L290 TraceCheckUtils]: 63: Hoare triple {397#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {397#false} is VALID [2022-02-20 18:01:23,686 INFO L290 TraceCheckUtils]: 64: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,686 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {397#false} {397#false} #1060#return; {397#false} is VALID [2022-02-20 18:01:23,687 INFO L290 TraceCheckUtils]: 66: Hoare triple {397#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {397#false} is VALID [2022-02-20 18:01:23,687 INFO L290 TraceCheckUtils]: 67: Hoare triple {397#false} assume 0 == sign_~privkey~1#1; {397#false} is VALID [2022-02-20 18:01:23,687 INFO L290 TraceCheckUtils]: 68: Hoare triple {397#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {397#false} is VALID [2022-02-20 18:01:23,687 INFO L272 TraceCheckUtils]: 69: Hoare triple {397#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {397#false} is VALID [2022-02-20 18:01:23,687 INFO L290 TraceCheckUtils]: 70: Hoare triple {397#false} ~handle := #in~handle;havoc ~retValue_acc~32; {397#false} is VALID [2022-02-20 18:01:23,688 INFO L290 TraceCheckUtils]: 71: Hoare triple {397#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {397#false} is VALID [2022-02-20 18:01:23,688 INFO L290 TraceCheckUtils]: 72: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,688 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {397#false} {397#false} #1062#return; {397#false} is VALID [2022-02-20 18:01:23,688 INFO L290 TraceCheckUtils]: 74: Hoare triple {397#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {397#false} is VALID [2022-02-20 18:01:23,688 INFO L272 TraceCheckUtils]: 75: Hoare triple {397#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {397#false} is VALID [2022-02-20 18:01:23,689 INFO L290 TraceCheckUtils]: 76: Hoare triple {397#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {397#false} is VALID [2022-02-20 18:01:23,689 INFO L290 TraceCheckUtils]: 77: Hoare triple {397#false} assume 1 == ~handle; {397#false} is VALID [2022-02-20 18:01:23,689 INFO L290 TraceCheckUtils]: 78: Hoare triple {397#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {397#false} is VALID [2022-02-20 18:01:23,689 INFO L290 TraceCheckUtils]: 79: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,689 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {397#false} {397#false} #1064#return; {397#false} is VALID [2022-02-20 18:01:23,690 INFO L290 TraceCheckUtils]: 81: Hoare triple {397#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {397#false} is VALID [2022-02-20 18:01:23,690 INFO L290 TraceCheckUtils]: 82: Hoare triple {397#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {397#false} is VALID [2022-02-20 18:01:23,690 INFO L290 TraceCheckUtils]: 83: Hoare triple {397#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {397#false} is VALID [2022-02-20 18:01:23,690 INFO L290 TraceCheckUtils]: 84: Hoare triple {397#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {397#false} is VALID [2022-02-20 18:01:23,690 INFO L290 TraceCheckUtils]: 85: Hoare triple {397#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {397#false} is VALID [2022-02-20 18:01:23,690 INFO L272 TraceCheckUtils]: 86: Hoare triple {397#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {397#false} is VALID [2022-02-20 18:01:23,691 INFO L290 TraceCheckUtils]: 87: Hoare triple {397#false} ~handle := #in~handle;~value := #in~value; {397#false} is VALID [2022-02-20 18:01:23,691 INFO L290 TraceCheckUtils]: 88: Hoare triple {397#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {397#false} is VALID [2022-02-20 18:01:23,691 INFO L290 TraceCheckUtils]: 89: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,691 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {397#false} {397#false} #1070#return; {397#false} is VALID [2022-02-20 18:01:23,692 INFO L290 TraceCheckUtils]: 91: Hoare triple {397#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {397#false} is VALID [2022-02-20 18:01:23,692 INFO L272 TraceCheckUtils]: 92: Hoare triple {397#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {397#false} is VALID [2022-02-20 18:01:23,692 INFO L290 TraceCheckUtils]: 93: Hoare triple {397#false} ~handle := #in~handle;havoc ~retValue_acc~35; {397#false} is VALID [2022-02-20 18:01:23,692 INFO L290 TraceCheckUtils]: 94: Hoare triple {397#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {397#false} is VALID [2022-02-20 18:01:23,692 INFO L290 TraceCheckUtils]: 95: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,693 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {397#false} {397#false} #1072#return; {397#false} is VALID [2022-02-20 18:01:23,693 INFO L290 TraceCheckUtils]: 97: Hoare triple {397#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {397#false} is VALID [2022-02-20 18:01:23,693 INFO L290 TraceCheckUtils]: 98: Hoare triple {397#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {397#false} is VALID [2022-02-20 18:01:23,693 INFO L272 TraceCheckUtils]: 99: Hoare triple {397#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {397#false} is VALID [2022-02-20 18:01:23,693 INFO L290 TraceCheckUtils]: 100: Hoare triple {397#false} ~handle := #in~handle;havoc ~retValue_acc~32; {397#false} is VALID [2022-02-20 18:01:23,694 INFO L290 TraceCheckUtils]: 101: Hoare triple {397#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {397#false} is VALID [2022-02-20 18:01:23,694 INFO L290 TraceCheckUtils]: 102: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,694 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {397#false} {397#false} #1074#return; {397#false} is VALID [2022-02-20 18:01:23,694 INFO L290 TraceCheckUtils]: 104: Hoare triple {397#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {397#false} is VALID [2022-02-20 18:01:23,694 INFO L290 TraceCheckUtils]: 105: Hoare triple {397#false} assume 1 == ~sent_encrypted~0; {397#false} is VALID [2022-02-20 18:01:23,695 INFO L272 TraceCheckUtils]: 106: Hoare triple {397#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {397#false} is VALID [2022-02-20 18:01:23,695 INFO L290 TraceCheckUtils]: 107: Hoare triple {397#false} ~handle := #in~handle;havoc ~retValue_acc~10; {397#false} is VALID [2022-02-20 18:01:23,695 INFO L290 TraceCheckUtils]: 108: Hoare triple {397#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {397#false} is VALID [2022-02-20 18:01:23,695 INFO L290 TraceCheckUtils]: 109: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,695 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {397#false} {397#false} #1076#return; {397#false} is VALID [2022-02-20 18:01:23,696 INFO L290 TraceCheckUtils]: 111: Hoare triple {397#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {397#false} is VALID [2022-02-20 18:01:23,696 INFO L272 TraceCheckUtils]: 112: Hoare triple {397#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {397#false} is VALID [2022-02-20 18:01:23,696 INFO L290 TraceCheckUtils]: 113: Hoare triple {397#false} ~handle := #in~handle;havoc ~retValue_acc~36; {397#false} is VALID [2022-02-20 18:01:23,696 INFO L290 TraceCheckUtils]: 114: Hoare triple {397#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {397#false} is VALID [2022-02-20 18:01:23,696 INFO L290 TraceCheckUtils]: 115: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,696 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {397#false} {397#false} #1078#return; {397#false} is VALID [2022-02-20 18:01:23,697 INFO L290 TraceCheckUtils]: 117: Hoare triple {397#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {397#false} is VALID [2022-02-20 18:01:23,697 INFO L272 TraceCheckUtils]: 118: Hoare triple {397#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {397#false} is VALID [2022-02-20 18:01:23,697 INFO L290 TraceCheckUtils]: 119: Hoare triple {397#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {397#false} is VALID [2022-02-20 18:01:23,697 INFO L290 TraceCheckUtils]: 120: Hoare triple {397#false} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {397#false} is VALID [2022-02-20 18:01:23,697 INFO L290 TraceCheckUtils]: 121: Hoare triple {397#false} assume true; {397#false} is VALID [2022-02-20 18:01:23,698 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {397#false} {397#false} #1080#return; {397#false} is VALID [2022-02-20 18:01:23,698 INFO L290 TraceCheckUtils]: 123: Hoare triple {397#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {397#false} is VALID [2022-02-20 18:01:23,698 INFO L290 TraceCheckUtils]: 124: Hoare triple {397#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {397#false} is VALID [2022-02-20 18:01:23,698 INFO L290 TraceCheckUtils]: 125: Hoare triple {397#false} assume !false; {397#false} is VALID [2022-02-20 18:01:23,699 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 18:01:23,699 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:23,699 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [25552766] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:23,699 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:23,700 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:01:23,702 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1015038585] [2022-02-20 18:01:23,703 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:23,708 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 34.5) internal successors, (69), 2 states have internal predecessors, (69), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 126 [2022-02-20 18:01:23,711 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:23,714 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 34.5) internal successors, (69), 2 states have internal predecessors, (69), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:23,814 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:23,814 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:01:23,814 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:23,832 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:01:23,833 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:23,837 INFO L87 Difference]: Start difference. First operand has 393 states, 302 states have (on average 1.4966887417218544) internal successors, (452), 306 states have internal predecessors, (452), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (65), 65 states have call predecessors, (65), 65 states have call successors, (65) Second operand has 2 states, 2 states have (on average 34.5) internal successors, (69), 2 states have internal predecessors, (69), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:24,196 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:24,196 INFO L93 Difference]: Finished difference Result 627 states and 910 transitions. [2022-02-20 18:01:24,197 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:01:24,197 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 34.5) internal successors, (69), 2 states have internal predecessors, (69), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 126 [2022-02-20 18:01:24,197 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:24,199 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 34.5) internal successors, (69), 2 states have internal predecessors, (69), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:24,223 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 910 transitions. [2022-02-20 18:01:24,224 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 34.5) internal successors, (69), 2 states have internal predecessors, (69), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:24,250 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 910 transitions. [2022-02-20 18:01:24,250 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 910 transitions. [2022-02-20 18:01:25,026 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 910 edges. 910 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:25,062 INFO L225 Difference]: With dead ends: 627 [2022-02-20 18:01:25,062 INFO L226 Difference]: Without dead ends: 386 [2022-02-20 18:01:25,068 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 163 GetRequests, 156 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:25,071 INFO L933 BasicCegarLoop]: 578 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 578 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:25,072 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 578 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:25,088 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 386 states. [2022-02-20 18:01:25,132 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 386 to 386. [2022-02-20 18:01:25,132 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:25,141 INFO L82 GeneralOperation]: Start isEquivalent. First operand 386 states. Second operand has 386 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 18:01:25,144 INFO L74 IsIncluded]: Start isIncluded. First operand 386 states. Second operand has 386 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 18:01:25,148 INFO L87 Difference]: Start difference. First operand 386 states. Second operand has 386 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 18:01:25,178 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:25,179 INFO L93 Difference]: Finished difference Result 386 states and 570 transitions. [2022-02-20 18:01:25,179 INFO L276 IsEmpty]: Start isEmpty. Operand 386 states and 570 transitions. [2022-02-20 18:01:25,183 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:25,183 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:25,186 INFO L74 IsIncluded]: Start isIncluded. First operand has 386 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) Second operand 386 states. [2022-02-20 18:01:25,187 INFO L87 Difference]: Start difference. First operand has 386 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) Second operand 386 states. [2022-02-20 18:01:25,212 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:25,212 INFO L93 Difference]: Finished difference Result 386 states and 570 transitions. [2022-02-20 18:01:25,212 INFO L276 IsEmpty]: Start isEmpty. Operand 386 states and 570 transitions. [2022-02-20 18:01:25,215 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:25,215 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:25,215 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:25,215 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:25,217 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 386 states, 296 states have (on average 1.489864864864865) internal successors, (441), 299 states have internal predecessors, (441), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 18:01:25,239 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 386 states to 386 states and 570 transitions. [2022-02-20 18:01:25,240 INFO L78 Accepts]: Start accepts. Automaton has 386 states and 570 transitions. Word has length 126 [2022-02-20 18:01:25,240 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:25,241 INFO L470 AbstractCegarLoop]: Abstraction has 386 states and 570 transitions. [2022-02-20 18:01:25,241 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 34.5) internal successors, (69), 2 states have internal predecessors, (69), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:25,241 INFO L276 IsEmpty]: Start isEmpty. Operand 386 states and 570 transitions. [2022-02-20 18:01:25,246 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2022-02-20 18:01:25,246 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:25,246 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:25,265 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:01:25,446 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:01:25,447 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:25,447 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:25,448 INFO L85 PathProgramCache]: Analyzing trace with hash -1600743464, now seen corresponding path program 1 times [2022-02-20 18:01:25,448 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:25,448 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [419203410] [2022-02-20 18:01:25,448 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:25,448 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:25,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:25,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,555 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3046#true} #1144#return; {3046#true} is VALID [2022-02-20 18:01:25,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:25,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,569 INFO L290 TraceCheckUtils]: 0: Hoare triple {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,569 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,569 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3046#true} #1146#return; {3046#true} is VALID [2022-02-20 18:01:25,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:25,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,596 INFO L290 TraceCheckUtils]: 0: Hoare triple {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3120#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:25,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {3120#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3121#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:25,597 INFO L290 TraceCheckUtils]: 2: Hoare triple {3121#(= |setClientId_#in~handle| 1)} assume true; {3121#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:25,597 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3121#(= |setClientId_#in~handle| 1)} {3056#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1148#return; {3047#false} is VALID [2022-02-20 18:01:25,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:25,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,612 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1150#return; {3047#false} is VALID [2022-02-20 18:01:25,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:25,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,618 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,618 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,619 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1152#return; {3047#false} is VALID [2022-02-20 18:01:25,619 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:25,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,624 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,624 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,625 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1154#return; {3047#false} is VALID [2022-02-20 18:01:25,632 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:01:25,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,637 INFO L290 TraceCheckUtils]: 0: Hoare triple {3122#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,637 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,637 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,637 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1130#return; {3047#false} is VALID [2022-02-20 18:01:25,646 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:01:25,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {3123#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,651 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,651 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1132#return; {3047#false} is VALID [2022-02-20 18:01:25,651 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:01:25,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3046#true} is VALID [2022-02-20 18:01:25,655 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3046#true} is VALID [2022-02-20 18:01:25,655 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,656 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1060#return; {3047#false} is VALID [2022-02-20 18:01:25,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:01:25,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,659 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~32; {3046#true} is VALID [2022-02-20 18:01:25,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {3046#true} is VALID [2022-02-20 18:01:25,660 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,660 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1062#return; {3047#false} is VALID [2022-02-20 18:01:25,660 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:01:25,662 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,664 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3046#true} is VALID [2022-02-20 18:01:25,665 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle; {3046#true} is VALID [2022-02-20 18:01:25,665 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3046#true} is VALID [2022-02-20 18:01:25,665 INFO L290 TraceCheckUtils]: 3: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,665 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3046#true} {3047#false} #1064#return; {3047#false} is VALID [2022-02-20 18:01:25,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:01:25,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,669 INFO L290 TraceCheckUtils]: 0: Hoare triple {3122#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,670 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1070#return; {3047#false} is VALID [2022-02-20 18:01:25,670 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:01:25,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~35; {3046#true} is VALID [2022-02-20 18:01:25,691 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {3046#true} is VALID [2022-02-20 18:01:25,691 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1072#return; {3047#false} is VALID [2022-02-20 18:01:25,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:01:25,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,696 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~32; {3046#true} is VALID [2022-02-20 18:01:25,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {3046#true} is VALID [2022-02-20 18:01:25,696 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,696 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1074#return; {3047#false} is VALID [2022-02-20 18:01:25,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:01:25,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,701 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3046#true} is VALID [2022-02-20 18:01:25,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3046#true} is VALID [2022-02-20 18:01:25,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,701 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1076#return; {3047#false} is VALID [2022-02-20 18:01:25,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:01:25,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~36; {3046#true} is VALID [2022-02-20 18:01:25,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {3046#true} is VALID [2022-02-20 18:01:25,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1078#return; {3047#false} is VALID [2022-02-20 18:01:25,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:01:25,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:25,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {3046#true} is VALID [2022-02-20 18:01:25,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {3046#true} is VALID [2022-02-20 18:01:25,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,711 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3046#true} {3047#false} #1080#return; {3047#false} is VALID [2022-02-20 18:01:25,711 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {3046#true} is VALID [2022-02-20 18:01:25,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {3046#true} is VALID [2022-02-20 18:01:25,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3046#true} is VALID [2022-02-20 18:01:25,712 INFO L290 TraceCheckUtils]: 3: Hoare triple {3046#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {3046#true} is VALID [2022-02-20 18:01:25,712 INFO L290 TraceCheckUtils]: 4: Hoare triple {3046#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {3046#true} is VALID [2022-02-20 18:01:25,712 INFO L290 TraceCheckUtils]: 5: Hoare triple {3046#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3046#true} is VALID [2022-02-20 18:01:25,713 INFO L272 TraceCheckUtils]: 6: Hoare triple {3046#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:25,713 INFO L290 TraceCheckUtils]: 7: Hoare triple {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,713 INFO L290 TraceCheckUtils]: 8: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,714 INFO L290 TraceCheckUtils]: 9: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,714 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3046#true} {3046#true} #1144#return; {3046#true} is VALID [2022-02-20 18:01:25,714 INFO L290 TraceCheckUtils]: 11: Hoare triple {3046#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3046#true} is VALID [2022-02-20 18:01:25,715 INFO L272 TraceCheckUtils]: 12: Hoare triple {3046#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:25,715 INFO L290 TraceCheckUtils]: 13: Hoare triple {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,715 INFO L290 TraceCheckUtils]: 14: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,715 INFO L290 TraceCheckUtils]: 15: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,715 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3046#true} {3046#true} #1146#return; {3046#true} is VALID [2022-02-20 18:01:25,716 INFO L290 TraceCheckUtils]: 17: Hoare triple {3046#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3056#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:25,717 INFO L272 TraceCheckUtils]: 18: Hoare triple {3056#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:25,717 INFO L290 TraceCheckUtils]: 19: Hoare triple {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3120#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:25,718 INFO L290 TraceCheckUtils]: 20: Hoare triple {3120#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3121#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:25,718 INFO L290 TraceCheckUtils]: 21: Hoare triple {3121#(= |setClientId_#in~handle| 1)} assume true; {3121#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:25,719 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3121#(= |setClientId_#in~handle| 1)} {3056#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1148#return; {3047#false} is VALID [2022-02-20 18:01:25,719 INFO L290 TraceCheckUtils]: 23: Hoare triple {3047#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3047#false} is VALID [2022-02-20 18:01:25,719 INFO L272 TraceCheckUtils]: 24: Hoare triple {3047#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:25,719 INFO L290 TraceCheckUtils]: 25: Hoare triple {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,719 INFO L290 TraceCheckUtils]: 26: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,720 INFO L290 TraceCheckUtils]: 27: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,720 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3046#true} {3047#false} #1150#return; {3047#false} is VALID [2022-02-20 18:01:25,720 INFO L290 TraceCheckUtils]: 29: Hoare triple {3047#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3047#false} is VALID [2022-02-20 18:01:25,720 INFO L272 TraceCheckUtils]: 30: Hoare triple {3047#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:25,720 INFO L290 TraceCheckUtils]: 31: Hoare triple {3118#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,720 INFO L290 TraceCheckUtils]: 32: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,721 INFO L290 TraceCheckUtils]: 33: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,721 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3046#true} {3047#false} #1152#return; {3047#false} is VALID [2022-02-20 18:01:25,721 INFO L290 TraceCheckUtils]: 35: Hoare triple {3047#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3047#false} is VALID [2022-02-20 18:01:25,721 INFO L272 TraceCheckUtils]: 36: Hoare triple {3047#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:25,721 INFO L290 TraceCheckUtils]: 37: Hoare triple {3119#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,721 INFO L290 TraceCheckUtils]: 38: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,722 INFO L290 TraceCheckUtils]: 39: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,722 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3046#true} {3047#false} #1154#return; {3047#false} is VALID [2022-02-20 18:01:25,722 INFO L290 TraceCheckUtils]: 41: Hoare triple {3047#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {3047#false} is VALID [2022-02-20 18:01:25,722 INFO L290 TraceCheckUtils]: 42: Hoare triple {3047#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3047#false} is VALID [2022-02-20 18:01:25,722 INFO L290 TraceCheckUtils]: 43: Hoare triple {3047#false} assume !false; {3047#false} is VALID [2022-02-20 18:01:25,722 INFO L290 TraceCheckUtils]: 44: Hoare triple {3047#false} assume !(test_~splverifierCounter~0#1 < 4); {3047#false} is VALID [2022-02-20 18:01:25,723 INFO L290 TraceCheckUtils]: 45: Hoare triple {3047#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {3047#false} is VALID [2022-02-20 18:01:25,723 INFO L272 TraceCheckUtils]: 46: Hoare triple {3047#false} call sendEmail(~bob~0, ~rjh~0); {3047#false} is VALID [2022-02-20 18:01:25,723 INFO L290 TraceCheckUtils]: 47: Hoare triple {3047#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3047#false} is VALID [2022-02-20 18:01:25,723 INFO L272 TraceCheckUtils]: 48: Hoare triple {3047#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3122#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:25,723 INFO L290 TraceCheckUtils]: 49: Hoare triple {3122#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,723 INFO L290 TraceCheckUtils]: 50: Hoare triple {3046#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,724 INFO L290 TraceCheckUtils]: 51: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,724 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3046#true} {3047#false} #1130#return; {3047#false} is VALID [2022-02-20 18:01:25,724 INFO L272 TraceCheckUtils]: 53: Hoare triple {3047#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3123#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:25,724 INFO L290 TraceCheckUtils]: 54: Hoare triple {3123#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,724 INFO L290 TraceCheckUtils]: 55: Hoare triple {3046#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,724 INFO L290 TraceCheckUtils]: 56: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,725 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3046#true} {3047#false} #1132#return; {3047#false} is VALID [2022-02-20 18:01:25,725 INFO L290 TraceCheckUtils]: 58: Hoare triple {3047#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {3047#false} is VALID [2022-02-20 18:01:25,725 INFO L290 TraceCheckUtils]: 59: Hoare triple {3047#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {3047#false} is VALID [2022-02-20 18:01:25,725 INFO L272 TraceCheckUtils]: 60: Hoare triple {3047#false} call outgoing(~sender#1, ~email~0#1); {3047#false} is VALID [2022-02-20 18:01:25,725 INFO L290 TraceCheckUtils]: 61: Hoare triple {3047#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {3047#false} is VALID [2022-02-20 18:01:25,725 INFO L272 TraceCheckUtils]: 62: Hoare triple {3047#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {3046#true} is VALID [2022-02-20 18:01:25,726 INFO L290 TraceCheckUtils]: 63: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3046#true} is VALID [2022-02-20 18:01:25,726 INFO L290 TraceCheckUtils]: 64: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3046#true} is VALID [2022-02-20 18:01:25,726 INFO L290 TraceCheckUtils]: 65: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,726 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3046#true} {3047#false} #1060#return; {3047#false} is VALID [2022-02-20 18:01:25,726 INFO L290 TraceCheckUtils]: 67: Hoare triple {3047#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {3047#false} is VALID [2022-02-20 18:01:25,726 INFO L290 TraceCheckUtils]: 68: Hoare triple {3047#false} assume 0 == sign_~privkey~1#1; {3047#false} is VALID [2022-02-20 18:01:25,727 INFO L290 TraceCheckUtils]: 69: Hoare triple {3047#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {3047#false} is VALID [2022-02-20 18:01:25,727 INFO L272 TraceCheckUtils]: 70: Hoare triple {3047#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {3046#true} is VALID [2022-02-20 18:01:25,727 INFO L290 TraceCheckUtils]: 71: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~32; {3046#true} is VALID [2022-02-20 18:01:25,727 INFO L290 TraceCheckUtils]: 72: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {3046#true} is VALID [2022-02-20 18:01:25,727 INFO L290 TraceCheckUtils]: 73: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,727 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3046#true} {3047#false} #1062#return; {3047#false} is VALID [2022-02-20 18:01:25,728 INFO L290 TraceCheckUtils]: 75: Hoare triple {3047#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {3047#false} is VALID [2022-02-20 18:01:25,728 INFO L272 TraceCheckUtils]: 76: Hoare triple {3047#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {3046#true} is VALID [2022-02-20 18:01:25,728 INFO L290 TraceCheckUtils]: 77: Hoare triple {3046#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3046#true} is VALID [2022-02-20 18:01:25,728 INFO L290 TraceCheckUtils]: 78: Hoare triple {3046#true} assume 1 == ~handle; {3046#true} is VALID [2022-02-20 18:01:25,728 INFO L290 TraceCheckUtils]: 79: Hoare triple {3046#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3046#true} is VALID [2022-02-20 18:01:25,728 INFO L290 TraceCheckUtils]: 80: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,729 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {3046#true} {3047#false} #1064#return; {3047#false} is VALID [2022-02-20 18:01:25,729 INFO L290 TraceCheckUtils]: 82: Hoare triple {3047#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {3047#false} is VALID [2022-02-20 18:01:25,729 INFO L290 TraceCheckUtils]: 83: Hoare triple {3047#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {3047#false} is VALID [2022-02-20 18:01:25,729 INFO L290 TraceCheckUtils]: 84: Hoare triple {3047#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {3047#false} is VALID [2022-02-20 18:01:25,729 INFO L290 TraceCheckUtils]: 85: Hoare triple {3047#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {3047#false} is VALID [2022-02-20 18:01:25,729 INFO L290 TraceCheckUtils]: 86: Hoare triple {3047#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {3047#false} is VALID [2022-02-20 18:01:25,730 INFO L272 TraceCheckUtils]: 87: Hoare triple {3047#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {3122#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:25,730 INFO L290 TraceCheckUtils]: 88: Hoare triple {3122#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:25,730 INFO L290 TraceCheckUtils]: 89: Hoare triple {3046#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:25,730 INFO L290 TraceCheckUtils]: 90: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,730 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {3046#true} {3047#false} #1070#return; {3047#false} is VALID [2022-02-20 18:01:25,730 INFO L290 TraceCheckUtils]: 92: Hoare triple {3047#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {3047#false} is VALID [2022-02-20 18:01:25,731 INFO L272 TraceCheckUtils]: 93: Hoare triple {3047#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {3046#true} is VALID [2022-02-20 18:01:25,731 INFO L290 TraceCheckUtils]: 94: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~35; {3046#true} is VALID [2022-02-20 18:01:25,731 INFO L290 TraceCheckUtils]: 95: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {3046#true} is VALID [2022-02-20 18:01:25,731 INFO L290 TraceCheckUtils]: 96: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,731 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {3046#true} {3047#false} #1072#return; {3047#false} is VALID [2022-02-20 18:01:25,731 INFO L290 TraceCheckUtils]: 98: Hoare triple {3047#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {3047#false} is VALID [2022-02-20 18:01:25,732 INFO L290 TraceCheckUtils]: 99: Hoare triple {3047#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {3047#false} is VALID [2022-02-20 18:01:25,732 INFO L272 TraceCheckUtils]: 100: Hoare triple {3047#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {3046#true} is VALID [2022-02-20 18:01:25,732 INFO L290 TraceCheckUtils]: 101: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~32; {3046#true} is VALID [2022-02-20 18:01:25,732 INFO L290 TraceCheckUtils]: 102: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {3046#true} is VALID [2022-02-20 18:01:25,732 INFO L290 TraceCheckUtils]: 103: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,732 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {3046#true} {3047#false} #1074#return; {3047#false} is VALID [2022-02-20 18:01:25,732 INFO L290 TraceCheckUtils]: 105: Hoare triple {3047#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {3047#false} is VALID [2022-02-20 18:01:25,733 INFO L290 TraceCheckUtils]: 106: Hoare triple {3047#false} assume 1 == ~sent_encrypted~0; {3047#false} is VALID [2022-02-20 18:01:25,733 INFO L272 TraceCheckUtils]: 107: Hoare triple {3047#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {3046#true} is VALID [2022-02-20 18:01:25,733 INFO L290 TraceCheckUtils]: 108: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3046#true} is VALID [2022-02-20 18:01:25,733 INFO L290 TraceCheckUtils]: 109: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3046#true} is VALID [2022-02-20 18:01:25,733 INFO L290 TraceCheckUtils]: 110: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,733 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {3046#true} {3047#false} #1076#return; {3047#false} is VALID [2022-02-20 18:01:25,734 INFO L290 TraceCheckUtils]: 112: Hoare triple {3047#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {3047#false} is VALID [2022-02-20 18:01:25,734 INFO L272 TraceCheckUtils]: 113: Hoare triple {3047#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {3046#true} is VALID [2022-02-20 18:01:25,734 INFO L290 TraceCheckUtils]: 114: Hoare triple {3046#true} ~handle := #in~handle;havoc ~retValue_acc~36; {3046#true} is VALID [2022-02-20 18:01:25,734 INFO L290 TraceCheckUtils]: 115: Hoare triple {3046#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {3046#true} is VALID [2022-02-20 18:01:25,734 INFO L290 TraceCheckUtils]: 116: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,734 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {3046#true} {3047#false} #1078#return; {3047#false} is VALID [2022-02-20 18:01:25,735 INFO L290 TraceCheckUtils]: 118: Hoare triple {3047#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {3047#false} is VALID [2022-02-20 18:01:25,735 INFO L272 TraceCheckUtils]: 119: Hoare triple {3047#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {3046#true} is VALID [2022-02-20 18:01:25,735 INFO L290 TraceCheckUtils]: 120: Hoare triple {3046#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {3046#true} is VALID [2022-02-20 18:01:25,735 INFO L290 TraceCheckUtils]: 121: Hoare triple {3046#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {3046#true} is VALID [2022-02-20 18:01:25,735 INFO L290 TraceCheckUtils]: 122: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:25,735 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {3046#true} {3047#false} #1080#return; {3047#false} is VALID [2022-02-20 18:01:25,735 INFO L290 TraceCheckUtils]: 124: Hoare triple {3047#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {3047#false} is VALID [2022-02-20 18:01:25,736 INFO L290 TraceCheckUtils]: 125: Hoare triple {3047#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {3047#false} is VALID [2022-02-20 18:01:25,736 INFO L290 TraceCheckUtils]: 126: Hoare triple {3047#false} assume !false; {3047#false} is VALID [2022-02-20 18:01:25,736 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:01:25,737 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:25,737 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [419203410] [2022-02-20 18:01:25,737 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [419203410] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:25,737 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1675815160] [2022-02-20 18:01:25,737 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:25,738 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:25,738 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:25,739 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:25,750 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:01:26,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,042 INFO L263 TraceCheckSpWp]: Trace formula consists of 1180 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:01:26,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:26,109 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:26,396 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {3046#true} is VALID [2022-02-20 18:01:26,397 INFO L290 TraceCheckUtils]: 1: Hoare triple {3046#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {3046#true} is VALID [2022-02-20 18:01:26,397 INFO L290 TraceCheckUtils]: 2: Hoare triple {3046#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3046#true} is VALID [2022-02-20 18:01:26,397 INFO L290 TraceCheckUtils]: 3: Hoare triple {3046#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {3046#true} is VALID [2022-02-20 18:01:26,397 INFO L290 TraceCheckUtils]: 4: Hoare triple {3046#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {3046#true} is VALID [2022-02-20 18:01:26,398 INFO L290 TraceCheckUtils]: 5: Hoare triple {3046#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3046#true} is VALID [2022-02-20 18:01:26,398 INFO L272 TraceCheckUtils]: 6: Hoare triple {3046#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3046#true} is VALID [2022-02-20 18:01:26,398 INFO L290 TraceCheckUtils]: 7: Hoare triple {3046#true} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:26,398 INFO L290 TraceCheckUtils]: 8: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:26,399 INFO L290 TraceCheckUtils]: 9: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:26,399 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3046#true} {3046#true} #1144#return; {3046#true} is VALID [2022-02-20 18:01:26,399 INFO L290 TraceCheckUtils]: 11: Hoare triple {3046#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3046#true} is VALID [2022-02-20 18:01:26,399 INFO L272 TraceCheckUtils]: 12: Hoare triple {3046#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3046#true} is VALID [2022-02-20 18:01:26,399 INFO L290 TraceCheckUtils]: 13: Hoare triple {3046#true} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:26,399 INFO L290 TraceCheckUtils]: 14: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:26,399 INFO L290 TraceCheckUtils]: 15: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:26,400 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3046#true} {3046#true} #1146#return; {3046#true} is VALID [2022-02-20 18:01:26,400 INFO L290 TraceCheckUtils]: 17: Hoare triple {3046#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3046#true} is VALID [2022-02-20 18:01:26,400 INFO L272 TraceCheckUtils]: 18: Hoare triple {3046#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3046#true} is VALID [2022-02-20 18:01:26,400 INFO L290 TraceCheckUtils]: 19: Hoare triple {3046#true} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:26,400 INFO L290 TraceCheckUtils]: 20: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:26,400 INFO L290 TraceCheckUtils]: 21: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:26,400 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3046#true} {3046#true} #1148#return; {3046#true} is VALID [2022-02-20 18:01:26,401 INFO L290 TraceCheckUtils]: 23: Hoare triple {3046#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3046#true} is VALID [2022-02-20 18:01:26,401 INFO L272 TraceCheckUtils]: 24: Hoare triple {3046#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3046#true} is VALID [2022-02-20 18:01:26,401 INFO L290 TraceCheckUtils]: 25: Hoare triple {3046#true} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:26,401 INFO L290 TraceCheckUtils]: 26: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:26,401 INFO L290 TraceCheckUtils]: 27: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:26,401 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3046#true} {3046#true} #1150#return; {3046#true} is VALID [2022-02-20 18:01:26,402 INFO L290 TraceCheckUtils]: 29: Hoare triple {3046#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3046#true} is VALID [2022-02-20 18:01:26,402 INFO L272 TraceCheckUtils]: 30: Hoare triple {3046#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3046#true} is VALID [2022-02-20 18:01:26,402 INFO L290 TraceCheckUtils]: 31: Hoare triple {3046#true} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:26,402 INFO L290 TraceCheckUtils]: 32: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:26,402 INFO L290 TraceCheckUtils]: 33: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:26,402 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3046#true} {3046#true} #1152#return; {3046#true} is VALID [2022-02-20 18:01:26,403 INFO L290 TraceCheckUtils]: 35: Hoare triple {3046#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3046#true} is VALID [2022-02-20 18:01:26,403 INFO L272 TraceCheckUtils]: 36: Hoare triple {3046#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3046#true} is VALID [2022-02-20 18:01:26,403 INFO L290 TraceCheckUtils]: 37: Hoare triple {3046#true} ~handle := #in~handle;~value := #in~value; {3046#true} is VALID [2022-02-20 18:01:26,403 INFO L290 TraceCheckUtils]: 38: Hoare triple {3046#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3046#true} is VALID [2022-02-20 18:01:26,403 INFO L290 TraceCheckUtils]: 39: Hoare triple {3046#true} assume true; {3046#true} is VALID [2022-02-20 18:01:26,403 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3046#true} {3046#true} #1154#return; {3046#true} is VALID [2022-02-20 18:01:26,404 INFO L290 TraceCheckUtils]: 41: Hoare triple {3046#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {3046#true} is VALID [2022-02-20 18:01:26,404 INFO L290 TraceCheckUtils]: 42: Hoare triple {3046#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3253#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:26,405 INFO L290 TraceCheckUtils]: 43: Hoare triple {3253#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3253#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:26,405 INFO L290 TraceCheckUtils]: 44: Hoare triple {3253#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {3047#false} is VALID [2022-02-20 18:01:26,405 INFO L290 TraceCheckUtils]: 45: Hoare triple {3047#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {3047#false} is VALID [2022-02-20 18:01:26,405 INFO L272 TraceCheckUtils]: 46: Hoare triple {3047#false} call sendEmail(~bob~0, ~rjh~0); {3047#false} is VALID [2022-02-20 18:01:26,406 INFO L290 TraceCheckUtils]: 47: Hoare triple {3047#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3047#false} is VALID [2022-02-20 18:01:26,406 INFO L272 TraceCheckUtils]: 48: Hoare triple {3047#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3047#false} is VALID [2022-02-20 18:01:26,406 INFO L290 TraceCheckUtils]: 49: Hoare triple {3047#false} ~handle := #in~handle;~value := #in~value; {3047#false} is VALID [2022-02-20 18:01:26,406 INFO L290 TraceCheckUtils]: 50: Hoare triple {3047#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3047#false} is VALID [2022-02-20 18:01:26,406 INFO L290 TraceCheckUtils]: 51: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,406 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3047#false} {3047#false} #1130#return; {3047#false} is VALID [2022-02-20 18:01:26,407 INFO L272 TraceCheckUtils]: 53: Hoare triple {3047#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3047#false} is VALID [2022-02-20 18:01:26,407 INFO L290 TraceCheckUtils]: 54: Hoare triple {3047#false} ~handle := #in~handle;~value := #in~value; {3047#false} is VALID [2022-02-20 18:01:26,407 INFO L290 TraceCheckUtils]: 55: Hoare triple {3047#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3047#false} is VALID [2022-02-20 18:01:26,407 INFO L290 TraceCheckUtils]: 56: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,407 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3047#false} {3047#false} #1132#return; {3047#false} is VALID [2022-02-20 18:01:26,407 INFO L290 TraceCheckUtils]: 58: Hoare triple {3047#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {3047#false} is VALID [2022-02-20 18:01:26,407 INFO L290 TraceCheckUtils]: 59: Hoare triple {3047#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {3047#false} is VALID [2022-02-20 18:01:26,408 INFO L272 TraceCheckUtils]: 60: Hoare triple {3047#false} call outgoing(~sender#1, ~email~0#1); {3047#false} is VALID [2022-02-20 18:01:26,408 INFO L290 TraceCheckUtils]: 61: Hoare triple {3047#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {3047#false} is VALID [2022-02-20 18:01:26,408 INFO L272 TraceCheckUtils]: 62: Hoare triple {3047#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {3047#false} is VALID [2022-02-20 18:01:26,408 INFO L290 TraceCheckUtils]: 63: Hoare triple {3047#false} ~handle := #in~handle;havoc ~retValue_acc~10; {3047#false} is VALID [2022-02-20 18:01:26,408 INFO L290 TraceCheckUtils]: 64: Hoare triple {3047#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3047#false} is VALID [2022-02-20 18:01:26,408 INFO L290 TraceCheckUtils]: 65: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,409 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3047#false} {3047#false} #1060#return; {3047#false} is VALID [2022-02-20 18:01:26,409 INFO L290 TraceCheckUtils]: 67: Hoare triple {3047#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {3047#false} is VALID [2022-02-20 18:01:26,409 INFO L290 TraceCheckUtils]: 68: Hoare triple {3047#false} assume 0 == sign_~privkey~1#1; {3047#false} is VALID [2022-02-20 18:01:26,409 INFO L290 TraceCheckUtils]: 69: Hoare triple {3047#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {3047#false} is VALID [2022-02-20 18:01:26,409 INFO L272 TraceCheckUtils]: 70: Hoare triple {3047#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {3047#false} is VALID [2022-02-20 18:01:26,409 INFO L290 TraceCheckUtils]: 71: Hoare triple {3047#false} ~handle := #in~handle;havoc ~retValue_acc~32; {3047#false} is VALID [2022-02-20 18:01:26,409 INFO L290 TraceCheckUtils]: 72: Hoare triple {3047#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {3047#false} is VALID [2022-02-20 18:01:26,410 INFO L290 TraceCheckUtils]: 73: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,410 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3047#false} {3047#false} #1062#return; {3047#false} is VALID [2022-02-20 18:01:26,421 INFO L290 TraceCheckUtils]: 75: Hoare triple {3047#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {3047#false} is VALID [2022-02-20 18:01:26,421 INFO L272 TraceCheckUtils]: 76: Hoare triple {3047#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {3047#false} is VALID [2022-02-20 18:01:26,422 INFO L290 TraceCheckUtils]: 77: Hoare triple {3047#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3047#false} is VALID [2022-02-20 18:01:26,422 INFO L290 TraceCheckUtils]: 78: Hoare triple {3047#false} assume 1 == ~handle; {3047#false} is VALID [2022-02-20 18:01:26,422 INFO L290 TraceCheckUtils]: 79: Hoare triple {3047#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3047#false} is VALID [2022-02-20 18:01:26,422 INFO L290 TraceCheckUtils]: 80: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,422 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {3047#false} {3047#false} #1064#return; {3047#false} is VALID [2022-02-20 18:01:26,422 INFO L290 TraceCheckUtils]: 82: Hoare triple {3047#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {3047#false} is VALID [2022-02-20 18:01:26,422 INFO L290 TraceCheckUtils]: 83: Hoare triple {3047#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {3047#false} is VALID [2022-02-20 18:01:26,423 INFO L290 TraceCheckUtils]: 84: Hoare triple {3047#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {3047#false} is VALID [2022-02-20 18:01:26,423 INFO L290 TraceCheckUtils]: 85: Hoare triple {3047#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {3047#false} is VALID [2022-02-20 18:01:26,423 INFO L290 TraceCheckUtils]: 86: Hoare triple {3047#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {3047#false} is VALID [2022-02-20 18:01:26,423 INFO L272 TraceCheckUtils]: 87: Hoare triple {3047#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {3047#false} is VALID [2022-02-20 18:01:26,423 INFO L290 TraceCheckUtils]: 88: Hoare triple {3047#false} ~handle := #in~handle;~value := #in~value; {3047#false} is VALID [2022-02-20 18:01:26,423 INFO L290 TraceCheckUtils]: 89: Hoare triple {3047#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3047#false} is VALID [2022-02-20 18:01:26,424 INFO L290 TraceCheckUtils]: 90: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,424 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {3047#false} {3047#false} #1070#return; {3047#false} is VALID [2022-02-20 18:01:26,424 INFO L290 TraceCheckUtils]: 92: Hoare triple {3047#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {3047#false} is VALID [2022-02-20 18:01:26,424 INFO L272 TraceCheckUtils]: 93: Hoare triple {3047#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {3047#false} is VALID [2022-02-20 18:01:26,424 INFO L290 TraceCheckUtils]: 94: Hoare triple {3047#false} ~handle := #in~handle;havoc ~retValue_acc~35; {3047#false} is VALID [2022-02-20 18:01:26,425 INFO L290 TraceCheckUtils]: 95: Hoare triple {3047#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {3047#false} is VALID [2022-02-20 18:01:26,425 INFO L290 TraceCheckUtils]: 96: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,425 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {3047#false} {3047#false} #1072#return; {3047#false} is VALID [2022-02-20 18:01:26,425 INFO L290 TraceCheckUtils]: 98: Hoare triple {3047#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {3047#false} is VALID [2022-02-20 18:01:26,425 INFO L290 TraceCheckUtils]: 99: Hoare triple {3047#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {3047#false} is VALID [2022-02-20 18:01:26,426 INFO L272 TraceCheckUtils]: 100: Hoare triple {3047#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {3047#false} is VALID [2022-02-20 18:01:26,426 INFO L290 TraceCheckUtils]: 101: Hoare triple {3047#false} ~handle := #in~handle;havoc ~retValue_acc~32; {3047#false} is VALID [2022-02-20 18:01:26,426 INFO L290 TraceCheckUtils]: 102: Hoare triple {3047#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {3047#false} is VALID [2022-02-20 18:01:26,426 INFO L290 TraceCheckUtils]: 103: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,426 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {3047#false} {3047#false} #1074#return; {3047#false} is VALID [2022-02-20 18:01:26,427 INFO L290 TraceCheckUtils]: 105: Hoare triple {3047#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {3047#false} is VALID [2022-02-20 18:01:26,427 INFO L290 TraceCheckUtils]: 106: Hoare triple {3047#false} assume 1 == ~sent_encrypted~0; {3047#false} is VALID [2022-02-20 18:01:26,427 INFO L272 TraceCheckUtils]: 107: Hoare triple {3047#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {3047#false} is VALID [2022-02-20 18:01:26,427 INFO L290 TraceCheckUtils]: 108: Hoare triple {3047#false} ~handle := #in~handle;havoc ~retValue_acc~10; {3047#false} is VALID [2022-02-20 18:01:26,427 INFO L290 TraceCheckUtils]: 109: Hoare triple {3047#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3047#false} is VALID [2022-02-20 18:01:26,427 INFO L290 TraceCheckUtils]: 110: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,428 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {3047#false} {3047#false} #1076#return; {3047#false} is VALID [2022-02-20 18:01:26,428 INFO L290 TraceCheckUtils]: 112: Hoare triple {3047#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {3047#false} is VALID [2022-02-20 18:01:26,428 INFO L272 TraceCheckUtils]: 113: Hoare triple {3047#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {3047#false} is VALID [2022-02-20 18:01:26,428 INFO L290 TraceCheckUtils]: 114: Hoare triple {3047#false} ~handle := #in~handle;havoc ~retValue_acc~36; {3047#false} is VALID [2022-02-20 18:01:26,428 INFO L290 TraceCheckUtils]: 115: Hoare triple {3047#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {3047#false} is VALID [2022-02-20 18:01:26,428 INFO L290 TraceCheckUtils]: 116: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,428 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {3047#false} {3047#false} #1078#return; {3047#false} is VALID [2022-02-20 18:01:26,429 INFO L290 TraceCheckUtils]: 118: Hoare triple {3047#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {3047#false} is VALID [2022-02-20 18:01:26,429 INFO L272 TraceCheckUtils]: 119: Hoare triple {3047#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {3047#false} is VALID [2022-02-20 18:01:26,429 INFO L290 TraceCheckUtils]: 120: Hoare triple {3047#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {3047#false} is VALID [2022-02-20 18:01:26,429 INFO L290 TraceCheckUtils]: 121: Hoare triple {3047#false} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {3047#false} is VALID [2022-02-20 18:01:26,429 INFO L290 TraceCheckUtils]: 122: Hoare triple {3047#false} assume true; {3047#false} is VALID [2022-02-20 18:01:26,429 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {3047#false} {3047#false} #1080#return; {3047#false} is VALID [2022-02-20 18:01:26,430 INFO L290 TraceCheckUtils]: 124: Hoare triple {3047#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {3047#false} is VALID [2022-02-20 18:01:26,430 INFO L290 TraceCheckUtils]: 125: Hoare triple {3047#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {3047#false} is VALID [2022-02-20 18:01:26,430 INFO L290 TraceCheckUtils]: 126: Hoare triple {3047#false} assume !false; {3047#false} is VALID [2022-02-20 18:01:26,431 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 18:01:26,431 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:26,431 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1675815160] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:26,431 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:26,431 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:01:26,432 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1545217296] [2022-02-20 18:01:26,432 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:26,438 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 127 [2022-02-20 18:01:26,439 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:26,439 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:26,539 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:26,539 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:01:26,539 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:26,539 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:01:26,539 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:26,540 INFO L87 Difference]: Start difference. First operand 386 states and 570 transitions. Second operand has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:27,123 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:27,124 INFO L93 Difference]: Finished difference Result 617 states and 891 transitions. [2022-02-20 18:01:27,124 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:01:27,124 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 127 [2022-02-20 18:01:27,125 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:27,125 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:27,138 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 891 transitions. [2022-02-20 18:01:27,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:27,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 891 transitions. [2022-02-20 18:01:27,155 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 891 transitions. [2022-02-20 18:01:27,790 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 891 edges. 891 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:27,805 INFO L225 Difference]: With dead ends: 617 [2022-02-20 18:01:27,805 INFO L226 Difference]: Without dead ends: 389 [2022-02-20 18:01:27,806 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 164 GetRequests, 156 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:27,807 INFO L933 BasicCegarLoop]: 568 mSDtfsCounter, 1 mSDsluCounter, 566 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1134 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:27,808 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1134 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:27,813 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 389 states. [2022-02-20 18:01:27,841 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 389 to 388. [2022-02-20 18:01:27,841 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:27,842 INFO L82 GeneralOperation]: Start isEquivalent. First operand 389 states. Second operand has 388 states, 298 states have (on average 1.4865771812080537) internal successors, (443), 301 states have internal predecessors, (443), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 18:01:27,844 INFO L74 IsIncluded]: Start isIncluded. First operand 389 states. Second operand has 388 states, 298 states have (on average 1.4865771812080537) internal successors, (443), 301 states have internal predecessors, (443), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 18:01:27,845 INFO L87 Difference]: Start difference. First operand 389 states. Second operand has 388 states, 298 states have (on average 1.4865771812080537) internal successors, (443), 301 states have internal predecessors, (443), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 18:01:27,876 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:27,876 INFO L93 Difference]: Finished difference Result 389 states and 573 transitions. [2022-02-20 18:01:27,877 INFO L276 IsEmpty]: Start isEmpty. Operand 389 states and 573 transitions. [2022-02-20 18:01:27,879 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:27,879 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:27,880 INFO L74 IsIncluded]: Start isIncluded. First operand has 388 states, 298 states have (on average 1.4865771812080537) internal successors, (443), 301 states have internal predecessors, (443), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) Second operand 389 states. [2022-02-20 18:01:27,881 INFO L87 Difference]: Start difference. First operand has 388 states, 298 states have (on average 1.4865771812080537) internal successors, (443), 301 states have internal predecessors, (443), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) Second operand 389 states. [2022-02-20 18:01:27,898 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:27,898 INFO L93 Difference]: Finished difference Result 389 states and 573 transitions. [2022-02-20 18:01:27,899 INFO L276 IsEmpty]: Start isEmpty. Operand 389 states and 573 transitions. [2022-02-20 18:01:27,901 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:27,901 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:27,901 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:27,901 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:27,902 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 388 states, 298 states have (on average 1.4865771812080537) internal successors, (443), 301 states have internal predecessors, (443), 65 states have call successors, (65), 24 states have call predecessors, (65), 24 states have return successors, (64), 64 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 18:01:27,931 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 388 states to 388 states and 572 transitions. [2022-02-20 18:01:27,932 INFO L78 Accepts]: Start accepts. Automaton has 388 states and 572 transitions. Word has length 127 [2022-02-20 18:01:27,932 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:27,932 INFO L470 AbstractCegarLoop]: Abstraction has 388 states and 572 transitions. [2022-02-20 18:01:27,933 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 23.333333333333332) internal successors, (70), 3 states have internal predecessors, (70), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:27,933 INFO L276 IsEmpty]: Start isEmpty. Operand 388 states and 572 transitions. [2022-02-20 18:01:27,935 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 137 [2022-02-20 18:01:27,935 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:27,935 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:27,959 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 18:01:28,155 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:01:28,156 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:28,156 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:28,156 INFO L85 PathProgramCache]: Analyzing trace with hash 1086346780, now seen corresponding path program 1 times [2022-02-20 18:01:28,156 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:28,157 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [588281519] [2022-02-20 18:01:28,157 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:28,157 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:28,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,250 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:28,252 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,256 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5693#true} #1144#return; {5693#true} is VALID [2022-02-20 18:01:28,262 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:28,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,272 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5693#true} #1146#return; {5693#true} is VALID [2022-02-20 18:01:28,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:28,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5767#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:28,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {5767#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5768#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:28,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {5768#(= |setClientId_#in~handle| 1)} assume true; {5768#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:28,296 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5768#(= |setClientId_#in~handle| 1)} {5703#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1148#return; {5694#false} is VALID [2022-02-20 18:01:28,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:28,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,302 INFO L290 TraceCheckUtils]: 0: Hoare triple {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,303 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,303 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,303 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1150#return; {5694#false} is VALID [2022-02-20 18:01:28,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:28,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,309 INFO L290 TraceCheckUtils]: 0: Hoare triple {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,309 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,309 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,309 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1152#return; {5694#false} is VALID [2022-02-20 18:01:28,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:28,316 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,322 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1154#return; {5694#false} is VALID [2022-02-20 18:01:28,330 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:01:28,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,339 INFO L290 TraceCheckUtils]: 0: Hoare triple {5769#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,339 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,340 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,340 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1130#return; {5694#false} is VALID [2022-02-20 18:01:28,348 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:01:28,350 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {5770#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,353 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,353 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1132#return; {5694#false} is VALID [2022-02-20 18:01:28,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:01:28,355 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,357 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~10; {5693#true} is VALID [2022-02-20 18:01:28,357 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {5693#true} is VALID [2022-02-20 18:01:28,358 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,358 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1060#return; {5694#false} is VALID [2022-02-20 18:01:28,358 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:01:28,360 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,362 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~32; {5693#true} is VALID [2022-02-20 18:01:28,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5693#true} is VALID [2022-02-20 18:01:28,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,363 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1062#return; {5694#false} is VALID [2022-02-20 18:01:28,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:01:28,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,367 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {5693#true} is VALID [2022-02-20 18:01:28,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle; {5693#true} is VALID [2022-02-20 18:01:28,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {5693#true} is VALID [2022-02-20 18:01:28,368 INFO L290 TraceCheckUtils]: 3: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,368 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5693#true} {5694#false} #1064#return; {5694#false} is VALID [2022-02-20 18:01:28,369 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:01:28,370 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,373 INFO L290 TraceCheckUtils]: 0: Hoare triple {5769#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,373 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,373 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,373 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1070#return; {5694#false} is VALID [2022-02-20 18:01:28,374 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:01:28,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5693#true} is VALID [2022-02-20 18:01:28,378 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {5693#true} is VALID [2022-02-20 18:01:28,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,379 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1072#return; {5694#false} is VALID [2022-02-20 18:01:28,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:01:28,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,383 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~32; {5693#true} is VALID [2022-02-20 18:01:28,383 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5693#true} is VALID [2022-02-20 18:01:28,383 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,383 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1074#return; {5694#false} is VALID [2022-02-20 18:01:28,384 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:01:28,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,387 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~10; {5693#true} is VALID [2022-02-20 18:01:28,387 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {5693#true} is VALID [2022-02-20 18:01:28,388 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,388 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1076#return; {5694#false} is VALID [2022-02-20 18:01:28,388 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:01:28,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5693#true} is VALID [2022-02-20 18:01:28,392 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {5693#true} is VALID [2022-02-20 18:01:28,392 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,392 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1078#return; {5694#false} is VALID [2022-02-20 18:01:28,392 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 18:01:28,394 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {5693#true} is VALID [2022-02-20 18:01:28,397 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {5693#true} is VALID [2022-02-20 18:01:28,397 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,397 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5693#true} {5694#false} #1080#return; {5694#false} is VALID [2022-02-20 18:01:28,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5693#true} is VALID [2022-02-20 18:01:28,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {5693#true} is VALID [2022-02-20 18:01:28,398 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5693#true} is VALID [2022-02-20 18:01:28,398 INFO L290 TraceCheckUtils]: 3: Hoare triple {5693#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {5693#true} is VALID [2022-02-20 18:01:28,398 INFO L290 TraceCheckUtils]: 4: Hoare triple {5693#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {5693#true} is VALID [2022-02-20 18:01:28,398 INFO L290 TraceCheckUtils]: 5: Hoare triple {5693#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5693#true} is VALID [2022-02-20 18:01:28,399 INFO L272 TraceCheckUtils]: 6: Hoare triple {5693#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:28,399 INFO L290 TraceCheckUtils]: 7: Hoare triple {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,400 INFO L290 TraceCheckUtils]: 8: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,400 INFO L290 TraceCheckUtils]: 9: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,400 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5693#true} {5693#true} #1144#return; {5693#true} is VALID [2022-02-20 18:01:28,400 INFO L290 TraceCheckUtils]: 11: Hoare triple {5693#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5693#true} is VALID [2022-02-20 18:01:28,401 INFO L272 TraceCheckUtils]: 12: Hoare triple {5693#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:28,401 INFO L290 TraceCheckUtils]: 13: Hoare triple {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,401 INFO L290 TraceCheckUtils]: 14: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,401 INFO L290 TraceCheckUtils]: 15: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,401 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5693#true} {5693#true} #1146#return; {5693#true} is VALID [2022-02-20 18:01:28,402 INFO L290 TraceCheckUtils]: 17: Hoare triple {5693#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5703#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:28,403 INFO L272 TraceCheckUtils]: 18: Hoare triple {5703#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:28,403 INFO L290 TraceCheckUtils]: 19: Hoare triple {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5767#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:28,404 INFO L290 TraceCheckUtils]: 20: Hoare triple {5767#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5768#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:28,404 INFO L290 TraceCheckUtils]: 21: Hoare triple {5768#(= |setClientId_#in~handle| 1)} assume true; {5768#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:28,404 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5768#(= |setClientId_#in~handle| 1)} {5703#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1148#return; {5694#false} is VALID [2022-02-20 18:01:28,405 INFO L290 TraceCheckUtils]: 23: Hoare triple {5694#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5694#false} is VALID [2022-02-20 18:01:28,405 INFO L272 TraceCheckUtils]: 24: Hoare triple {5694#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:28,405 INFO L290 TraceCheckUtils]: 25: Hoare triple {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,405 INFO L290 TraceCheckUtils]: 26: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,405 INFO L290 TraceCheckUtils]: 27: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,405 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5693#true} {5694#false} #1150#return; {5694#false} is VALID [2022-02-20 18:01:28,406 INFO L290 TraceCheckUtils]: 29: Hoare triple {5694#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5694#false} is VALID [2022-02-20 18:01:28,406 INFO L272 TraceCheckUtils]: 30: Hoare triple {5694#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:28,406 INFO L290 TraceCheckUtils]: 31: Hoare triple {5765#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,406 INFO L290 TraceCheckUtils]: 32: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,406 INFO L290 TraceCheckUtils]: 33: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,406 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5693#true} {5694#false} #1152#return; {5694#false} is VALID [2022-02-20 18:01:28,407 INFO L290 TraceCheckUtils]: 35: Hoare triple {5694#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5694#false} is VALID [2022-02-20 18:01:28,407 INFO L272 TraceCheckUtils]: 36: Hoare triple {5694#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:28,407 INFO L290 TraceCheckUtils]: 37: Hoare triple {5766#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,407 INFO L290 TraceCheckUtils]: 38: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,407 INFO L290 TraceCheckUtils]: 39: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,407 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5693#true} {5694#false} #1154#return; {5694#false} is VALID [2022-02-20 18:01:28,407 INFO L290 TraceCheckUtils]: 41: Hoare triple {5694#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {5694#false} is VALID [2022-02-20 18:01:28,408 INFO L290 TraceCheckUtils]: 42: Hoare triple {5694#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5694#false} is VALID [2022-02-20 18:01:28,408 INFO L290 TraceCheckUtils]: 43: Hoare triple {5694#false} assume !false; {5694#false} is VALID [2022-02-20 18:01:28,408 INFO L290 TraceCheckUtils]: 44: Hoare triple {5694#false} assume test_~splverifierCounter~0#1 < 4; {5694#false} is VALID [2022-02-20 18:01:28,408 INFO L290 TraceCheckUtils]: 45: Hoare triple {5694#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5694#false} is VALID [2022-02-20 18:01:28,408 INFO L290 TraceCheckUtils]: 46: Hoare triple {5694#false} assume !(0 == test_~op1~0#1); {5694#false} is VALID [2022-02-20 18:01:28,409 INFO L290 TraceCheckUtils]: 47: Hoare triple {5694#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {5694#false} is VALID [2022-02-20 18:01:28,409 INFO L290 TraceCheckUtils]: 48: Hoare triple {5694#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5694#false} is VALID [2022-02-20 18:01:28,409 INFO L290 TraceCheckUtils]: 49: Hoare triple {5694#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5694#false} is VALID [2022-02-20 18:01:28,409 INFO L290 TraceCheckUtils]: 50: Hoare triple {5694#false} assume { :end_inline_setClientAutoResponse } true; {5694#false} is VALID [2022-02-20 18:01:28,409 INFO L290 TraceCheckUtils]: 51: Hoare triple {5694#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5694#false} is VALID [2022-02-20 18:01:28,409 INFO L290 TraceCheckUtils]: 52: Hoare triple {5694#false} assume !false; {5694#false} is VALID [2022-02-20 18:01:28,410 INFO L290 TraceCheckUtils]: 53: Hoare triple {5694#false} assume !(test_~splverifierCounter~0#1 < 4); {5694#false} is VALID [2022-02-20 18:01:28,410 INFO L290 TraceCheckUtils]: 54: Hoare triple {5694#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {5694#false} is VALID [2022-02-20 18:01:28,410 INFO L272 TraceCheckUtils]: 55: Hoare triple {5694#false} call sendEmail(~bob~0, ~rjh~0); {5694#false} is VALID [2022-02-20 18:01:28,410 INFO L290 TraceCheckUtils]: 56: Hoare triple {5694#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5694#false} is VALID [2022-02-20 18:01:28,410 INFO L272 TraceCheckUtils]: 57: Hoare triple {5694#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5769#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:28,410 INFO L290 TraceCheckUtils]: 58: Hoare triple {5769#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,410 INFO L290 TraceCheckUtils]: 59: Hoare triple {5693#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,411 INFO L290 TraceCheckUtils]: 60: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,411 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5693#true} {5694#false} #1130#return; {5694#false} is VALID [2022-02-20 18:01:28,411 INFO L272 TraceCheckUtils]: 62: Hoare triple {5694#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5770#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:28,411 INFO L290 TraceCheckUtils]: 63: Hoare triple {5770#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,411 INFO L290 TraceCheckUtils]: 64: Hoare triple {5693#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,411 INFO L290 TraceCheckUtils]: 65: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,411 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5693#true} {5694#false} #1132#return; {5694#false} is VALID [2022-02-20 18:01:28,412 INFO L290 TraceCheckUtils]: 67: Hoare triple {5694#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {5694#false} is VALID [2022-02-20 18:01:28,412 INFO L290 TraceCheckUtils]: 68: Hoare triple {5694#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {5694#false} is VALID [2022-02-20 18:01:28,412 INFO L272 TraceCheckUtils]: 69: Hoare triple {5694#false} call outgoing(~sender#1, ~email~0#1); {5694#false} is VALID [2022-02-20 18:01:28,412 INFO L290 TraceCheckUtils]: 70: Hoare triple {5694#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {5694#false} is VALID [2022-02-20 18:01:28,412 INFO L272 TraceCheckUtils]: 71: Hoare triple {5694#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {5693#true} is VALID [2022-02-20 18:01:28,412 INFO L290 TraceCheckUtils]: 72: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~10; {5693#true} is VALID [2022-02-20 18:01:28,413 INFO L290 TraceCheckUtils]: 73: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {5693#true} is VALID [2022-02-20 18:01:28,413 INFO L290 TraceCheckUtils]: 74: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,413 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5693#true} {5694#false} #1060#return; {5694#false} is VALID [2022-02-20 18:01:28,413 INFO L290 TraceCheckUtils]: 76: Hoare triple {5694#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {5694#false} is VALID [2022-02-20 18:01:28,413 INFO L290 TraceCheckUtils]: 77: Hoare triple {5694#false} assume 0 == sign_~privkey~1#1; {5694#false} is VALID [2022-02-20 18:01:28,413 INFO L290 TraceCheckUtils]: 78: Hoare triple {5694#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {5694#false} is VALID [2022-02-20 18:01:28,413 INFO L272 TraceCheckUtils]: 79: Hoare triple {5694#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {5693#true} is VALID [2022-02-20 18:01:28,414 INFO L290 TraceCheckUtils]: 80: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~32; {5693#true} is VALID [2022-02-20 18:01:28,414 INFO L290 TraceCheckUtils]: 81: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5693#true} is VALID [2022-02-20 18:01:28,414 INFO L290 TraceCheckUtils]: 82: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,414 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5693#true} {5694#false} #1062#return; {5694#false} is VALID [2022-02-20 18:01:28,414 INFO L290 TraceCheckUtils]: 84: Hoare triple {5694#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {5694#false} is VALID [2022-02-20 18:01:28,414 INFO L272 TraceCheckUtils]: 85: Hoare triple {5694#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {5693#true} is VALID [2022-02-20 18:01:28,415 INFO L290 TraceCheckUtils]: 86: Hoare triple {5693#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {5693#true} is VALID [2022-02-20 18:01:28,415 INFO L290 TraceCheckUtils]: 87: Hoare triple {5693#true} assume 1 == ~handle; {5693#true} is VALID [2022-02-20 18:01:28,415 INFO L290 TraceCheckUtils]: 88: Hoare triple {5693#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {5693#true} is VALID [2022-02-20 18:01:28,415 INFO L290 TraceCheckUtils]: 89: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,415 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5693#true} {5694#false} #1064#return; {5694#false} is VALID [2022-02-20 18:01:28,415 INFO L290 TraceCheckUtils]: 91: Hoare triple {5694#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {5694#false} is VALID [2022-02-20 18:01:28,415 INFO L290 TraceCheckUtils]: 92: Hoare triple {5694#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {5694#false} is VALID [2022-02-20 18:01:28,416 INFO L290 TraceCheckUtils]: 93: Hoare triple {5694#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {5694#false} is VALID [2022-02-20 18:01:28,416 INFO L290 TraceCheckUtils]: 94: Hoare triple {5694#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {5694#false} is VALID [2022-02-20 18:01:28,416 INFO L290 TraceCheckUtils]: 95: Hoare triple {5694#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {5694#false} is VALID [2022-02-20 18:01:28,416 INFO L272 TraceCheckUtils]: 96: Hoare triple {5694#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {5769#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:28,416 INFO L290 TraceCheckUtils]: 97: Hoare triple {5769#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:28,416 INFO L290 TraceCheckUtils]: 98: Hoare triple {5693#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:28,417 INFO L290 TraceCheckUtils]: 99: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,417 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {5693#true} {5694#false} #1070#return; {5694#false} is VALID [2022-02-20 18:01:28,417 INFO L290 TraceCheckUtils]: 101: Hoare triple {5694#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {5694#false} is VALID [2022-02-20 18:01:28,417 INFO L272 TraceCheckUtils]: 102: Hoare triple {5694#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {5693#true} is VALID [2022-02-20 18:01:28,417 INFO L290 TraceCheckUtils]: 103: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5693#true} is VALID [2022-02-20 18:01:28,417 INFO L290 TraceCheckUtils]: 104: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {5693#true} is VALID [2022-02-20 18:01:28,417 INFO L290 TraceCheckUtils]: 105: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,418 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {5693#true} {5694#false} #1072#return; {5694#false} is VALID [2022-02-20 18:01:28,418 INFO L290 TraceCheckUtils]: 107: Hoare triple {5694#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {5694#false} is VALID [2022-02-20 18:01:28,418 INFO L290 TraceCheckUtils]: 108: Hoare triple {5694#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {5694#false} is VALID [2022-02-20 18:01:28,418 INFO L272 TraceCheckUtils]: 109: Hoare triple {5694#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {5693#true} is VALID [2022-02-20 18:01:28,418 INFO L290 TraceCheckUtils]: 110: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~32; {5693#true} is VALID [2022-02-20 18:01:28,418 INFO L290 TraceCheckUtils]: 111: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5693#true} is VALID [2022-02-20 18:01:28,419 INFO L290 TraceCheckUtils]: 112: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,419 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {5693#true} {5694#false} #1074#return; {5694#false} is VALID [2022-02-20 18:01:28,419 INFO L290 TraceCheckUtils]: 114: Hoare triple {5694#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {5694#false} is VALID [2022-02-20 18:01:28,419 INFO L290 TraceCheckUtils]: 115: Hoare triple {5694#false} assume 1 == ~sent_encrypted~0; {5694#false} is VALID [2022-02-20 18:01:28,419 INFO L272 TraceCheckUtils]: 116: Hoare triple {5694#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {5693#true} is VALID [2022-02-20 18:01:28,419 INFO L290 TraceCheckUtils]: 117: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~10; {5693#true} is VALID [2022-02-20 18:01:28,419 INFO L290 TraceCheckUtils]: 118: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {5693#true} is VALID [2022-02-20 18:01:28,420 INFO L290 TraceCheckUtils]: 119: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,420 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {5693#true} {5694#false} #1076#return; {5694#false} is VALID [2022-02-20 18:01:28,420 INFO L290 TraceCheckUtils]: 121: Hoare triple {5694#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {5694#false} is VALID [2022-02-20 18:01:28,420 INFO L272 TraceCheckUtils]: 122: Hoare triple {5694#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {5693#true} is VALID [2022-02-20 18:01:28,420 INFO L290 TraceCheckUtils]: 123: Hoare triple {5693#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5693#true} is VALID [2022-02-20 18:01:28,420 INFO L290 TraceCheckUtils]: 124: Hoare triple {5693#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {5693#true} is VALID [2022-02-20 18:01:28,421 INFO L290 TraceCheckUtils]: 125: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,421 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {5693#true} {5694#false} #1078#return; {5694#false} is VALID [2022-02-20 18:01:28,421 INFO L290 TraceCheckUtils]: 127: Hoare triple {5694#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {5694#false} is VALID [2022-02-20 18:01:28,421 INFO L272 TraceCheckUtils]: 128: Hoare triple {5694#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {5693#true} is VALID [2022-02-20 18:01:28,421 INFO L290 TraceCheckUtils]: 129: Hoare triple {5693#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {5693#true} is VALID [2022-02-20 18:01:28,421 INFO L290 TraceCheckUtils]: 130: Hoare triple {5693#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {5693#true} is VALID [2022-02-20 18:01:28,421 INFO L290 TraceCheckUtils]: 131: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:28,422 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {5693#true} {5694#false} #1080#return; {5694#false} is VALID [2022-02-20 18:01:28,422 INFO L290 TraceCheckUtils]: 133: Hoare triple {5694#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {5694#false} is VALID [2022-02-20 18:01:28,422 INFO L290 TraceCheckUtils]: 134: Hoare triple {5694#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {5694#false} is VALID [2022-02-20 18:01:28,422 INFO L290 TraceCheckUtils]: 135: Hoare triple {5694#false} assume !false; {5694#false} is VALID [2022-02-20 18:01:28,422 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:01:28,423 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:28,423 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [588281519] [2022-02-20 18:01:28,423 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [588281519] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:28,423 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [26295402] [2022-02-20 18:01:28,423 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:28,424 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:28,424 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:28,425 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:28,438 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:01:28,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,712 INFO L263 TraceCheckSpWp]: Trace formula consists of 1207 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:01:28,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:28,773 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:29,096 INFO L290 TraceCheckUtils]: 0: Hoare triple {5693#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5693#true} is VALID [2022-02-20 18:01:29,096 INFO L290 TraceCheckUtils]: 1: Hoare triple {5693#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {5693#true} is VALID [2022-02-20 18:01:29,096 INFO L290 TraceCheckUtils]: 2: Hoare triple {5693#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5693#true} is VALID [2022-02-20 18:01:29,096 INFO L290 TraceCheckUtils]: 3: Hoare triple {5693#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {5693#true} is VALID [2022-02-20 18:01:29,096 INFO L290 TraceCheckUtils]: 4: Hoare triple {5693#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {5693#true} is VALID [2022-02-20 18:01:29,096 INFO L290 TraceCheckUtils]: 5: Hoare triple {5693#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5693#true} is VALID [2022-02-20 18:01:29,096 INFO L272 TraceCheckUtils]: 6: Hoare triple {5693#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5693#true} is VALID [2022-02-20 18:01:29,096 INFO L290 TraceCheckUtils]: 7: Hoare triple {5693#true} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L290 TraceCheckUtils]: 8: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L290 TraceCheckUtils]: 9: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5693#true} {5693#true} #1144#return; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L290 TraceCheckUtils]: 11: Hoare triple {5693#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L272 TraceCheckUtils]: 12: Hoare triple {5693#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L290 TraceCheckUtils]: 13: Hoare triple {5693#true} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L290 TraceCheckUtils]: 14: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L290 TraceCheckUtils]: 15: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5693#true} {5693#true} #1146#return; {5693#true} is VALID [2022-02-20 18:01:29,097 INFO L290 TraceCheckUtils]: 17: Hoare triple {5693#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5693#true} is VALID [2022-02-20 18:01:29,098 INFO L272 TraceCheckUtils]: 18: Hoare triple {5693#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5693#true} is VALID [2022-02-20 18:01:29,098 INFO L290 TraceCheckUtils]: 19: Hoare triple {5693#true} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:29,098 INFO L290 TraceCheckUtils]: 20: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:29,098 INFO L290 TraceCheckUtils]: 21: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:29,098 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5693#true} {5693#true} #1148#return; {5693#true} is VALID [2022-02-20 18:01:29,098 INFO L290 TraceCheckUtils]: 23: Hoare triple {5693#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5693#true} is VALID [2022-02-20 18:01:29,098 INFO L272 TraceCheckUtils]: 24: Hoare triple {5693#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5693#true} is VALID [2022-02-20 18:01:29,098 INFO L290 TraceCheckUtils]: 25: Hoare triple {5693#true} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L290 TraceCheckUtils]: 26: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L290 TraceCheckUtils]: 27: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5693#true} {5693#true} #1150#return; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L290 TraceCheckUtils]: 29: Hoare triple {5693#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L272 TraceCheckUtils]: 30: Hoare triple {5693#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L290 TraceCheckUtils]: 31: Hoare triple {5693#true} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L290 TraceCheckUtils]: 32: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L290 TraceCheckUtils]: 33: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5693#true} {5693#true} #1152#return; {5693#true} is VALID [2022-02-20 18:01:29,099 INFO L290 TraceCheckUtils]: 35: Hoare triple {5693#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5693#true} is VALID [2022-02-20 18:01:29,100 INFO L272 TraceCheckUtils]: 36: Hoare triple {5693#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5693#true} is VALID [2022-02-20 18:01:29,100 INFO L290 TraceCheckUtils]: 37: Hoare triple {5693#true} ~handle := #in~handle;~value := #in~value; {5693#true} is VALID [2022-02-20 18:01:29,100 INFO L290 TraceCheckUtils]: 38: Hoare triple {5693#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5693#true} is VALID [2022-02-20 18:01:29,100 INFO L290 TraceCheckUtils]: 39: Hoare triple {5693#true} assume true; {5693#true} is VALID [2022-02-20 18:01:29,100 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5693#true} {5693#true} #1154#return; {5693#true} is VALID [2022-02-20 18:01:29,100 INFO L290 TraceCheckUtils]: 41: Hoare triple {5693#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {5693#true} is VALID [2022-02-20 18:01:29,101 INFO L290 TraceCheckUtils]: 42: Hoare triple {5693#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5900#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:29,101 INFO L290 TraceCheckUtils]: 43: Hoare triple {5900#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5900#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:29,101 INFO L290 TraceCheckUtils]: 44: Hoare triple {5900#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5900#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:29,102 INFO L290 TraceCheckUtils]: 45: Hoare triple {5900#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5900#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:29,102 INFO L290 TraceCheckUtils]: 46: Hoare triple {5900#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5694#false} is VALID [2022-02-20 18:01:29,102 INFO L290 TraceCheckUtils]: 47: Hoare triple {5694#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {5694#false} is VALID [2022-02-20 18:01:29,102 INFO L290 TraceCheckUtils]: 48: Hoare triple {5694#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5694#false} is VALID [2022-02-20 18:01:29,102 INFO L290 TraceCheckUtils]: 49: Hoare triple {5694#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5694#false} is VALID [2022-02-20 18:01:29,102 INFO L290 TraceCheckUtils]: 50: Hoare triple {5694#false} assume { :end_inline_setClientAutoResponse } true; {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L290 TraceCheckUtils]: 51: Hoare triple {5694#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L290 TraceCheckUtils]: 52: Hoare triple {5694#false} assume !false; {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L290 TraceCheckUtils]: 53: Hoare triple {5694#false} assume !(test_~splverifierCounter~0#1 < 4); {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L290 TraceCheckUtils]: 54: Hoare triple {5694#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L272 TraceCheckUtils]: 55: Hoare triple {5694#false} call sendEmail(~bob~0, ~rjh~0); {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L290 TraceCheckUtils]: 56: Hoare triple {5694#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L272 TraceCheckUtils]: 57: Hoare triple {5694#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L290 TraceCheckUtils]: 58: Hoare triple {5694#false} ~handle := #in~handle;~value := #in~value; {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L290 TraceCheckUtils]: 59: Hoare triple {5694#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5694#false} is VALID [2022-02-20 18:01:29,103 INFO L290 TraceCheckUtils]: 60: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5694#false} {5694#false} #1130#return; {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L272 TraceCheckUtils]: 62: Hoare triple {5694#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L290 TraceCheckUtils]: 63: Hoare triple {5694#false} ~handle := #in~handle;~value := #in~value; {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L290 TraceCheckUtils]: 64: Hoare triple {5694#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L290 TraceCheckUtils]: 65: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5694#false} {5694#false} #1132#return; {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L290 TraceCheckUtils]: 67: Hoare triple {5694#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L290 TraceCheckUtils]: 68: Hoare triple {5694#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {5694#false} is VALID [2022-02-20 18:01:29,104 INFO L272 TraceCheckUtils]: 69: Hoare triple {5694#false} call outgoing(~sender#1, ~email~0#1); {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L290 TraceCheckUtils]: 70: Hoare triple {5694#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L272 TraceCheckUtils]: 71: Hoare triple {5694#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L290 TraceCheckUtils]: 72: Hoare triple {5694#false} ~handle := #in~handle;havoc ~retValue_acc~10; {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L290 TraceCheckUtils]: 73: Hoare triple {5694#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L290 TraceCheckUtils]: 74: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5694#false} {5694#false} #1060#return; {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L290 TraceCheckUtils]: 76: Hoare triple {5694#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L290 TraceCheckUtils]: 77: Hoare triple {5694#false} assume 0 == sign_~privkey~1#1; {5694#false} is VALID [2022-02-20 18:01:29,105 INFO L290 TraceCheckUtils]: 78: Hoare triple {5694#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L272 TraceCheckUtils]: 79: Hoare triple {5694#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L290 TraceCheckUtils]: 80: Hoare triple {5694#false} ~handle := #in~handle;havoc ~retValue_acc~32; {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L290 TraceCheckUtils]: 81: Hoare triple {5694#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L290 TraceCheckUtils]: 82: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5694#false} {5694#false} #1062#return; {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L290 TraceCheckUtils]: 84: Hoare triple {5694#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L272 TraceCheckUtils]: 85: Hoare triple {5694#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L290 TraceCheckUtils]: 86: Hoare triple {5694#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {5694#false} is VALID [2022-02-20 18:01:29,106 INFO L290 TraceCheckUtils]: 87: Hoare triple {5694#false} assume 1 == ~handle; {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L290 TraceCheckUtils]: 88: Hoare triple {5694#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L290 TraceCheckUtils]: 89: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5694#false} {5694#false} #1064#return; {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L290 TraceCheckUtils]: 91: Hoare triple {5694#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L290 TraceCheckUtils]: 92: Hoare triple {5694#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L290 TraceCheckUtils]: 93: Hoare triple {5694#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L290 TraceCheckUtils]: 94: Hoare triple {5694#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L290 TraceCheckUtils]: 95: Hoare triple {5694#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L272 TraceCheckUtils]: 96: Hoare triple {5694#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {5694#false} is VALID [2022-02-20 18:01:29,107 INFO L290 TraceCheckUtils]: 97: Hoare triple {5694#false} ~handle := #in~handle;~value := #in~value; {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L290 TraceCheckUtils]: 98: Hoare triple {5694#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L290 TraceCheckUtils]: 99: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {5694#false} {5694#false} #1070#return; {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L290 TraceCheckUtils]: 101: Hoare triple {5694#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L272 TraceCheckUtils]: 102: Hoare triple {5694#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L290 TraceCheckUtils]: 103: Hoare triple {5694#false} ~handle := #in~handle;havoc ~retValue_acc~35; {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L290 TraceCheckUtils]: 104: Hoare triple {5694#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L290 TraceCheckUtils]: 105: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,108 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {5694#false} {5694#false} #1072#return; {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L290 TraceCheckUtils]: 107: Hoare triple {5694#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L290 TraceCheckUtils]: 108: Hoare triple {5694#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L272 TraceCheckUtils]: 109: Hoare triple {5694#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L290 TraceCheckUtils]: 110: Hoare triple {5694#false} ~handle := #in~handle;havoc ~retValue_acc~32; {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L290 TraceCheckUtils]: 111: Hoare triple {5694#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L290 TraceCheckUtils]: 112: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {5694#false} {5694#false} #1074#return; {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L290 TraceCheckUtils]: 114: Hoare triple {5694#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {5694#false} is VALID [2022-02-20 18:01:29,109 INFO L290 TraceCheckUtils]: 115: Hoare triple {5694#false} assume 1 == ~sent_encrypted~0; {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L272 TraceCheckUtils]: 116: Hoare triple {5694#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L290 TraceCheckUtils]: 117: Hoare triple {5694#false} ~handle := #in~handle;havoc ~retValue_acc~10; {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L290 TraceCheckUtils]: 118: Hoare triple {5694#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L290 TraceCheckUtils]: 119: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {5694#false} {5694#false} #1076#return; {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L290 TraceCheckUtils]: 121: Hoare triple {5694#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L272 TraceCheckUtils]: 122: Hoare triple {5694#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L290 TraceCheckUtils]: 123: Hoare triple {5694#false} ~handle := #in~handle;havoc ~retValue_acc~36; {5694#false} is VALID [2022-02-20 18:01:29,110 INFO L290 TraceCheckUtils]: 124: Hoare triple {5694#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {5694#false} is VALID [2022-02-20 18:01:29,111 INFO L290 TraceCheckUtils]: 125: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,111 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {5694#false} {5694#false} #1078#return; {5694#false} is VALID [2022-02-20 18:01:29,111 INFO L290 TraceCheckUtils]: 127: Hoare triple {5694#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {5694#false} is VALID [2022-02-20 18:01:29,111 INFO L272 TraceCheckUtils]: 128: Hoare triple {5694#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {5694#false} is VALID [2022-02-20 18:01:29,111 INFO L290 TraceCheckUtils]: 129: Hoare triple {5694#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {5694#false} is VALID [2022-02-20 18:01:29,111 INFO L290 TraceCheckUtils]: 130: Hoare triple {5694#false} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {5694#false} is VALID [2022-02-20 18:01:29,111 INFO L290 TraceCheckUtils]: 131: Hoare triple {5694#false} assume true; {5694#false} is VALID [2022-02-20 18:01:29,111 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {5694#false} {5694#false} #1080#return; {5694#false} is VALID [2022-02-20 18:01:29,112 INFO L290 TraceCheckUtils]: 133: Hoare triple {5694#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {5694#false} is VALID [2022-02-20 18:01:29,112 INFO L290 TraceCheckUtils]: 134: Hoare triple {5694#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {5694#false} is VALID [2022-02-20 18:01:29,112 INFO L290 TraceCheckUtils]: 135: Hoare triple {5694#false} assume !false; {5694#false} is VALID [2022-02-20 18:01:29,113 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 18:01:29,113 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:29,113 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [26295402] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:29,113 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:29,113 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:01:29,113 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1401492164] [2022-02-20 18:01:29,114 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:29,115 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.333333333333332) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 136 [2022-02-20 18:01:29,116 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:29,116 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 26.333333333333332) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:29,216 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:29,216 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:01:29,216 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:29,217 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:01:29,217 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:29,217 INFO L87 Difference]: Start difference. First operand 388 states and 572 transitions. Second operand has 3 states, 3 states have (on average 26.333333333333332) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:29,815 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:29,816 INFO L93 Difference]: Finished difference Result 811 states and 1211 transitions. [2022-02-20 18:01:29,816 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:01:29,816 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.333333333333332) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 136 [2022-02-20 18:01:29,817 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:29,817 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 26.333333333333332) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:29,832 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1209 transitions. [2022-02-20 18:01:29,832 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 26.333333333333332) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:29,859 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1209 transitions. [2022-02-20 18:01:29,859 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1209 transitions. [2022-02-20 18:01:30,674 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1209 edges. 1209 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:30,692 INFO L225 Difference]: With dead ends: 811 [2022-02-20 18:01:30,693 INFO L226 Difference]: Without dead ends: 450 [2022-02-20 18:01:30,694 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 173 GetRequests, 165 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:30,695 INFO L933 BasicCegarLoop]: 585 mSDtfsCounter, 115 mSDsluCounter, 521 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 130 SdHoareTripleChecker+Valid, 1106 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:30,696 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [130 Valid, 1106 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:30,697 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 450 states. [2022-02-20 18:01:30,710 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 450 to 442. [2022-02-20 18:01:30,710 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:30,712 INFO L82 GeneralOperation]: Start isEquivalent. First operand 450 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 344 states have internal predecessors, (513), 76 states have call successors, (76), 24 states have call predecessors, (76), 24 states have return successors, (75), 75 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:01:30,713 INFO L74 IsIncluded]: Start isIncluded. First operand 450 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 344 states have internal predecessors, (513), 76 states have call successors, (76), 24 states have call predecessors, (76), 24 states have return successors, (75), 75 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:01:30,714 INFO L87 Difference]: Start difference. First operand 450 states. Second operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 344 states have internal predecessors, (513), 76 states have call successors, (76), 24 states have call predecessors, (76), 24 states have return successors, (75), 75 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:01:30,733 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:30,733 INFO L93 Difference]: Finished difference Result 450 states and 673 transitions. [2022-02-20 18:01:30,733 INFO L276 IsEmpty]: Start isEmpty. Operand 450 states and 673 transitions. [2022-02-20 18:01:30,736 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:30,736 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:30,737 INFO L74 IsIncluded]: Start isIncluded. First operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 344 states have internal predecessors, (513), 76 states have call successors, (76), 24 states have call predecessors, (76), 24 states have return successors, (75), 75 states have call predecessors, (75), 75 states have call successors, (75) Second operand 450 states. [2022-02-20 18:01:30,738 INFO L87 Difference]: Start difference. First operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 344 states have internal predecessors, (513), 76 states have call successors, (76), 24 states have call predecessors, (76), 24 states have return successors, (75), 75 states have call predecessors, (75), 75 states have call successors, (75) Second operand 450 states. [2022-02-20 18:01:30,757 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:30,757 INFO L93 Difference]: Finished difference Result 450 states and 673 transitions. [2022-02-20 18:01:30,757 INFO L276 IsEmpty]: Start isEmpty. Operand 450 states and 673 transitions. [2022-02-20 18:01:30,759 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:30,760 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:30,760 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:30,760 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:30,776 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 442 states, 341 states have (on average 1.5043988269794721) internal successors, (513), 344 states have internal predecessors, (513), 76 states have call successors, (76), 24 states have call predecessors, (76), 24 states have return successors, (75), 75 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:01:30,799 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 442 states to 442 states and 664 transitions. [2022-02-20 18:01:30,800 INFO L78 Accepts]: Start accepts. Automaton has 442 states and 664 transitions. Word has length 136 [2022-02-20 18:01:30,800 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:30,800 INFO L470 AbstractCegarLoop]: Abstraction has 442 states and 664 transitions. [2022-02-20 18:01:30,801 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 26.333333333333332) internal successors, (79), 3 states have internal predecessors, (79), 2 states have call successors, (19), 2 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:01:30,801 INFO L276 IsEmpty]: Start isEmpty. Operand 442 states and 664 transitions. [2022-02-20 18:01:30,803 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 138 [2022-02-20 18:01:30,804 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:30,804 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:30,836 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:31,024 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:31,025 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:31,025 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:31,025 INFO L85 PathProgramCache]: Analyzing trace with hash 1017580011, now seen corresponding path program 1 times [2022-02-20 18:01:31,025 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:31,026 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1937217931] [2022-02-20 18:01:31,026 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:31,026 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:31,070 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:31,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,124 INFO L290 TraceCheckUtils]: 0: Hoare triple {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,125 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,125 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8853#true} #1144#return; {8853#true} is VALID [2022-02-20 18:01:31,131 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:31,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,136 INFO L290 TraceCheckUtils]: 0: Hoare triple {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,136 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,137 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8853#true} #1146#return; {8853#true} is VALID [2022-02-20 18:01:31,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:31,141 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8927#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:31,159 INFO L290 TraceCheckUtils]: 1: Hoare triple {8927#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8928#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:31,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {8928#(= |setClientId_#in~handle| 1)} assume true; {8928#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:31,160 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8928#(= |setClientId_#in~handle| 1)} {8863#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1148#return; {8854#false} is VALID [2022-02-20 18:01:31,160 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:31,163 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,165 INFO L290 TraceCheckUtils]: 0: Hoare triple {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,165 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,166 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,166 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1150#return; {8854#false} is VALID [2022-02-20 18:01:31,166 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:31,168 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,171 INFO L290 TraceCheckUtils]: 0: Hoare triple {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,171 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,171 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,171 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1152#return; {8854#false} is VALID [2022-02-20 18:01:31,172 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:31,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,176 INFO L290 TraceCheckUtils]: 0: Hoare triple {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,177 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,177 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,177 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1154#return; {8854#false} is VALID [2022-02-20 18:01:31,184 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:01:31,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,187 INFO L290 TraceCheckUtils]: 0: Hoare triple {8929#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,188 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1130#return; {8854#false} is VALID [2022-02-20 18:01:31,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:01:31,198 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,201 INFO L290 TraceCheckUtils]: 0: Hoare triple {8930#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,201 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,201 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,201 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1132#return; {8854#false} is VALID [2022-02-20 18:01:31,201 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:01:31,203 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~10; {8853#true} is VALID [2022-02-20 18:01:31,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {8853#true} is VALID [2022-02-20 18:01:31,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,206 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1060#return; {8854#false} is VALID [2022-02-20 18:01:31,206 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:01:31,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~32; {8853#true} is VALID [2022-02-20 18:01:31,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8853#true} is VALID [2022-02-20 18:01:31,209 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,210 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1062#return; {8854#false} is VALID [2022-02-20 18:01:31,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:01:31,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,213 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {8853#true} is VALID [2022-02-20 18:01:31,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle; {8853#true} is VALID [2022-02-20 18:01:31,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {8853#true} is VALID [2022-02-20 18:01:31,214 INFO L290 TraceCheckUtils]: 3: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,214 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8853#true} {8854#false} #1064#return; {8854#false} is VALID [2022-02-20 18:01:31,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:01:31,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,217 INFO L290 TraceCheckUtils]: 0: Hoare triple {8929#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,218 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,218 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,218 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1070#return; {8854#false} is VALID [2022-02-20 18:01:31,219 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:01:31,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8853#true} is VALID [2022-02-20 18:01:31,224 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {8853#true} is VALID [2022-02-20 18:01:31,224 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,224 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1072#return; {8854#false} is VALID [2022-02-20 18:01:31,224 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:01:31,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~32; {8853#true} is VALID [2022-02-20 18:01:31,229 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8853#true} is VALID [2022-02-20 18:01:31,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,230 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1074#return; {8854#false} is VALID [2022-02-20 18:01:31,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:01:31,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~10; {8853#true} is VALID [2022-02-20 18:01:31,234 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {8853#true} is VALID [2022-02-20 18:01:31,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,234 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1076#return; {8854#false} is VALID [2022-02-20 18:01:31,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:01:31,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,239 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8853#true} is VALID [2022-02-20 18:01:31,239 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {8853#true} is VALID [2022-02-20 18:01:31,239 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,239 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1078#return; {8854#false} is VALID [2022-02-20 18:01:31,240 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 18:01:31,242 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {8853#true} is VALID [2022-02-20 18:01:31,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {8853#true} is VALID [2022-02-20 18:01:31,251 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,251 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8853#true} {8854#false} #1080#return; {8854#false} is VALID [2022-02-20 18:01:31,251 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {8853#true} is VALID [2022-02-20 18:01:31,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {8853#true} is VALID [2022-02-20 18:01:31,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8853#true} is VALID [2022-02-20 18:01:31,252 INFO L290 TraceCheckUtils]: 3: Hoare triple {8853#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {8853#true} is VALID [2022-02-20 18:01:31,252 INFO L290 TraceCheckUtils]: 4: Hoare triple {8853#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {8853#true} is VALID [2022-02-20 18:01:31,252 INFO L290 TraceCheckUtils]: 5: Hoare triple {8853#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8853#true} is VALID [2022-02-20 18:01:31,253 INFO L272 TraceCheckUtils]: 6: Hoare triple {8853#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:31,253 INFO L290 TraceCheckUtils]: 7: Hoare triple {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,253 INFO L290 TraceCheckUtils]: 8: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,253 INFO L290 TraceCheckUtils]: 9: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,253 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8853#true} {8853#true} #1144#return; {8853#true} is VALID [2022-02-20 18:01:31,254 INFO L290 TraceCheckUtils]: 11: Hoare triple {8853#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8853#true} is VALID [2022-02-20 18:01:31,254 INFO L272 TraceCheckUtils]: 12: Hoare triple {8853#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:31,254 INFO L290 TraceCheckUtils]: 13: Hoare triple {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,255 INFO L290 TraceCheckUtils]: 14: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,255 INFO L290 TraceCheckUtils]: 15: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,255 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8853#true} {8853#true} #1146#return; {8853#true} is VALID [2022-02-20 18:01:31,255 INFO L290 TraceCheckUtils]: 17: Hoare triple {8853#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8863#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:31,256 INFO L272 TraceCheckUtils]: 18: Hoare triple {8863#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:31,256 INFO L290 TraceCheckUtils]: 19: Hoare triple {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8927#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:31,257 INFO L290 TraceCheckUtils]: 20: Hoare triple {8927#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8928#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:31,257 INFO L290 TraceCheckUtils]: 21: Hoare triple {8928#(= |setClientId_#in~handle| 1)} assume true; {8928#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:31,258 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8928#(= |setClientId_#in~handle| 1)} {8863#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1148#return; {8854#false} is VALID [2022-02-20 18:01:31,258 INFO L290 TraceCheckUtils]: 23: Hoare triple {8854#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8854#false} is VALID [2022-02-20 18:01:31,258 INFO L272 TraceCheckUtils]: 24: Hoare triple {8854#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:31,258 INFO L290 TraceCheckUtils]: 25: Hoare triple {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,258 INFO L290 TraceCheckUtils]: 26: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,258 INFO L290 TraceCheckUtils]: 27: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,259 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8853#true} {8854#false} #1150#return; {8854#false} is VALID [2022-02-20 18:01:31,259 INFO L290 TraceCheckUtils]: 29: Hoare triple {8854#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8854#false} is VALID [2022-02-20 18:01:31,259 INFO L272 TraceCheckUtils]: 30: Hoare triple {8854#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:31,259 INFO L290 TraceCheckUtils]: 31: Hoare triple {8925#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,259 INFO L290 TraceCheckUtils]: 32: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,259 INFO L290 TraceCheckUtils]: 33: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,260 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8853#true} {8854#false} #1152#return; {8854#false} is VALID [2022-02-20 18:01:31,260 INFO L290 TraceCheckUtils]: 35: Hoare triple {8854#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8854#false} is VALID [2022-02-20 18:01:31,260 INFO L272 TraceCheckUtils]: 36: Hoare triple {8854#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:31,260 INFO L290 TraceCheckUtils]: 37: Hoare triple {8926#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,260 INFO L290 TraceCheckUtils]: 38: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,260 INFO L290 TraceCheckUtils]: 39: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,260 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8853#true} {8854#false} #1154#return; {8854#false} is VALID [2022-02-20 18:01:31,261 INFO L290 TraceCheckUtils]: 41: Hoare triple {8854#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {8854#false} is VALID [2022-02-20 18:01:31,261 INFO L290 TraceCheckUtils]: 42: Hoare triple {8854#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8854#false} is VALID [2022-02-20 18:01:31,261 INFO L290 TraceCheckUtils]: 43: Hoare triple {8854#false} assume !false; {8854#false} is VALID [2022-02-20 18:01:31,261 INFO L290 TraceCheckUtils]: 44: Hoare triple {8854#false} assume test_~splverifierCounter~0#1 < 4; {8854#false} is VALID [2022-02-20 18:01:31,261 INFO L290 TraceCheckUtils]: 45: Hoare triple {8854#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8854#false} is VALID [2022-02-20 18:01:31,261 INFO L290 TraceCheckUtils]: 46: Hoare triple {8854#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {8854#false} is VALID [2022-02-20 18:01:31,262 INFO L290 TraceCheckUtils]: 47: Hoare triple {8854#false} assume !(0 != test_~tmp___9~0#1); {8854#false} is VALID [2022-02-20 18:01:31,262 INFO L290 TraceCheckUtils]: 48: Hoare triple {8854#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {8854#false} is VALID [2022-02-20 18:01:31,262 INFO L290 TraceCheckUtils]: 49: Hoare triple {8854#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8854#false} is VALID [2022-02-20 18:01:31,262 INFO L290 TraceCheckUtils]: 50: Hoare triple {8854#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8854#false} is VALID [2022-02-20 18:01:31,262 INFO L290 TraceCheckUtils]: 51: Hoare triple {8854#false} assume { :end_inline_setClientAutoResponse } true; {8854#false} is VALID [2022-02-20 18:01:31,262 INFO L290 TraceCheckUtils]: 52: Hoare triple {8854#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8854#false} is VALID [2022-02-20 18:01:31,263 INFO L290 TraceCheckUtils]: 53: Hoare triple {8854#false} assume !false; {8854#false} is VALID [2022-02-20 18:01:31,263 INFO L290 TraceCheckUtils]: 54: Hoare triple {8854#false} assume !(test_~splverifierCounter~0#1 < 4); {8854#false} is VALID [2022-02-20 18:01:31,263 INFO L290 TraceCheckUtils]: 55: Hoare triple {8854#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {8854#false} is VALID [2022-02-20 18:01:31,263 INFO L272 TraceCheckUtils]: 56: Hoare triple {8854#false} call sendEmail(~bob~0, ~rjh~0); {8854#false} is VALID [2022-02-20 18:01:31,263 INFO L290 TraceCheckUtils]: 57: Hoare triple {8854#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8854#false} is VALID [2022-02-20 18:01:31,263 INFO L272 TraceCheckUtils]: 58: Hoare triple {8854#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8929#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:31,263 INFO L290 TraceCheckUtils]: 59: Hoare triple {8929#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,264 INFO L290 TraceCheckUtils]: 60: Hoare triple {8853#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,264 INFO L290 TraceCheckUtils]: 61: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,264 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8853#true} {8854#false} #1130#return; {8854#false} is VALID [2022-02-20 18:01:31,264 INFO L272 TraceCheckUtils]: 63: Hoare triple {8854#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8930#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:31,264 INFO L290 TraceCheckUtils]: 64: Hoare triple {8930#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,264 INFO L290 TraceCheckUtils]: 65: Hoare triple {8853#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,264 INFO L290 TraceCheckUtils]: 66: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,265 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8853#true} {8854#false} #1132#return; {8854#false} is VALID [2022-02-20 18:01:31,265 INFO L290 TraceCheckUtils]: 68: Hoare triple {8854#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {8854#false} is VALID [2022-02-20 18:01:31,265 INFO L290 TraceCheckUtils]: 69: Hoare triple {8854#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {8854#false} is VALID [2022-02-20 18:01:31,265 INFO L272 TraceCheckUtils]: 70: Hoare triple {8854#false} call outgoing(~sender#1, ~email~0#1); {8854#false} is VALID [2022-02-20 18:01:31,265 INFO L290 TraceCheckUtils]: 71: Hoare triple {8854#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {8854#false} is VALID [2022-02-20 18:01:31,265 INFO L272 TraceCheckUtils]: 72: Hoare triple {8854#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {8853#true} is VALID [2022-02-20 18:01:31,265 INFO L290 TraceCheckUtils]: 73: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~10; {8853#true} is VALID [2022-02-20 18:01:31,266 INFO L290 TraceCheckUtils]: 74: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {8853#true} is VALID [2022-02-20 18:01:31,266 INFO L290 TraceCheckUtils]: 75: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,266 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8853#true} {8854#false} #1060#return; {8854#false} is VALID [2022-02-20 18:01:31,266 INFO L290 TraceCheckUtils]: 77: Hoare triple {8854#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {8854#false} is VALID [2022-02-20 18:01:31,266 INFO L290 TraceCheckUtils]: 78: Hoare triple {8854#false} assume 0 == sign_~privkey~1#1; {8854#false} is VALID [2022-02-20 18:01:31,266 INFO L290 TraceCheckUtils]: 79: Hoare triple {8854#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {8854#false} is VALID [2022-02-20 18:01:31,266 INFO L272 TraceCheckUtils]: 80: Hoare triple {8854#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {8853#true} is VALID [2022-02-20 18:01:31,267 INFO L290 TraceCheckUtils]: 81: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~32; {8853#true} is VALID [2022-02-20 18:01:31,267 INFO L290 TraceCheckUtils]: 82: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8853#true} is VALID [2022-02-20 18:01:31,267 INFO L290 TraceCheckUtils]: 83: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,267 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {8853#true} {8854#false} #1062#return; {8854#false} is VALID [2022-02-20 18:01:31,267 INFO L290 TraceCheckUtils]: 85: Hoare triple {8854#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {8854#false} is VALID [2022-02-20 18:01:31,267 INFO L272 TraceCheckUtils]: 86: Hoare triple {8854#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {8853#true} is VALID [2022-02-20 18:01:31,268 INFO L290 TraceCheckUtils]: 87: Hoare triple {8853#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {8853#true} is VALID [2022-02-20 18:01:31,268 INFO L290 TraceCheckUtils]: 88: Hoare triple {8853#true} assume 1 == ~handle; {8853#true} is VALID [2022-02-20 18:01:31,268 INFO L290 TraceCheckUtils]: 89: Hoare triple {8853#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {8853#true} is VALID [2022-02-20 18:01:31,268 INFO L290 TraceCheckUtils]: 90: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,268 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {8853#true} {8854#false} #1064#return; {8854#false} is VALID [2022-02-20 18:01:31,268 INFO L290 TraceCheckUtils]: 92: Hoare triple {8854#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {8854#false} is VALID [2022-02-20 18:01:31,269 INFO L290 TraceCheckUtils]: 93: Hoare triple {8854#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {8854#false} is VALID [2022-02-20 18:01:31,269 INFO L290 TraceCheckUtils]: 94: Hoare triple {8854#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {8854#false} is VALID [2022-02-20 18:01:31,269 INFO L290 TraceCheckUtils]: 95: Hoare triple {8854#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {8854#false} is VALID [2022-02-20 18:01:31,269 INFO L290 TraceCheckUtils]: 96: Hoare triple {8854#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {8854#false} is VALID [2022-02-20 18:01:31,269 INFO L272 TraceCheckUtils]: 97: Hoare triple {8854#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {8929#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:31,269 INFO L290 TraceCheckUtils]: 98: Hoare triple {8929#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:31,269 INFO L290 TraceCheckUtils]: 99: Hoare triple {8853#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:31,270 INFO L290 TraceCheckUtils]: 100: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,270 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {8853#true} {8854#false} #1070#return; {8854#false} is VALID [2022-02-20 18:01:31,270 INFO L290 TraceCheckUtils]: 102: Hoare triple {8854#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {8854#false} is VALID [2022-02-20 18:01:31,270 INFO L272 TraceCheckUtils]: 103: Hoare triple {8854#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {8853#true} is VALID [2022-02-20 18:01:31,270 INFO L290 TraceCheckUtils]: 104: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8853#true} is VALID [2022-02-20 18:01:31,270 INFO L290 TraceCheckUtils]: 105: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {8853#true} is VALID [2022-02-20 18:01:31,271 INFO L290 TraceCheckUtils]: 106: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,271 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {8853#true} {8854#false} #1072#return; {8854#false} is VALID [2022-02-20 18:01:31,271 INFO L290 TraceCheckUtils]: 108: Hoare triple {8854#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {8854#false} is VALID [2022-02-20 18:01:31,271 INFO L290 TraceCheckUtils]: 109: Hoare triple {8854#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {8854#false} is VALID [2022-02-20 18:01:31,271 INFO L272 TraceCheckUtils]: 110: Hoare triple {8854#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {8853#true} is VALID [2022-02-20 18:01:31,271 INFO L290 TraceCheckUtils]: 111: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~32; {8853#true} is VALID [2022-02-20 18:01:31,271 INFO L290 TraceCheckUtils]: 112: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8853#true} is VALID [2022-02-20 18:01:31,272 INFO L290 TraceCheckUtils]: 113: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,272 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {8853#true} {8854#false} #1074#return; {8854#false} is VALID [2022-02-20 18:01:31,272 INFO L290 TraceCheckUtils]: 115: Hoare triple {8854#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {8854#false} is VALID [2022-02-20 18:01:31,272 INFO L290 TraceCheckUtils]: 116: Hoare triple {8854#false} assume 1 == ~sent_encrypted~0; {8854#false} is VALID [2022-02-20 18:01:31,272 INFO L272 TraceCheckUtils]: 117: Hoare triple {8854#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {8853#true} is VALID [2022-02-20 18:01:31,272 INFO L290 TraceCheckUtils]: 118: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~10; {8853#true} is VALID [2022-02-20 18:01:31,272 INFO L290 TraceCheckUtils]: 119: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {8853#true} is VALID [2022-02-20 18:01:31,273 INFO L290 TraceCheckUtils]: 120: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,273 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {8853#true} {8854#false} #1076#return; {8854#false} is VALID [2022-02-20 18:01:31,273 INFO L290 TraceCheckUtils]: 122: Hoare triple {8854#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {8854#false} is VALID [2022-02-20 18:01:31,273 INFO L272 TraceCheckUtils]: 123: Hoare triple {8854#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {8853#true} is VALID [2022-02-20 18:01:31,273 INFO L290 TraceCheckUtils]: 124: Hoare triple {8853#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8853#true} is VALID [2022-02-20 18:01:31,273 INFO L290 TraceCheckUtils]: 125: Hoare triple {8853#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {8853#true} is VALID [2022-02-20 18:01:31,273 INFO L290 TraceCheckUtils]: 126: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,274 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {8853#true} {8854#false} #1078#return; {8854#false} is VALID [2022-02-20 18:01:31,274 INFO L290 TraceCheckUtils]: 128: Hoare triple {8854#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {8854#false} is VALID [2022-02-20 18:01:31,274 INFO L272 TraceCheckUtils]: 129: Hoare triple {8854#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {8853#true} is VALID [2022-02-20 18:01:31,274 INFO L290 TraceCheckUtils]: 130: Hoare triple {8853#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {8853#true} is VALID [2022-02-20 18:01:31,274 INFO L290 TraceCheckUtils]: 131: Hoare triple {8853#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {8853#true} is VALID [2022-02-20 18:01:31,274 INFO L290 TraceCheckUtils]: 132: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:31,275 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {8853#true} {8854#false} #1080#return; {8854#false} is VALID [2022-02-20 18:01:31,275 INFO L290 TraceCheckUtils]: 134: Hoare triple {8854#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {8854#false} is VALID [2022-02-20 18:01:31,275 INFO L290 TraceCheckUtils]: 135: Hoare triple {8854#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {8854#false} is VALID [2022-02-20 18:01:31,275 INFO L290 TraceCheckUtils]: 136: Hoare triple {8854#false} assume !false; {8854#false} is VALID [2022-02-20 18:01:31,275 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:01:31,276 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:31,279 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1937217931] [2022-02-20 18:01:31,279 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1937217931] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:31,279 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2008457964] [2022-02-20 18:01:31,280 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:31,280 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:31,280 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:31,281 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:31,309 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:01:31,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,557 INFO L263 TraceCheckSpWp]: Trace formula consists of 1214 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:01:31,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:31,612 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:32,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {8853#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {8853#true} is VALID [2022-02-20 18:01:32,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {8853#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {8853#true} is VALID [2022-02-20 18:01:32,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {8853#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8853#true} is VALID [2022-02-20 18:01:32,034 INFO L290 TraceCheckUtils]: 3: Hoare triple {8853#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {8853#true} is VALID [2022-02-20 18:01:32,034 INFO L290 TraceCheckUtils]: 4: Hoare triple {8853#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {8853#true} is VALID [2022-02-20 18:01:32,035 INFO L290 TraceCheckUtils]: 5: Hoare triple {8853#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8853#true} is VALID [2022-02-20 18:01:32,035 INFO L272 TraceCheckUtils]: 6: Hoare triple {8853#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8853#true} is VALID [2022-02-20 18:01:32,035 INFO L290 TraceCheckUtils]: 7: Hoare triple {8853#true} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:32,035 INFO L290 TraceCheckUtils]: 8: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:32,036 INFO L290 TraceCheckUtils]: 9: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:32,036 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8853#true} {8853#true} #1144#return; {8853#true} is VALID [2022-02-20 18:01:32,036 INFO L290 TraceCheckUtils]: 11: Hoare triple {8853#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8853#true} is VALID [2022-02-20 18:01:32,036 INFO L272 TraceCheckUtils]: 12: Hoare triple {8853#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8853#true} is VALID [2022-02-20 18:01:32,036 INFO L290 TraceCheckUtils]: 13: Hoare triple {8853#true} ~handle := #in~handle;~value := #in~value; {8853#true} is VALID [2022-02-20 18:01:32,037 INFO L290 TraceCheckUtils]: 14: Hoare triple {8853#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8853#true} is VALID [2022-02-20 18:01:32,037 INFO L290 TraceCheckUtils]: 15: Hoare triple {8853#true} assume true; {8853#true} is VALID [2022-02-20 18:01:32,037 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8853#true} {8853#true} #1146#return; {8853#true} is VALID [2022-02-20 18:01:32,039 INFO L290 TraceCheckUtils]: 17: Hoare triple {8853#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8985#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:01:32,040 INFO L272 TraceCheckUtils]: 18: Hoare triple {8985#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8853#true} is VALID [2022-02-20 18:01:32,043 INFO L290 TraceCheckUtils]: 19: Hoare triple {8853#true} ~handle := #in~handle;~value := #in~value; {8992#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:01:32,044 INFO L290 TraceCheckUtils]: 20: Hoare triple {8992#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8996#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:32,045 INFO L290 TraceCheckUtils]: 21: Hoare triple {8996#(<= |setClientId_#in~handle| 1)} assume true; {8996#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:32,046 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8996#(<= |setClientId_#in~handle| 1)} {8985#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1148#return; {8854#false} is VALID [2022-02-20 18:01:32,046 INFO L290 TraceCheckUtils]: 23: Hoare triple {8854#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8854#false} is VALID [2022-02-20 18:01:32,046 INFO L272 TraceCheckUtils]: 24: Hoare triple {8854#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8854#false} is VALID [2022-02-20 18:01:32,046 INFO L290 TraceCheckUtils]: 25: Hoare triple {8854#false} ~handle := #in~handle;~value := #in~value; {8854#false} is VALID [2022-02-20 18:01:32,046 INFO L290 TraceCheckUtils]: 26: Hoare triple {8854#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8854#false} is VALID [2022-02-20 18:01:32,047 INFO L290 TraceCheckUtils]: 27: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,047 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8854#false} {8854#false} #1150#return; {8854#false} is VALID [2022-02-20 18:01:32,047 INFO L290 TraceCheckUtils]: 29: Hoare triple {8854#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8854#false} is VALID [2022-02-20 18:01:32,047 INFO L272 TraceCheckUtils]: 30: Hoare triple {8854#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8854#false} is VALID [2022-02-20 18:01:32,047 INFO L290 TraceCheckUtils]: 31: Hoare triple {8854#false} ~handle := #in~handle;~value := #in~value; {8854#false} is VALID [2022-02-20 18:01:32,048 INFO L290 TraceCheckUtils]: 32: Hoare triple {8854#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8854#false} is VALID [2022-02-20 18:01:32,048 INFO L290 TraceCheckUtils]: 33: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,048 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8854#false} {8854#false} #1152#return; {8854#false} is VALID [2022-02-20 18:01:32,048 INFO L290 TraceCheckUtils]: 35: Hoare triple {8854#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8854#false} is VALID [2022-02-20 18:01:32,048 INFO L272 TraceCheckUtils]: 36: Hoare triple {8854#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8854#false} is VALID [2022-02-20 18:01:32,049 INFO L290 TraceCheckUtils]: 37: Hoare triple {8854#false} ~handle := #in~handle;~value := #in~value; {8854#false} is VALID [2022-02-20 18:01:32,052 INFO L290 TraceCheckUtils]: 38: Hoare triple {8854#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8854#false} is VALID [2022-02-20 18:01:32,052 INFO L290 TraceCheckUtils]: 39: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,052 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8854#false} {8854#false} #1154#return; {8854#false} is VALID [2022-02-20 18:01:32,052 INFO L290 TraceCheckUtils]: 41: Hoare triple {8854#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {8854#false} is VALID [2022-02-20 18:01:32,053 INFO L290 TraceCheckUtils]: 42: Hoare triple {8854#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8854#false} is VALID [2022-02-20 18:01:32,053 INFO L290 TraceCheckUtils]: 43: Hoare triple {8854#false} assume !false; {8854#false} is VALID [2022-02-20 18:01:32,053 INFO L290 TraceCheckUtils]: 44: Hoare triple {8854#false} assume test_~splverifierCounter~0#1 < 4; {8854#false} is VALID [2022-02-20 18:01:32,053 INFO L290 TraceCheckUtils]: 45: Hoare triple {8854#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8854#false} is VALID [2022-02-20 18:01:32,053 INFO L290 TraceCheckUtils]: 46: Hoare triple {8854#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {8854#false} is VALID [2022-02-20 18:01:32,054 INFO L290 TraceCheckUtils]: 47: Hoare triple {8854#false} assume !(0 != test_~tmp___9~0#1); {8854#false} is VALID [2022-02-20 18:01:32,054 INFO L290 TraceCheckUtils]: 48: Hoare triple {8854#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {8854#false} is VALID [2022-02-20 18:01:32,054 INFO L290 TraceCheckUtils]: 49: Hoare triple {8854#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8854#false} is VALID [2022-02-20 18:01:32,054 INFO L290 TraceCheckUtils]: 50: Hoare triple {8854#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8854#false} is VALID [2022-02-20 18:01:32,054 INFO L290 TraceCheckUtils]: 51: Hoare triple {8854#false} assume { :end_inline_setClientAutoResponse } true; {8854#false} is VALID [2022-02-20 18:01:32,055 INFO L290 TraceCheckUtils]: 52: Hoare triple {8854#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8854#false} is VALID [2022-02-20 18:01:32,055 INFO L290 TraceCheckUtils]: 53: Hoare triple {8854#false} assume !false; {8854#false} is VALID [2022-02-20 18:01:32,055 INFO L290 TraceCheckUtils]: 54: Hoare triple {8854#false} assume !(test_~splverifierCounter~0#1 < 4); {8854#false} is VALID [2022-02-20 18:01:32,055 INFO L290 TraceCheckUtils]: 55: Hoare triple {8854#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {8854#false} is VALID [2022-02-20 18:01:32,055 INFO L272 TraceCheckUtils]: 56: Hoare triple {8854#false} call sendEmail(~bob~0, ~rjh~0); {8854#false} is VALID [2022-02-20 18:01:32,055 INFO L290 TraceCheckUtils]: 57: Hoare triple {8854#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8854#false} is VALID [2022-02-20 18:01:32,056 INFO L272 TraceCheckUtils]: 58: Hoare triple {8854#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8854#false} is VALID [2022-02-20 18:01:32,056 INFO L290 TraceCheckUtils]: 59: Hoare triple {8854#false} ~handle := #in~handle;~value := #in~value; {8854#false} is VALID [2022-02-20 18:01:32,056 INFO L290 TraceCheckUtils]: 60: Hoare triple {8854#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8854#false} is VALID [2022-02-20 18:01:32,056 INFO L290 TraceCheckUtils]: 61: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,056 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8854#false} {8854#false} #1130#return; {8854#false} is VALID [2022-02-20 18:01:32,057 INFO L272 TraceCheckUtils]: 63: Hoare triple {8854#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8854#false} is VALID [2022-02-20 18:01:32,057 INFO L290 TraceCheckUtils]: 64: Hoare triple {8854#false} ~handle := #in~handle;~value := #in~value; {8854#false} is VALID [2022-02-20 18:01:32,057 INFO L290 TraceCheckUtils]: 65: Hoare triple {8854#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8854#false} is VALID [2022-02-20 18:01:32,057 INFO L290 TraceCheckUtils]: 66: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,057 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8854#false} {8854#false} #1132#return; {8854#false} is VALID [2022-02-20 18:01:32,057 INFO L290 TraceCheckUtils]: 68: Hoare triple {8854#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {8854#false} is VALID [2022-02-20 18:01:32,058 INFO L290 TraceCheckUtils]: 69: Hoare triple {8854#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {8854#false} is VALID [2022-02-20 18:01:32,058 INFO L272 TraceCheckUtils]: 70: Hoare triple {8854#false} call outgoing(~sender#1, ~email~0#1); {8854#false} is VALID [2022-02-20 18:01:32,058 INFO L290 TraceCheckUtils]: 71: Hoare triple {8854#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {8854#false} is VALID [2022-02-20 18:01:32,058 INFO L272 TraceCheckUtils]: 72: Hoare triple {8854#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {8854#false} is VALID [2022-02-20 18:01:32,058 INFO L290 TraceCheckUtils]: 73: Hoare triple {8854#false} ~handle := #in~handle;havoc ~retValue_acc~10; {8854#false} is VALID [2022-02-20 18:01:32,059 INFO L290 TraceCheckUtils]: 74: Hoare triple {8854#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {8854#false} is VALID [2022-02-20 18:01:32,059 INFO L290 TraceCheckUtils]: 75: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,060 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8854#false} {8854#false} #1060#return; {8854#false} is VALID [2022-02-20 18:01:32,060 INFO L290 TraceCheckUtils]: 77: Hoare triple {8854#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {8854#false} is VALID [2022-02-20 18:01:32,060 INFO L290 TraceCheckUtils]: 78: Hoare triple {8854#false} assume 0 == sign_~privkey~1#1; {8854#false} is VALID [2022-02-20 18:01:32,060 INFO L290 TraceCheckUtils]: 79: Hoare triple {8854#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {8854#false} is VALID [2022-02-20 18:01:32,060 INFO L272 TraceCheckUtils]: 80: Hoare triple {8854#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {8854#false} is VALID [2022-02-20 18:01:32,061 INFO L290 TraceCheckUtils]: 81: Hoare triple {8854#false} ~handle := #in~handle;havoc ~retValue_acc~32; {8854#false} is VALID [2022-02-20 18:01:32,061 INFO L290 TraceCheckUtils]: 82: Hoare triple {8854#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8854#false} is VALID [2022-02-20 18:01:32,061 INFO L290 TraceCheckUtils]: 83: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,061 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {8854#false} {8854#false} #1062#return; {8854#false} is VALID [2022-02-20 18:01:32,061 INFO L290 TraceCheckUtils]: 85: Hoare triple {8854#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {8854#false} is VALID [2022-02-20 18:01:32,062 INFO L272 TraceCheckUtils]: 86: Hoare triple {8854#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {8854#false} is VALID [2022-02-20 18:01:32,062 INFO L290 TraceCheckUtils]: 87: Hoare triple {8854#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {8854#false} is VALID [2022-02-20 18:01:32,062 INFO L290 TraceCheckUtils]: 88: Hoare triple {8854#false} assume 1 == ~handle; {8854#false} is VALID [2022-02-20 18:01:32,062 INFO L290 TraceCheckUtils]: 89: Hoare triple {8854#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {8854#false} is VALID [2022-02-20 18:01:32,062 INFO L290 TraceCheckUtils]: 90: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,062 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {8854#false} {8854#false} #1064#return; {8854#false} is VALID [2022-02-20 18:01:32,063 INFO L290 TraceCheckUtils]: 92: Hoare triple {8854#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {8854#false} is VALID [2022-02-20 18:01:32,063 INFO L290 TraceCheckUtils]: 93: Hoare triple {8854#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {8854#false} is VALID [2022-02-20 18:01:32,063 INFO L290 TraceCheckUtils]: 94: Hoare triple {8854#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {8854#false} is VALID [2022-02-20 18:01:32,063 INFO L290 TraceCheckUtils]: 95: Hoare triple {8854#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {8854#false} is VALID [2022-02-20 18:01:32,063 INFO L290 TraceCheckUtils]: 96: Hoare triple {8854#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {8854#false} is VALID [2022-02-20 18:01:32,064 INFO L272 TraceCheckUtils]: 97: Hoare triple {8854#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {8854#false} is VALID [2022-02-20 18:01:32,064 INFO L290 TraceCheckUtils]: 98: Hoare triple {8854#false} ~handle := #in~handle;~value := #in~value; {8854#false} is VALID [2022-02-20 18:01:32,064 INFO L290 TraceCheckUtils]: 99: Hoare triple {8854#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8854#false} is VALID [2022-02-20 18:01:32,064 INFO L290 TraceCheckUtils]: 100: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,064 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {8854#false} {8854#false} #1070#return; {8854#false} is VALID [2022-02-20 18:01:32,064 INFO L290 TraceCheckUtils]: 102: Hoare triple {8854#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {8854#false} is VALID [2022-02-20 18:01:32,065 INFO L272 TraceCheckUtils]: 103: Hoare triple {8854#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {8854#false} is VALID [2022-02-20 18:01:32,065 INFO L290 TraceCheckUtils]: 104: Hoare triple {8854#false} ~handle := #in~handle;havoc ~retValue_acc~35; {8854#false} is VALID [2022-02-20 18:01:32,065 INFO L290 TraceCheckUtils]: 105: Hoare triple {8854#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {8854#false} is VALID [2022-02-20 18:01:32,065 INFO L290 TraceCheckUtils]: 106: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,065 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {8854#false} {8854#false} #1072#return; {8854#false} is VALID [2022-02-20 18:01:32,066 INFO L290 TraceCheckUtils]: 108: Hoare triple {8854#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {8854#false} is VALID [2022-02-20 18:01:32,066 INFO L290 TraceCheckUtils]: 109: Hoare triple {8854#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {8854#false} is VALID [2022-02-20 18:01:32,066 INFO L272 TraceCheckUtils]: 110: Hoare triple {8854#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {8854#false} is VALID [2022-02-20 18:01:32,066 INFO L290 TraceCheckUtils]: 111: Hoare triple {8854#false} ~handle := #in~handle;havoc ~retValue_acc~32; {8854#false} is VALID [2022-02-20 18:01:32,066 INFO L290 TraceCheckUtils]: 112: Hoare triple {8854#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8854#false} is VALID [2022-02-20 18:01:32,066 INFO L290 TraceCheckUtils]: 113: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,067 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {8854#false} {8854#false} #1074#return; {8854#false} is VALID [2022-02-20 18:01:32,067 INFO L290 TraceCheckUtils]: 115: Hoare triple {8854#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {8854#false} is VALID [2022-02-20 18:01:32,067 INFO L290 TraceCheckUtils]: 116: Hoare triple {8854#false} assume 1 == ~sent_encrypted~0; {8854#false} is VALID [2022-02-20 18:01:32,067 INFO L272 TraceCheckUtils]: 117: Hoare triple {8854#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {8854#false} is VALID [2022-02-20 18:01:32,067 INFO L290 TraceCheckUtils]: 118: Hoare triple {8854#false} ~handle := #in~handle;havoc ~retValue_acc~10; {8854#false} is VALID [2022-02-20 18:01:32,068 INFO L290 TraceCheckUtils]: 119: Hoare triple {8854#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {8854#false} is VALID [2022-02-20 18:01:32,068 INFO L290 TraceCheckUtils]: 120: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,068 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {8854#false} {8854#false} #1076#return; {8854#false} is VALID [2022-02-20 18:01:32,068 INFO L290 TraceCheckUtils]: 122: Hoare triple {8854#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {8854#false} is VALID [2022-02-20 18:01:32,068 INFO L272 TraceCheckUtils]: 123: Hoare triple {8854#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {8854#false} is VALID [2022-02-20 18:01:32,069 INFO L290 TraceCheckUtils]: 124: Hoare triple {8854#false} ~handle := #in~handle;havoc ~retValue_acc~36; {8854#false} is VALID [2022-02-20 18:01:32,069 INFO L290 TraceCheckUtils]: 125: Hoare triple {8854#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {8854#false} is VALID [2022-02-20 18:01:32,069 INFO L290 TraceCheckUtils]: 126: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,069 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {8854#false} {8854#false} #1078#return; {8854#false} is VALID [2022-02-20 18:01:32,069 INFO L290 TraceCheckUtils]: 128: Hoare triple {8854#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {8854#false} is VALID [2022-02-20 18:01:32,069 INFO L272 TraceCheckUtils]: 129: Hoare triple {8854#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {8854#false} is VALID [2022-02-20 18:01:32,070 INFO L290 TraceCheckUtils]: 130: Hoare triple {8854#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {8854#false} is VALID [2022-02-20 18:01:32,070 INFO L290 TraceCheckUtils]: 131: Hoare triple {8854#false} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {8854#false} is VALID [2022-02-20 18:01:32,070 INFO L290 TraceCheckUtils]: 132: Hoare triple {8854#false} assume true; {8854#false} is VALID [2022-02-20 18:01:32,070 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {8854#false} {8854#false} #1080#return; {8854#false} is VALID [2022-02-20 18:01:32,070 INFO L290 TraceCheckUtils]: 134: Hoare triple {8854#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {8854#false} is VALID [2022-02-20 18:01:32,071 INFO L290 TraceCheckUtils]: 135: Hoare triple {8854#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {8854#false} is VALID [2022-02-20 18:01:32,071 INFO L290 TraceCheckUtils]: 136: Hoare triple {8854#false} assume !false; {8854#false} is VALID [2022-02-20 18:01:32,071 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 19 trivial. 0 not checked. [2022-02-20 18:01:32,071 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:32,072 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2008457964] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:32,072 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:32,072 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:01:32,072 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1021009486] [2022-02-20 18:01:32,073 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:32,074 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 22.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 137 [2022-02-20 18:01:32,075 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:32,075 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 22.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:32,183 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:32,184 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:01:32,184 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:32,185 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:01:32,185 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:01:32,186 INFO L87 Difference]: Start difference. First operand 442 states and 664 transitions. Second operand has 5 states, 4 states have (on average 22.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:33,387 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:33,388 INFO L93 Difference]: Finished difference Result 875 states and 1318 transitions. [2022-02-20 18:01:33,388 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:01:33,389 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 22.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 137 [2022-02-20 18:01:33,389 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:33,389 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 22.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:33,401 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1130 transitions. [2022-02-20 18:01:33,402 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 22.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:33,415 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1130 transitions. [2022-02-20 18:01:33,415 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1130 transitions. [2022-02-20 18:01:34,137 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1130 edges. 1130 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:34,154 INFO L225 Difference]: With dead ends: 875 [2022-02-20 18:01:34,154 INFO L226 Difference]: Without dead ends: 444 [2022-02-20 18:01:34,156 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 175 GetRequests, 164 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:01:34,157 INFO L933 BasicCegarLoop]: 561 mSDtfsCounter, 133 mSDsluCounter, 1531 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 153 SdHoareTripleChecker+Valid, 2092 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:34,157 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [153 Valid, 2092 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:34,158 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 444 states. [2022-02-20 18:01:34,221 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 444 to 444. [2022-02-20 18:01:34,222 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:34,223 INFO L82 GeneralOperation]: Start isEquivalent. First operand 444 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 346 states have internal predecessors, (514), 76 states have call successors, (76), 24 states have call predecessors, (76), 25 states have return successors, (77), 75 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:01:34,225 INFO L74 IsIncluded]: Start isIncluded. First operand 444 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 346 states have internal predecessors, (514), 76 states have call successors, (76), 24 states have call predecessors, (76), 25 states have return successors, (77), 75 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:01:34,226 INFO L87 Difference]: Start difference. First operand 444 states. Second operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 346 states have internal predecessors, (514), 76 states have call successors, (76), 24 states have call predecessors, (76), 25 states have return successors, (77), 75 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:01:34,243 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:34,243 INFO L93 Difference]: Finished difference Result 444 states and 667 transitions. [2022-02-20 18:01:34,244 INFO L276 IsEmpty]: Start isEmpty. Operand 444 states and 667 transitions. [2022-02-20 18:01:34,245 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:34,246 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:34,247 INFO L74 IsIncluded]: Start isIncluded. First operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 346 states have internal predecessors, (514), 76 states have call successors, (76), 24 states have call predecessors, (76), 25 states have return successors, (77), 75 states have call predecessors, (77), 75 states have call successors, (77) Second operand 444 states. [2022-02-20 18:01:34,248 INFO L87 Difference]: Start difference. First operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 346 states have internal predecessors, (514), 76 states have call successors, (76), 24 states have call predecessors, (76), 25 states have return successors, (77), 75 states have call predecessors, (77), 75 states have call successors, (77) Second operand 444 states. [2022-02-20 18:01:34,268 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:34,269 INFO L93 Difference]: Finished difference Result 444 states and 667 transitions. [2022-02-20 18:01:34,269 INFO L276 IsEmpty]: Start isEmpty. Operand 444 states and 667 transitions. [2022-02-20 18:01:34,271 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:34,271 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:34,271 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:34,271 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:34,273 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 444 states, 342 states have (on average 1.5029239766081872) internal successors, (514), 346 states have internal predecessors, (514), 76 states have call successors, (76), 24 states have call predecessors, (76), 25 states have return successors, (77), 75 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:01:34,295 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 444 states to 444 states and 667 transitions. [2022-02-20 18:01:34,295 INFO L78 Accepts]: Start accepts. Automaton has 444 states and 667 transitions. Word has length 137 [2022-02-20 18:01:34,295 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:34,296 INFO L470 AbstractCegarLoop]: Abstraction has 444 states and 667 transitions. [2022-02-20 18:01:34,296 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 22.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:34,296 INFO L276 IsEmpty]: Start isEmpty. Operand 444 states and 667 transitions. [2022-02-20 18:01:34,298 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 139 [2022-02-20 18:01:34,299 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:34,299 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:34,330 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:34,515 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:34,515 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:34,516 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:34,516 INFO L85 PathProgramCache]: Analyzing trace with hash -1744171678, now seen corresponding path program 1 times [2022-02-20 18:01:34,516 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:34,516 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1903668236] [2022-02-20 18:01:34,516 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:34,516 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:34,563 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:34,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,603 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,604 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12109#true} #1144#return; {12109#true} is VALID [2022-02-20 18:01:34,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:34,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,615 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12109#true} #1146#return; {12109#true} is VALID [2022-02-20 18:01:34,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:34,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,635 INFO L290 TraceCheckUtils]: 0: Hoare triple {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12185#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:34,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {12185#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12185#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:34,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {12185#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12186#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:34,637 INFO L290 TraceCheckUtils]: 3: Hoare triple {12186#(= 2 |setClientId_#in~handle|)} assume true; {12186#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:34,637 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12186#(= 2 |setClientId_#in~handle|)} {12119#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1148#return; {12125#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:34,638 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:34,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12187#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:34,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {12187#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12188#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:34,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {12188#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12188#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:34,661 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12188#(= |setClientPrivateKey_#in~handle| 1)} {12125#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1150#return; {12110#false} is VALID [2022-02-20 18:01:34,662 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:01:34,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,668 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,668 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,668 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1152#return; {12110#false} is VALID [2022-02-20 18:01:34,668 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:01:34,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1154#return; {12110#false} is VALID [2022-02-20 18:01:34,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:01:34,685 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {12189#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,688 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1130#return; {12110#false} is VALID [2022-02-20 18:01:34,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:01:34,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {12190#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,705 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1132#return; {12110#false} is VALID [2022-02-20 18:01:34,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:01:34,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,711 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~10; {12109#true} is VALID [2022-02-20 18:01:34,712 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {12109#true} is VALID [2022-02-20 18:01:34,712 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,712 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1060#return; {12110#false} is VALID [2022-02-20 18:01:34,712 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:01:34,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,715 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~32; {12109#true} is VALID [2022-02-20 18:01:34,716 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {12109#true} is VALID [2022-02-20 18:01:34,716 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,716 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1062#return; {12110#false} is VALID [2022-02-20 18:01:34,716 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:01:34,717 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,719 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {12109#true} is VALID [2022-02-20 18:01:34,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle; {12109#true} is VALID [2022-02-20 18:01:34,720 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {12109#true} is VALID [2022-02-20 18:01:34,720 INFO L290 TraceCheckUtils]: 3: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,720 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12109#true} {12110#false} #1064#return; {12110#false} is VALID [2022-02-20 18:01:34,720 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:01:34,721 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {12189#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,725 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,725 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1070#return; {12110#false} is VALID [2022-02-20 18:01:34,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:01:34,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~35; {12109#true} is VALID [2022-02-20 18:01:34,732 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {12109#true} is VALID [2022-02-20 18:01:34,732 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,732 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1072#return; {12110#false} is VALID [2022-02-20 18:01:34,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:01:34,733 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~32; {12109#true} is VALID [2022-02-20 18:01:34,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {12109#true} is VALID [2022-02-20 18:01:34,736 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,736 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1074#return; {12110#false} is VALID [2022-02-20 18:01:34,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:01:34,737 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,739 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~10; {12109#true} is VALID [2022-02-20 18:01:34,739 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {12109#true} is VALID [2022-02-20 18:01:34,739 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,740 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1076#return; {12110#false} is VALID [2022-02-20 18:01:34,740 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:01:34,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~36; {12109#true} is VALID [2022-02-20 18:01:34,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {12109#true} is VALID [2022-02-20 18:01:34,743 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,743 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1078#return; {12110#false} is VALID [2022-02-20 18:01:34,743 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 18:01:34,744 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:34,746 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {12109#true} is VALID [2022-02-20 18:01:34,746 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {12109#true} is VALID [2022-02-20 18:01:34,746 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,746 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12109#true} {12110#false} #1080#return; {12110#false} is VALID [2022-02-20 18:01:34,746 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {12109#true} is VALID [2022-02-20 18:01:34,747 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {12109#true} is VALID [2022-02-20 18:01:34,747 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12109#true} is VALID [2022-02-20 18:01:34,747 INFO L290 TraceCheckUtils]: 3: Hoare triple {12109#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {12109#true} is VALID [2022-02-20 18:01:34,747 INFO L290 TraceCheckUtils]: 4: Hoare triple {12109#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {12109#true} is VALID [2022-02-20 18:01:34,748 INFO L290 TraceCheckUtils]: 5: Hoare triple {12109#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12109#true} is VALID [2022-02-20 18:01:34,748 INFO L272 TraceCheckUtils]: 6: Hoare triple {12109#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:34,749 INFO L290 TraceCheckUtils]: 7: Hoare triple {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,749 INFO L290 TraceCheckUtils]: 8: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,749 INFO L290 TraceCheckUtils]: 9: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,749 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12109#true} {12109#true} #1144#return; {12109#true} is VALID [2022-02-20 18:01:34,749 INFO L290 TraceCheckUtils]: 11: Hoare triple {12109#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12109#true} is VALID [2022-02-20 18:01:34,750 INFO L272 TraceCheckUtils]: 12: Hoare triple {12109#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:34,750 INFO L290 TraceCheckUtils]: 13: Hoare triple {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,750 INFO L290 TraceCheckUtils]: 14: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,750 INFO L290 TraceCheckUtils]: 15: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,751 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12109#true} {12109#true} #1146#return; {12109#true} is VALID [2022-02-20 18:01:34,751 INFO L290 TraceCheckUtils]: 17: Hoare triple {12109#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12119#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:01:34,752 INFO L272 TraceCheckUtils]: 18: Hoare triple {12119#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:34,752 INFO L290 TraceCheckUtils]: 19: Hoare triple {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12185#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:34,752 INFO L290 TraceCheckUtils]: 20: Hoare triple {12185#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12185#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:34,753 INFO L290 TraceCheckUtils]: 21: Hoare triple {12185#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12186#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:34,753 INFO L290 TraceCheckUtils]: 22: Hoare triple {12186#(= 2 |setClientId_#in~handle|)} assume true; {12186#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:34,754 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12186#(= 2 |setClientId_#in~handle|)} {12119#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1148#return; {12125#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:34,754 INFO L290 TraceCheckUtils]: 24: Hoare triple {12125#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {12125#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:34,755 INFO L272 TraceCheckUtils]: 25: Hoare triple {12125#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:34,755 INFO L290 TraceCheckUtils]: 26: Hoare triple {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12187#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:34,756 INFO L290 TraceCheckUtils]: 27: Hoare triple {12187#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12188#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:34,756 INFO L290 TraceCheckUtils]: 28: Hoare triple {12188#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12188#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:34,757 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12188#(= |setClientPrivateKey_#in~handle| 1)} {12125#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1150#return; {12110#false} is VALID [2022-02-20 18:01:34,757 INFO L290 TraceCheckUtils]: 30: Hoare triple {12110#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12110#false} is VALID [2022-02-20 18:01:34,757 INFO L272 TraceCheckUtils]: 31: Hoare triple {12110#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:34,757 INFO L290 TraceCheckUtils]: 32: Hoare triple {12183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,757 INFO L290 TraceCheckUtils]: 33: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,757 INFO L290 TraceCheckUtils]: 34: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,757 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12109#true} {12110#false} #1152#return; {12110#false} is VALID [2022-02-20 18:01:34,758 INFO L290 TraceCheckUtils]: 36: Hoare triple {12110#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12110#false} is VALID [2022-02-20 18:01:34,758 INFO L272 TraceCheckUtils]: 37: Hoare triple {12110#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:34,758 INFO L290 TraceCheckUtils]: 38: Hoare triple {12184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,758 INFO L290 TraceCheckUtils]: 39: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,758 INFO L290 TraceCheckUtils]: 40: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,758 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12109#true} {12110#false} #1154#return; {12110#false} is VALID [2022-02-20 18:01:34,771 INFO L290 TraceCheckUtils]: 42: Hoare triple {12110#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {12110#false} is VALID [2022-02-20 18:01:34,771 INFO L290 TraceCheckUtils]: 43: Hoare triple {12110#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12110#false} is VALID [2022-02-20 18:01:34,771 INFO L290 TraceCheckUtils]: 44: Hoare triple {12110#false} assume !false; {12110#false} is VALID [2022-02-20 18:01:34,772 INFO L290 TraceCheckUtils]: 45: Hoare triple {12110#false} assume test_~splverifierCounter~0#1 < 4; {12110#false} is VALID [2022-02-20 18:01:34,772 INFO L290 TraceCheckUtils]: 46: Hoare triple {12110#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12110#false} is VALID [2022-02-20 18:01:34,772 INFO L290 TraceCheckUtils]: 47: Hoare triple {12110#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {12110#false} is VALID [2022-02-20 18:01:34,772 INFO L290 TraceCheckUtils]: 48: Hoare triple {12110#false} assume !(0 != test_~tmp___9~0#1); {12110#false} is VALID [2022-02-20 18:01:34,772 INFO L290 TraceCheckUtils]: 49: Hoare triple {12110#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {12110#false} is VALID [2022-02-20 18:01:34,772 INFO L290 TraceCheckUtils]: 50: Hoare triple {12110#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12110#false} is VALID [2022-02-20 18:01:34,772 INFO L290 TraceCheckUtils]: 51: Hoare triple {12110#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12110#false} is VALID [2022-02-20 18:01:34,773 INFO L290 TraceCheckUtils]: 52: Hoare triple {12110#false} assume { :end_inline_setClientAutoResponse } true; {12110#false} is VALID [2022-02-20 18:01:34,773 INFO L290 TraceCheckUtils]: 53: Hoare triple {12110#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12110#false} is VALID [2022-02-20 18:01:34,773 INFO L290 TraceCheckUtils]: 54: Hoare triple {12110#false} assume !false; {12110#false} is VALID [2022-02-20 18:01:34,773 INFO L290 TraceCheckUtils]: 55: Hoare triple {12110#false} assume !(test_~splverifierCounter~0#1 < 4); {12110#false} is VALID [2022-02-20 18:01:34,773 INFO L290 TraceCheckUtils]: 56: Hoare triple {12110#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {12110#false} is VALID [2022-02-20 18:01:34,773 INFO L272 TraceCheckUtils]: 57: Hoare triple {12110#false} call sendEmail(~bob~0, ~rjh~0); {12110#false} is VALID [2022-02-20 18:01:34,773 INFO L290 TraceCheckUtils]: 58: Hoare triple {12110#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12110#false} is VALID [2022-02-20 18:01:34,774 INFO L272 TraceCheckUtils]: 59: Hoare triple {12110#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12189#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:34,774 INFO L290 TraceCheckUtils]: 60: Hoare triple {12189#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,774 INFO L290 TraceCheckUtils]: 61: Hoare triple {12109#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,774 INFO L290 TraceCheckUtils]: 62: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,774 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12109#true} {12110#false} #1130#return; {12110#false} is VALID [2022-02-20 18:01:34,774 INFO L272 TraceCheckUtils]: 64: Hoare triple {12110#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12190#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:34,775 INFO L290 TraceCheckUtils]: 65: Hoare triple {12190#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,775 INFO L290 TraceCheckUtils]: 66: Hoare triple {12109#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,775 INFO L290 TraceCheckUtils]: 67: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,775 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {12109#true} {12110#false} #1132#return; {12110#false} is VALID [2022-02-20 18:01:34,775 INFO L290 TraceCheckUtils]: 69: Hoare triple {12110#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {12110#false} is VALID [2022-02-20 18:01:34,775 INFO L290 TraceCheckUtils]: 70: Hoare triple {12110#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {12110#false} is VALID [2022-02-20 18:01:34,775 INFO L272 TraceCheckUtils]: 71: Hoare triple {12110#false} call outgoing(~sender#1, ~email~0#1); {12110#false} is VALID [2022-02-20 18:01:34,776 INFO L290 TraceCheckUtils]: 72: Hoare triple {12110#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {12110#false} is VALID [2022-02-20 18:01:34,776 INFO L272 TraceCheckUtils]: 73: Hoare triple {12110#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {12109#true} is VALID [2022-02-20 18:01:34,776 INFO L290 TraceCheckUtils]: 74: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~10; {12109#true} is VALID [2022-02-20 18:01:34,776 INFO L290 TraceCheckUtils]: 75: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {12109#true} is VALID [2022-02-20 18:01:34,776 INFO L290 TraceCheckUtils]: 76: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,776 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {12109#true} {12110#false} #1060#return; {12110#false} is VALID [2022-02-20 18:01:34,776 INFO L290 TraceCheckUtils]: 78: Hoare triple {12110#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {12110#false} is VALID [2022-02-20 18:01:34,776 INFO L290 TraceCheckUtils]: 79: Hoare triple {12110#false} assume 0 == sign_~privkey~1#1; {12110#false} is VALID [2022-02-20 18:01:34,777 INFO L290 TraceCheckUtils]: 80: Hoare triple {12110#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {12110#false} is VALID [2022-02-20 18:01:34,777 INFO L272 TraceCheckUtils]: 81: Hoare triple {12110#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {12109#true} is VALID [2022-02-20 18:01:34,777 INFO L290 TraceCheckUtils]: 82: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~32; {12109#true} is VALID [2022-02-20 18:01:34,777 INFO L290 TraceCheckUtils]: 83: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {12109#true} is VALID [2022-02-20 18:01:34,777 INFO L290 TraceCheckUtils]: 84: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,777 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12109#true} {12110#false} #1062#return; {12110#false} is VALID [2022-02-20 18:01:34,777 INFO L290 TraceCheckUtils]: 86: Hoare triple {12110#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {12110#false} is VALID [2022-02-20 18:01:34,778 INFO L272 TraceCheckUtils]: 87: Hoare triple {12110#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {12109#true} is VALID [2022-02-20 18:01:34,778 INFO L290 TraceCheckUtils]: 88: Hoare triple {12109#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {12109#true} is VALID [2022-02-20 18:01:34,778 INFO L290 TraceCheckUtils]: 89: Hoare triple {12109#true} assume 1 == ~handle; {12109#true} is VALID [2022-02-20 18:01:34,778 INFO L290 TraceCheckUtils]: 90: Hoare triple {12109#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {12109#true} is VALID [2022-02-20 18:01:34,778 INFO L290 TraceCheckUtils]: 91: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,778 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {12109#true} {12110#false} #1064#return; {12110#false} is VALID [2022-02-20 18:01:34,779 INFO L290 TraceCheckUtils]: 93: Hoare triple {12110#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {12110#false} is VALID [2022-02-20 18:01:34,779 INFO L290 TraceCheckUtils]: 94: Hoare triple {12110#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {12110#false} is VALID [2022-02-20 18:01:34,779 INFO L290 TraceCheckUtils]: 95: Hoare triple {12110#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {12110#false} is VALID [2022-02-20 18:01:34,779 INFO L290 TraceCheckUtils]: 96: Hoare triple {12110#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {12110#false} is VALID [2022-02-20 18:01:34,779 INFO L290 TraceCheckUtils]: 97: Hoare triple {12110#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {12110#false} is VALID [2022-02-20 18:01:34,779 INFO L272 TraceCheckUtils]: 98: Hoare triple {12110#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {12189#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:34,779 INFO L290 TraceCheckUtils]: 99: Hoare triple {12189#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:34,780 INFO L290 TraceCheckUtils]: 100: Hoare triple {12109#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:34,780 INFO L290 TraceCheckUtils]: 101: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,780 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {12109#true} {12110#false} #1070#return; {12110#false} is VALID [2022-02-20 18:01:34,780 INFO L290 TraceCheckUtils]: 103: Hoare triple {12110#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {12110#false} is VALID [2022-02-20 18:01:34,780 INFO L272 TraceCheckUtils]: 104: Hoare triple {12110#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {12109#true} is VALID [2022-02-20 18:01:34,780 INFO L290 TraceCheckUtils]: 105: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~35; {12109#true} is VALID [2022-02-20 18:01:34,780 INFO L290 TraceCheckUtils]: 106: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {12109#true} is VALID [2022-02-20 18:01:34,781 INFO L290 TraceCheckUtils]: 107: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,781 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {12109#true} {12110#false} #1072#return; {12110#false} is VALID [2022-02-20 18:01:34,781 INFO L290 TraceCheckUtils]: 109: Hoare triple {12110#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {12110#false} is VALID [2022-02-20 18:01:34,781 INFO L290 TraceCheckUtils]: 110: Hoare triple {12110#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {12110#false} is VALID [2022-02-20 18:01:34,781 INFO L272 TraceCheckUtils]: 111: Hoare triple {12110#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {12109#true} is VALID [2022-02-20 18:01:34,781 INFO L290 TraceCheckUtils]: 112: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~32; {12109#true} is VALID [2022-02-20 18:01:34,781 INFO L290 TraceCheckUtils]: 113: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {12109#true} is VALID [2022-02-20 18:01:34,782 INFO L290 TraceCheckUtils]: 114: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,782 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {12109#true} {12110#false} #1074#return; {12110#false} is VALID [2022-02-20 18:01:34,782 INFO L290 TraceCheckUtils]: 116: Hoare triple {12110#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {12110#false} is VALID [2022-02-20 18:01:34,782 INFO L290 TraceCheckUtils]: 117: Hoare triple {12110#false} assume 1 == ~sent_encrypted~0; {12110#false} is VALID [2022-02-20 18:01:34,782 INFO L272 TraceCheckUtils]: 118: Hoare triple {12110#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {12109#true} is VALID [2022-02-20 18:01:34,782 INFO L290 TraceCheckUtils]: 119: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~10; {12109#true} is VALID [2022-02-20 18:01:34,782 INFO L290 TraceCheckUtils]: 120: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {12109#true} is VALID [2022-02-20 18:01:34,783 INFO L290 TraceCheckUtils]: 121: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,783 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {12109#true} {12110#false} #1076#return; {12110#false} is VALID [2022-02-20 18:01:34,783 INFO L290 TraceCheckUtils]: 123: Hoare triple {12110#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {12110#false} is VALID [2022-02-20 18:01:34,783 INFO L272 TraceCheckUtils]: 124: Hoare triple {12110#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {12109#true} is VALID [2022-02-20 18:01:34,783 INFO L290 TraceCheckUtils]: 125: Hoare triple {12109#true} ~handle := #in~handle;havoc ~retValue_acc~36; {12109#true} is VALID [2022-02-20 18:01:34,783 INFO L290 TraceCheckUtils]: 126: Hoare triple {12109#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {12109#true} is VALID [2022-02-20 18:01:34,783 INFO L290 TraceCheckUtils]: 127: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,784 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {12109#true} {12110#false} #1078#return; {12110#false} is VALID [2022-02-20 18:01:34,784 INFO L290 TraceCheckUtils]: 129: Hoare triple {12110#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {12110#false} is VALID [2022-02-20 18:01:34,784 INFO L272 TraceCheckUtils]: 130: Hoare triple {12110#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {12109#true} is VALID [2022-02-20 18:01:34,784 INFO L290 TraceCheckUtils]: 131: Hoare triple {12109#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {12109#true} is VALID [2022-02-20 18:01:34,784 INFO L290 TraceCheckUtils]: 132: Hoare triple {12109#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {12109#true} is VALID [2022-02-20 18:01:34,784 INFO L290 TraceCheckUtils]: 133: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:34,785 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {12109#true} {12110#false} #1080#return; {12110#false} is VALID [2022-02-20 18:01:34,785 INFO L290 TraceCheckUtils]: 135: Hoare triple {12110#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {12110#false} is VALID [2022-02-20 18:01:34,785 INFO L290 TraceCheckUtils]: 136: Hoare triple {12110#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {12110#false} is VALID [2022-02-20 18:01:34,785 INFO L290 TraceCheckUtils]: 137: Hoare triple {12110#false} assume !false; {12110#false} is VALID [2022-02-20 18:01:34,785 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:01:34,786 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:34,786 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1903668236] [2022-02-20 18:01:34,786 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1903668236] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:34,786 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1095596395] [2022-02-20 18:01:34,786 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:34,786 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:34,787 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:34,792 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:34,793 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:01:35,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:35,071 INFO L263 TraceCheckSpWp]: Trace formula consists of 1215 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:01:35,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:35,125 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:35,466 INFO L290 TraceCheckUtils]: 0: Hoare triple {12109#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {12109#true} is VALID [2022-02-20 18:01:35,466 INFO L290 TraceCheckUtils]: 1: Hoare triple {12109#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {12109#true} is VALID [2022-02-20 18:01:35,466 INFO L290 TraceCheckUtils]: 2: Hoare triple {12109#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12109#true} is VALID [2022-02-20 18:01:35,466 INFO L290 TraceCheckUtils]: 3: Hoare triple {12109#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {12109#true} is VALID [2022-02-20 18:01:35,467 INFO L290 TraceCheckUtils]: 4: Hoare triple {12109#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {12109#true} is VALID [2022-02-20 18:01:35,467 INFO L290 TraceCheckUtils]: 5: Hoare triple {12109#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12109#true} is VALID [2022-02-20 18:01:35,467 INFO L272 TraceCheckUtils]: 6: Hoare triple {12109#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12109#true} is VALID [2022-02-20 18:01:35,467 INFO L290 TraceCheckUtils]: 7: Hoare triple {12109#true} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:35,467 INFO L290 TraceCheckUtils]: 8: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:35,467 INFO L290 TraceCheckUtils]: 9: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:35,467 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12109#true} {12109#true} #1144#return; {12109#true} is VALID [2022-02-20 18:01:35,468 INFO L290 TraceCheckUtils]: 11: Hoare triple {12109#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12109#true} is VALID [2022-02-20 18:01:35,468 INFO L272 TraceCheckUtils]: 12: Hoare triple {12109#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12109#true} is VALID [2022-02-20 18:01:35,468 INFO L290 TraceCheckUtils]: 13: Hoare triple {12109#true} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:35,468 INFO L290 TraceCheckUtils]: 14: Hoare triple {12109#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:35,468 INFO L290 TraceCheckUtils]: 15: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:35,468 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12109#true} {12109#true} #1146#return; {12109#true} is VALID [2022-02-20 18:01:35,469 INFO L290 TraceCheckUtils]: 17: Hoare triple {12109#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12245#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:35,469 INFO L272 TraceCheckUtils]: 18: Hoare triple {12245#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12109#true} is VALID [2022-02-20 18:01:35,469 INFO L290 TraceCheckUtils]: 19: Hoare triple {12109#true} ~handle := #in~handle;~value := #in~value; {12109#true} is VALID [2022-02-20 18:01:35,469 INFO L290 TraceCheckUtils]: 20: Hoare triple {12109#true} assume !(1 == ~handle); {12109#true} is VALID [2022-02-20 18:01:35,469 INFO L290 TraceCheckUtils]: 21: Hoare triple {12109#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12109#true} is VALID [2022-02-20 18:01:35,470 INFO L290 TraceCheckUtils]: 22: Hoare triple {12109#true} assume true; {12109#true} is VALID [2022-02-20 18:01:35,470 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12109#true} {12245#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1148#return; {12245#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:35,471 INFO L290 TraceCheckUtils]: 24: Hoare triple {12245#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {12245#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:35,471 INFO L272 TraceCheckUtils]: 25: Hoare triple {12245#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12109#true} is VALID [2022-02-20 18:01:35,471 INFO L290 TraceCheckUtils]: 26: Hoare triple {12109#true} ~handle := #in~handle;~value := #in~value; {12273#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:01:35,472 INFO L290 TraceCheckUtils]: 27: Hoare triple {12273#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12277#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:35,472 INFO L290 TraceCheckUtils]: 28: Hoare triple {12277#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {12277#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:35,473 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12277#(<= |setClientPrivateKey_#in~handle| 1)} {12245#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1150#return; {12110#false} is VALID [2022-02-20 18:01:35,473 INFO L290 TraceCheckUtils]: 30: Hoare triple {12110#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12110#false} is VALID [2022-02-20 18:01:35,473 INFO L272 TraceCheckUtils]: 31: Hoare triple {12110#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12110#false} is VALID [2022-02-20 18:01:35,473 INFO L290 TraceCheckUtils]: 32: Hoare triple {12110#false} ~handle := #in~handle;~value := #in~value; {12110#false} is VALID [2022-02-20 18:01:35,473 INFO L290 TraceCheckUtils]: 33: Hoare triple {12110#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12110#false} is VALID [2022-02-20 18:01:35,473 INFO L290 TraceCheckUtils]: 34: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,474 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12110#false} {12110#false} #1152#return; {12110#false} is VALID [2022-02-20 18:01:35,474 INFO L290 TraceCheckUtils]: 36: Hoare triple {12110#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12110#false} is VALID [2022-02-20 18:01:35,474 INFO L272 TraceCheckUtils]: 37: Hoare triple {12110#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12110#false} is VALID [2022-02-20 18:01:35,474 INFO L290 TraceCheckUtils]: 38: Hoare triple {12110#false} ~handle := #in~handle;~value := #in~value; {12110#false} is VALID [2022-02-20 18:01:35,474 INFO L290 TraceCheckUtils]: 39: Hoare triple {12110#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12110#false} is VALID [2022-02-20 18:01:35,474 INFO L290 TraceCheckUtils]: 40: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,474 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12110#false} {12110#false} #1154#return; {12110#false} is VALID [2022-02-20 18:01:35,475 INFO L290 TraceCheckUtils]: 42: Hoare triple {12110#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {12110#false} is VALID [2022-02-20 18:01:35,475 INFO L290 TraceCheckUtils]: 43: Hoare triple {12110#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12110#false} is VALID [2022-02-20 18:01:35,475 INFO L290 TraceCheckUtils]: 44: Hoare triple {12110#false} assume !false; {12110#false} is VALID [2022-02-20 18:01:35,475 INFO L290 TraceCheckUtils]: 45: Hoare triple {12110#false} assume test_~splverifierCounter~0#1 < 4; {12110#false} is VALID [2022-02-20 18:01:35,475 INFO L290 TraceCheckUtils]: 46: Hoare triple {12110#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12110#false} is VALID [2022-02-20 18:01:35,475 INFO L290 TraceCheckUtils]: 47: Hoare triple {12110#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {12110#false} is VALID [2022-02-20 18:01:35,476 INFO L290 TraceCheckUtils]: 48: Hoare triple {12110#false} assume !(0 != test_~tmp___9~0#1); {12110#false} is VALID [2022-02-20 18:01:35,476 INFO L290 TraceCheckUtils]: 49: Hoare triple {12110#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {12110#false} is VALID [2022-02-20 18:01:35,476 INFO L290 TraceCheckUtils]: 50: Hoare triple {12110#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12110#false} is VALID [2022-02-20 18:01:35,476 INFO L290 TraceCheckUtils]: 51: Hoare triple {12110#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12110#false} is VALID [2022-02-20 18:01:35,476 INFO L290 TraceCheckUtils]: 52: Hoare triple {12110#false} assume { :end_inline_setClientAutoResponse } true; {12110#false} is VALID [2022-02-20 18:01:35,476 INFO L290 TraceCheckUtils]: 53: Hoare triple {12110#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12110#false} is VALID [2022-02-20 18:01:35,476 INFO L290 TraceCheckUtils]: 54: Hoare triple {12110#false} assume !false; {12110#false} is VALID [2022-02-20 18:01:35,477 INFO L290 TraceCheckUtils]: 55: Hoare triple {12110#false} assume !(test_~splverifierCounter~0#1 < 4); {12110#false} is VALID [2022-02-20 18:01:35,477 INFO L290 TraceCheckUtils]: 56: Hoare triple {12110#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {12110#false} is VALID [2022-02-20 18:01:35,477 INFO L272 TraceCheckUtils]: 57: Hoare triple {12110#false} call sendEmail(~bob~0, ~rjh~0); {12110#false} is VALID [2022-02-20 18:01:35,477 INFO L290 TraceCheckUtils]: 58: Hoare triple {12110#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12110#false} is VALID [2022-02-20 18:01:35,477 INFO L272 TraceCheckUtils]: 59: Hoare triple {12110#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12110#false} is VALID [2022-02-20 18:01:35,477 INFO L290 TraceCheckUtils]: 60: Hoare triple {12110#false} ~handle := #in~handle;~value := #in~value; {12110#false} is VALID [2022-02-20 18:01:35,478 INFO L290 TraceCheckUtils]: 61: Hoare triple {12110#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12110#false} is VALID [2022-02-20 18:01:35,478 INFO L290 TraceCheckUtils]: 62: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,478 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12110#false} {12110#false} #1130#return; {12110#false} is VALID [2022-02-20 18:01:35,478 INFO L272 TraceCheckUtils]: 64: Hoare triple {12110#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12110#false} is VALID [2022-02-20 18:01:35,478 INFO L290 TraceCheckUtils]: 65: Hoare triple {12110#false} ~handle := #in~handle;~value := #in~value; {12110#false} is VALID [2022-02-20 18:01:35,478 INFO L290 TraceCheckUtils]: 66: Hoare triple {12110#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12110#false} is VALID [2022-02-20 18:01:35,478 INFO L290 TraceCheckUtils]: 67: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,479 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {12110#false} {12110#false} #1132#return; {12110#false} is VALID [2022-02-20 18:01:35,479 INFO L290 TraceCheckUtils]: 69: Hoare triple {12110#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {12110#false} is VALID [2022-02-20 18:01:35,479 INFO L290 TraceCheckUtils]: 70: Hoare triple {12110#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {12110#false} is VALID [2022-02-20 18:01:35,479 INFO L272 TraceCheckUtils]: 71: Hoare triple {12110#false} call outgoing(~sender#1, ~email~0#1); {12110#false} is VALID [2022-02-20 18:01:35,479 INFO L290 TraceCheckUtils]: 72: Hoare triple {12110#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {12110#false} is VALID [2022-02-20 18:01:35,479 INFO L272 TraceCheckUtils]: 73: Hoare triple {12110#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {12110#false} is VALID [2022-02-20 18:01:35,479 INFO L290 TraceCheckUtils]: 74: Hoare triple {12110#false} ~handle := #in~handle;havoc ~retValue_acc~10; {12110#false} is VALID [2022-02-20 18:01:35,480 INFO L290 TraceCheckUtils]: 75: Hoare triple {12110#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {12110#false} is VALID [2022-02-20 18:01:35,480 INFO L290 TraceCheckUtils]: 76: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,480 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {12110#false} {12110#false} #1060#return; {12110#false} is VALID [2022-02-20 18:01:35,480 INFO L290 TraceCheckUtils]: 78: Hoare triple {12110#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {12110#false} is VALID [2022-02-20 18:01:35,480 INFO L290 TraceCheckUtils]: 79: Hoare triple {12110#false} assume 0 == sign_~privkey~1#1; {12110#false} is VALID [2022-02-20 18:01:35,480 INFO L290 TraceCheckUtils]: 80: Hoare triple {12110#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {12110#false} is VALID [2022-02-20 18:01:35,481 INFO L272 TraceCheckUtils]: 81: Hoare triple {12110#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {12110#false} is VALID [2022-02-20 18:01:35,481 INFO L290 TraceCheckUtils]: 82: Hoare triple {12110#false} ~handle := #in~handle;havoc ~retValue_acc~32; {12110#false} is VALID [2022-02-20 18:01:35,481 INFO L290 TraceCheckUtils]: 83: Hoare triple {12110#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {12110#false} is VALID [2022-02-20 18:01:35,481 INFO L290 TraceCheckUtils]: 84: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,481 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12110#false} {12110#false} #1062#return; {12110#false} is VALID [2022-02-20 18:01:35,481 INFO L290 TraceCheckUtils]: 86: Hoare triple {12110#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {12110#false} is VALID [2022-02-20 18:01:35,481 INFO L272 TraceCheckUtils]: 87: Hoare triple {12110#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {12110#false} is VALID [2022-02-20 18:01:35,482 INFO L290 TraceCheckUtils]: 88: Hoare triple {12110#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {12110#false} is VALID [2022-02-20 18:01:35,482 INFO L290 TraceCheckUtils]: 89: Hoare triple {12110#false} assume 1 == ~handle; {12110#false} is VALID [2022-02-20 18:01:35,482 INFO L290 TraceCheckUtils]: 90: Hoare triple {12110#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {12110#false} is VALID [2022-02-20 18:01:35,482 INFO L290 TraceCheckUtils]: 91: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,482 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {12110#false} {12110#false} #1064#return; {12110#false} is VALID [2022-02-20 18:01:35,482 INFO L290 TraceCheckUtils]: 93: Hoare triple {12110#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {12110#false} is VALID [2022-02-20 18:01:35,483 INFO L290 TraceCheckUtils]: 94: Hoare triple {12110#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {12110#false} is VALID [2022-02-20 18:01:35,483 INFO L290 TraceCheckUtils]: 95: Hoare triple {12110#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {12110#false} is VALID [2022-02-20 18:01:35,483 INFO L290 TraceCheckUtils]: 96: Hoare triple {12110#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {12110#false} is VALID [2022-02-20 18:01:35,483 INFO L290 TraceCheckUtils]: 97: Hoare triple {12110#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {12110#false} is VALID [2022-02-20 18:01:35,483 INFO L272 TraceCheckUtils]: 98: Hoare triple {12110#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {12110#false} is VALID [2022-02-20 18:01:35,483 INFO L290 TraceCheckUtils]: 99: Hoare triple {12110#false} ~handle := #in~handle;~value := #in~value; {12110#false} is VALID [2022-02-20 18:01:35,483 INFO L290 TraceCheckUtils]: 100: Hoare triple {12110#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12110#false} is VALID [2022-02-20 18:01:35,484 INFO L290 TraceCheckUtils]: 101: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,484 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {12110#false} {12110#false} #1070#return; {12110#false} is VALID [2022-02-20 18:01:35,484 INFO L290 TraceCheckUtils]: 103: Hoare triple {12110#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {12110#false} is VALID [2022-02-20 18:01:35,484 INFO L272 TraceCheckUtils]: 104: Hoare triple {12110#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {12110#false} is VALID [2022-02-20 18:01:35,484 INFO L290 TraceCheckUtils]: 105: Hoare triple {12110#false} ~handle := #in~handle;havoc ~retValue_acc~35; {12110#false} is VALID [2022-02-20 18:01:35,484 INFO L290 TraceCheckUtils]: 106: Hoare triple {12110#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {12110#false} is VALID [2022-02-20 18:01:35,485 INFO L290 TraceCheckUtils]: 107: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,485 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {12110#false} {12110#false} #1072#return; {12110#false} is VALID [2022-02-20 18:01:35,485 INFO L290 TraceCheckUtils]: 109: Hoare triple {12110#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {12110#false} is VALID [2022-02-20 18:01:35,485 INFO L290 TraceCheckUtils]: 110: Hoare triple {12110#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {12110#false} is VALID [2022-02-20 18:01:35,485 INFO L272 TraceCheckUtils]: 111: Hoare triple {12110#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {12110#false} is VALID [2022-02-20 18:01:35,485 INFO L290 TraceCheckUtils]: 112: Hoare triple {12110#false} ~handle := #in~handle;havoc ~retValue_acc~32; {12110#false} is VALID [2022-02-20 18:01:35,485 INFO L290 TraceCheckUtils]: 113: Hoare triple {12110#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {12110#false} is VALID [2022-02-20 18:01:35,486 INFO L290 TraceCheckUtils]: 114: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,486 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {12110#false} {12110#false} #1074#return; {12110#false} is VALID [2022-02-20 18:01:35,486 INFO L290 TraceCheckUtils]: 116: Hoare triple {12110#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {12110#false} is VALID [2022-02-20 18:01:35,486 INFO L290 TraceCheckUtils]: 117: Hoare triple {12110#false} assume 1 == ~sent_encrypted~0; {12110#false} is VALID [2022-02-20 18:01:35,486 INFO L272 TraceCheckUtils]: 118: Hoare triple {12110#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {12110#false} is VALID [2022-02-20 18:01:35,486 INFO L290 TraceCheckUtils]: 119: Hoare triple {12110#false} ~handle := #in~handle;havoc ~retValue_acc~10; {12110#false} is VALID [2022-02-20 18:01:35,487 INFO L290 TraceCheckUtils]: 120: Hoare triple {12110#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {12110#false} is VALID [2022-02-20 18:01:35,487 INFO L290 TraceCheckUtils]: 121: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,487 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {12110#false} {12110#false} #1076#return; {12110#false} is VALID [2022-02-20 18:01:35,487 INFO L290 TraceCheckUtils]: 123: Hoare triple {12110#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {12110#false} is VALID [2022-02-20 18:01:35,487 INFO L272 TraceCheckUtils]: 124: Hoare triple {12110#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {12110#false} is VALID [2022-02-20 18:01:35,487 INFO L290 TraceCheckUtils]: 125: Hoare triple {12110#false} ~handle := #in~handle;havoc ~retValue_acc~36; {12110#false} is VALID [2022-02-20 18:01:35,487 INFO L290 TraceCheckUtils]: 126: Hoare triple {12110#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {12110#false} is VALID [2022-02-20 18:01:35,488 INFO L290 TraceCheckUtils]: 127: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,488 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {12110#false} {12110#false} #1078#return; {12110#false} is VALID [2022-02-20 18:01:35,488 INFO L290 TraceCheckUtils]: 129: Hoare triple {12110#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {12110#false} is VALID [2022-02-20 18:01:35,488 INFO L272 TraceCheckUtils]: 130: Hoare triple {12110#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {12110#false} is VALID [2022-02-20 18:01:35,488 INFO L290 TraceCheckUtils]: 131: Hoare triple {12110#false} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {12110#false} is VALID [2022-02-20 18:01:35,488 INFO L290 TraceCheckUtils]: 132: Hoare triple {12110#false} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {12110#false} is VALID [2022-02-20 18:01:35,488 INFO L290 TraceCheckUtils]: 133: Hoare triple {12110#false} assume true; {12110#false} is VALID [2022-02-20 18:01:35,489 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {12110#false} {12110#false} #1080#return; {12110#false} is VALID [2022-02-20 18:01:35,489 INFO L290 TraceCheckUtils]: 135: Hoare triple {12110#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {12110#false} is VALID [2022-02-20 18:01:35,489 INFO L290 TraceCheckUtils]: 136: Hoare triple {12110#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {12110#false} is VALID [2022-02-20 18:01:35,489 INFO L290 TraceCheckUtils]: 137: Hoare triple {12110#false} assume !false; {12110#false} is VALID [2022-02-20 18:01:35,490 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 19 trivial. 0 not checked. [2022-02-20 18:01:35,490 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:35,490 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1095596395] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:35,490 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:35,490 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:01:35,490 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [487870588] [2022-02-20 18:01:35,491 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:35,491 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 18.0) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) Word has length 138 [2022-02-20 18:01:35,492 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:35,492 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 18.0) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:35,572 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 126 edges. 126 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:35,572 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:01:35,572 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:35,573 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:01:35,573 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:01:35,573 INFO L87 Difference]: Start difference. First operand 444 states and 667 transitions. Second operand has 5 states, 5 states have (on average 18.0) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:36,693 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:36,693 INFO L93 Difference]: Finished difference Result 877 states and 1323 transitions. [2022-02-20 18:01:36,693 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:01:36,693 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 18.0) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) Word has length 138 [2022-02-20 18:01:36,694 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:36,694 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 18.0) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:36,705 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1129 transitions. [2022-02-20 18:01:36,706 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 18.0) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:36,717 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1129 transitions. [2022-02-20 18:01:36,717 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1129 transitions. [2022-02-20 18:01:37,488 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1129 edges. 1129 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:37,505 INFO L225 Difference]: With dead ends: 877 [2022-02-20 18:01:37,505 INFO L226 Difference]: Without dead ends: 446 [2022-02-20 18:01:37,507 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 178 GetRequests, 164 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:01:37,507 INFO L933 BasicCegarLoop]: 559 mSDtfsCounter, 132 mSDsluCounter, 1522 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 2081 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:37,507 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 2081 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:37,509 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 446 states. [2022-02-20 18:01:37,612 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 446 to 446. [2022-02-20 18:01:37,612 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:37,614 INFO L82 GeneralOperation]: Start isEquivalent. First operand 446 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (82), 75 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:01:37,615 INFO L74 IsIncluded]: Start isIncluded. First operand 446 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (82), 75 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:01:37,616 INFO L87 Difference]: Start difference. First operand 446 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (82), 75 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:01:37,633 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:37,633 INFO L93 Difference]: Finished difference Result 446 states and 673 transitions. [2022-02-20 18:01:37,633 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 673 transitions. [2022-02-20 18:01:37,635 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:37,635 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:37,636 INFO L74 IsIncluded]: Start isIncluded. First operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (82), 75 states have call predecessors, (82), 75 states have call successors, (82) Second operand 446 states. [2022-02-20 18:01:37,637 INFO L87 Difference]: Start difference. First operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (82), 75 states have call predecessors, (82), 75 states have call successors, (82) Second operand 446 states. [2022-02-20 18:01:37,656 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:37,656 INFO L93 Difference]: Finished difference Result 446 states and 673 transitions. [2022-02-20 18:01:37,656 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 673 transitions. [2022-02-20 18:01:37,658 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:37,658 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:37,658 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:37,658 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:37,660 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (82), 75 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:01:37,679 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 446 states to 446 states and 673 transitions. [2022-02-20 18:01:37,679 INFO L78 Accepts]: Start accepts. Automaton has 446 states and 673 transitions. Word has length 138 [2022-02-20 18:01:37,680 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:37,680 INFO L470 AbstractCegarLoop]: Abstraction has 446 states and 673 transitions. [2022-02-20 18:01:37,680 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 18.0) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (19), 2 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:37,680 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 673 transitions. [2022-02-20 18:01:37,682 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 140 [2022-02-20 18:01:37,682 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:37,682 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:37,712 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:37,903 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:37,903 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:37,904 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:37,904 INFO L85 PathProgramCache]: Analyzing trace with hash 2120382922, now seen corresponding path program 1 times [2022-02-20 18:01:37,904 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:37,904 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [442261391] [2022-02-20 18:01:37,904 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:37,904 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:37,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:37,996 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:37,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,002 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15378#true} #1144#return; {15378#true} is VALID [2022-02-20 18:01:38,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:38,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,012 INFO L290 TraceCheckUtils]: 0: Hoare triple {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,013 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,013 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,013 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15378#true} #1146#return; {15378#true} is VALID [2022-02-20 18:01:38,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:38,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,018 INFO L290 TraceCheckUtils]: 0: Hoare triple {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,018 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume !(1 == ~handle); {15378#true} is VALID [2022-02-20 18:01:38,018 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,018 INFO L290 TraceCheckUtils]: 3: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,018 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15378#true} {15378#true} #1148#return; {15378#true} is VALID [2022-02-20 18:01:38,019 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:38,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,023 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume !(1 == ~handle); {15378#true} is VALID [2022-02-20 18:01:38,024 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,024 INFO L290 TraceCheckUtils]: 3: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,024 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15378#true} {15378#true} #1150#return; {15378#true} is VALID [2022-02-20 18:01:38,024 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:38,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15454#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:38,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {15454#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15455#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:38,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {15455#(= |setClientId_#in~handle| 1)} assume true; {15455#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:38,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15455#(= |setClientId_#in~handle| 1)} {15398#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1152#return; {15379#false} is VALID [2022-02-20 18:01:38,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:38,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,050 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1154#return; {15379#false} is VALID [2022-02-20 18:01:38,056 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:01:38,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,060 INFO L290 TraceCheckUtils]: 0: Hoare triple {15456#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,060 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,060 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,060 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1130#return; {15379#false} is VALID [2022-02-20 18:01:38,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:01:38,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {15457#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,072 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,073 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1132#return; {15379#false} is VALID [2022-02-20 18:01:38,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:01:38,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~10; {15378#true} is VALID [2022-02-20 18:01:38,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {15378#true} is VALID [2022-02-20 18:01:38,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,081 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1060#return; {15379#false} is VALID [2022-02-20 18:01:38,082 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:01:38,083 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,085 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~32; {15378#true} is VALID [2022-02-20 18:01:38,086 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {15378#true} is VALID [2022-02-20 18:01:38,086 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,086 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1062#return; {15379#false} is VALID [2022-02-20 18:01:38,086 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:01:38,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,091 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {15378#true} is VALID [2022-02-20 18:01:38,091 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle; {15378#true} is VALID [2022-02-20 18:01:38,091 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {15378#true} is VALID [2022-02-20 18:01:38,092 INFO L290 TraceCheckUtils]: 3: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,092 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15378#true} {15379#false} #1064#return; {15379#false} is VALID [2022-02-20 18:01:38,092 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:01:38,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,103 INFO L290 TraceCheckUtils]: 0: Hoare triple {15456#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,103 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,104 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,104 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1070#return; {15379#false} is VALID [2022-02-20 18:01:38,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:01:38,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,108 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~35; {15378#true} is VALID [2022-02-20 18:01:38,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {15378#true} is VALID [2022-02-20 18:01:38,109 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,109 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1072#return; {15379#false} is VALID [2022-02-20 18:01:38,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:01:38,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,112 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~32; {15378#true} is VALID [2022-02-20 18:01:38,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {15378#true} is VALID [2022-02-20 18:01:38,113 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,113 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1074#return; {15379#false} is VALID [2022-02-20 18:01:38,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:01:38,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~10; {15378#true} is VALID [2022-02-20 18:01:38,117 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {15378#true} is VALID [2022-02-20 18:01:38,117 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,118 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1076#return; {15379#false} is VALID [2022-02-20 18:01:38,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:01:38,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,121 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15378#true} is VALID [2022-02-20 18:01:38,121 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {15378#true} is VALID [2022-02-20 18:01:38,122 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,122 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1078#return; {15379#false} is VALID [2022-02-20 18:01:38,122 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 18:01:38,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:38,126 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {15378#true} is VALID [2022-02-20 18:01:38,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {15378#true} is VALID [2022-02-20 18:01:38,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,127 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15378#true} {15379#false} #1080#return; {15379#false} is VALID [2022-02-20 18:01:38,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {15378#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {15378#true} is VALID [2022-02-20 18:01:38,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {15378#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {15378#true} is VALID [2022-02-20 18:01:38,128 INFO L290 TraceCheckUtils]: 2: Hoare triple {15378#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15378#true} is VALID [2022-02-20 18:01:38,128 INFO L290 TraceCheckUtils]: 3: Hoare triple {15378#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {15378#true} is VALID [2022-02-20 18:01:38,128 INFO L290 TraceCheckUtils]: 4: Hoare triple {15378#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {15378#true} is VALID [2022-02-20 18:01:38,128 INFO L290 TraceCheckUtils]: 5: Hoare triple {15378#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15378#true} is VALID [2022-02-20 18:01:38,129 INFO L272 TraceCheckUtils]: 6: Hoare triple {15378#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,129 INFO L290 TraceCheckUtils]: 7: Hoare triple {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,129 INFO L290 TraceCheckUtils]: 8: Hoare triple {15378#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,129 INFO L290 TraceCheckUtils]: 9: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,129 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15378#true} {15378#true} #1144#return; {15378#true} is VALID [2022-02-20 18:01:38,129 INFO L290 TraceCheckUtils]: 11: Hoare triple {15378#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15378#true} is VALID [2022-02-20 18:01:38,130 INFO L272 TraceCheckUtils]: 12: Hoare triple {15378#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:38,130 INFO L290 TraceCheckUtils]: 13: Hoare triple {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,130 INFO L290 TraceCheckUtils]: 14: Hoare triple {15378#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,131 INFO L290 TraceCheckUtils]: 15: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,131 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15378#true} {15378#true} #1146#return; {15378#true} is VALID [2022-02-20 18:01:38,131 INFO L290 TraceCheckUtils]: 17: Hoare triple {15378#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15378#true} is VALID [2022-02-20 18:01:38,132 INFO L272 TraceCheckUtils]: 18: Hoare triple {15378#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,132 INFO L290 TraceCheckUtils]: 19: Hoare triple {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,132 INFO L290 TraceCheckUtils]: 20: Hoare triple {15378#true} assume !(1 == ~handle); {15378#true} is VALID [2022-02-20 18:01:38,132 INFO L290 TraceCheckUtils]: 21: Hoare triple {15378#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,132 INFO L290 TraceCheckUtils]: 22: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,132 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15378#true} {15378#true} #1148#return; {15378#true} is VALID [2022-02-20 18:01:38,133 INFO L290 TraceCheckUtils]: 24: Hoare triple {15378#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15378#true} is VALID [2022-02-20 18:01:38,133 INFO L272 TraceCheckUtils]: 25: Hoare triple {15378#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:38,133 INFO L290 TraceCheckUtils]: 26: Hoare triple {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,134 INFO L290 TraceCheckUtils]: 27: Hoare triple {15378#true} assume !(1 == ~handle); {15378#true} is VALID [2022-02-20 18:01:38,134 INFO L290 TraceCheckUtils]: 28: Hoare triple {15378#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,134 INFO L290 TraceCheckUtils]: 29: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,134 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15378#true} {15378#true} #1150#return; {15378#true} is VALID [2022-02-20 18:01:38,134 INFO L290 TraceCheckUtils]: 31: Hoare triple {15378#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15398#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:38,135 INFO L272 TraceCheckUtils]: 32: Hoare triple {15398#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:38,136 INFO L290 TraceCheckUtils]: 33: Hoare triple {15452#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15454#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:38,136 INFO L290 TraceCheckUtils]: 34: Hoare triple {15454#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15455#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:38,136 INFO L290 TraceCheckUtils]: 35: Hoare triple {15455#(= |setClientId_#in~handle| 1)} assume true; {15455#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:38,137 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {15455#(= |setClientId_#in~handle| 1)} {15398#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1152#return; {15379#false} is VALID [2022-02-20 18:01:38,137 INFO L290 TraceCheckUtils]: 37: Hoare triple {15379#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15379#false} is VALID [2022-02-20 18:01:38,137 INFO L272 TraceCheckUtils]: 38: Hoare triple {15379#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:38,137 INFO L290 TraceCheckUtils]: 39: Hoare triple {15453#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,137 INFO L290 TraceCheckUtils]: 40: Hoare triple {15378#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,138 INFO L290 TraceCheckUtils]: 41: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,138 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {15378#true} {15379#false} #1154#return; {15379#false} is VALID [2022-02-20 18:01:38,138 INFO L290 TraceCheckUtils]: 43: Hoare triple {15379#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {15379#false} is VALID [2022-02-20 18:01:38,138 INFO L290 TraceCheckUtils]: 44: Hoare triple {15379#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15379#false} is VALID [2022-02-20 18:01:38,138 INFO L290 TraceCheckUtils]: 45: Hoare triple {15379#false} assume !false; {15379#false} is VALID [2022-02-20 18:01:38,138 INFO L290 TraceCheckUtils]: 46: Hoare triple {15379#false} assume test_~splverifierCounter~0#1 < 4; {15379#false} is VALID [2022-02-20 18:01:38,139 INFO L290 TraceCheckUtils]: 47: Hoare triple {15379#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15379#false} is VALID [2022-02-20 18:01:38,139 INFO L290 TraceCheckUtils]: 48: Hoare triple {15379#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {15379#false} is VALID [2022-02-20 18:01:38,139 INFO L290 TraceCheckUtils]: 49: Hoare triple {15379#false} assume !(0 != test_~tmp___9~0#1); {15379#false} is VALID [2022-02-20 18:01:38,139 INFO L290 TraceCheckUtils]: 50: Hoare triple {15379#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {15379#false} is VALID [2022-02-20 18:01:38,139 INFO L290 TraceCheckUtils]: 51: Hoare triple {15379#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {15379#false} is VALID [2022-02-20 18:01:38,139 INFO L290 TraceCheckUtils]: 52: Hoare triple {15379#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {15379#false} is VALID [2022-02-20 18:01:38,139 INFO L290 TraceCheckUtils]: 53: Hoare triple {15379#false} assume { :end_inline_setClientAutoResponse } true; {15379#false} is VALID [2022-02-20 18:01:38,140 INFO L290 TraceCheckUtils]: 54: Hoare triple {15379#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {15379#false} is VALID [2022-02-20 18:01:38,140 INFO L290 TraceCheckUtils]: 55: Hoare triple {15379#false} assume !false; {15379#false} is VALID [2022-02-20 18:01:38,140 INFO L290 TraceCheckUtils]: 56: Hoare triple {15379#false} assume !(test_~splverifierCounter~0#1 < 4); {15379#false} is VALID [2022-02-20 18:01:38,140 INFO L290 TraceCheckUtils]: 57: Hoare triple {15379#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {15379#false} is VALID [2022-02-20 18:01:38,140 INFO L272 TraceCheckUtils]: 58: Hoare triple {15379#false} call sendEmail(~bob~0, ~rjh~0); {15379#false} is VALID [2022-02-20 18:01:38,140 INFO L290 TraceCheckUtils]: 59: Hoare triple {15379#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15379#false} is VALID [2022-02-20 18:01:38,140 INFO L272 TraceCheckUtils]: 60: Hoare triple {15379#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15456#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:38,141 INFO L290 TraceCheckUtils]: 61: Hoare triple {15456#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,141 INFO L290 TraceCheckUtils]: 62: Hoare triple {15378#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,141 INFO L290 TraceCheckUtils]: 63: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,141 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {15378#true} {15379#false} #1130#return; {15379#false} is VALID [2022-02-20 18:01:38,141 INFO L272 TraceCheckUtils]: 65: Hoare triple {15379#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {15457#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:38,141 INFO L290 TraceCheckUtils]: 66: Hoare triple {15457#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,141 INFO L290 TraceCheckUtils]: 67: Hoare triple {15378#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,141 INFO L290 TraceCheckUtils]: 68: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,142 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {15378#true} {15379#false} #1132#return; {15379#false} is VALID [2022-02-20 18:01:38,142 INFO L290 TraceCheckUtils]: 70: Hoare triple {15379#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {15379#false} is VALID [2022-02-20 18:01:38,142 INFO L290 TraceCheckUtils]: 71: Hoare triple {15379#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {15379#false} is VALID [2022-02-20 18:01:38,142 INFO L272 TraceCheckUtils]: 72: Hoare triple {15379#false} call outgoing(~sender#1, ~email~0#1); {15379#false} is VALID [2022-02-20 18:01:38,142 INFO L290 TraceCheckUtils]: 73: Hoare triple {15379#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {15379#false} is VALID [2022-02-20 18:01:38,142 INFO L272 TraceCheckUtils]: 74: Hoare triple {15379#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {15378#true} is VALID [2022-02-20 18:01:38,143 INFO L290 TraceCheckUtils]: 75: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~10; {15378#true} is VALID [2022-02-20 18:01:38,143 INFO L290 TraceCheckUtils]: 76: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {15378#true} is VALID [2022-02-20 18:01:38,143 INFO L290 TraceCheckUtils]: 77: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,143 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {15378#true} {15379#false} #1060#return; {15379#false} is VALID [2022-02-20 18:01:38,143 INFO L290 TraceCheckUtils]: 79: Hoare triple {15379#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {15379#false} is VALID [2022-02-20 18:01:38,143 INFO L290 TraceCheckUtils]: 80: Hoare triple {15379#false} assume 0 == sign_~privkey~1#1; {15379#false} is VALID [2022-02-20 18:01:38,143 INFO L290 TraceCheckUtils]: 81: Hoare triple {15379#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {15379#false} is VALID [2022-02-20 18:01:38,144 INFO L272 TraceCheckUtils]: 82: Hoare triple {15379#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {15378#true} is VALID [2022-02-20 18:01:38,144 INFO L290 TraceCheckUtils]: 83: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~32; {15378#true} is VALID [2022-02-20 18:01:38,144 INFO L290 TraceCheckUtils]: 84: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {15378#true} is VALID [2022-02-20 18:01:38,144 INFO L290 TraceCheckUtils]: 85: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,144 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {15378#true} {15379#false} #1062#return; {15379#false} is VALID [2022-02-20 18:01:38,144 INFO L290 TraceCheckUtils]: 87: Hoare triple {15379#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {15379#false} is VALID [2022-02-20 18:01:38,144 INFO L272 TraceCheckUtils]: 88: Hoare triple {15379#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {15378#true} is VALID [2022-02-20 18:01:38,145 INFO L290 TraceCheckUtils]: 89: Hoare triple {15378#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {15378#true} is VALID [2022-02-20 18:01:38,145 INFO L290 TraceCheckUtils]: 90: Hoare triple {15378#true} assume 1 == ~handle; {15378#true} is VALID [2022-02-20 18:01:38,145 INFO L290 TraceCheckUtils]: 91: Hoare triple {15378#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {15378#true} is VALID [2022-02-20 18:01:38,145 INFO L290 TraceCheckUtils]: 92: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,145 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {15378#true} {15379#false} #1064#return; {15379#false} is VALID [2022-02-20 18:01:38,145 INFO L290 TraceCheckUtils]: 94: Hoare triple {15379#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {15379#false} is VALID [2022-02-20 18:01:38,145 INFO L290 TraceCheckUtils]: 95: Hoare triple {15379#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {15379#false} is VALID [2022-02-20 18:01:38,146 INFO L290 TraceCheckUtils]: 96: Hoare triple {15379#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {15379#false} is VALID [2022-02-20 18:01:38,146 INFO L290 TraceCheckUtils]: 97: Hoare triple {15379#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {15379#false} is VALID [2022-02-20 18:01:38,146 INFO L290 TraceCheckUtils]: 98: Hoare triple {15379#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {15379#false} is VALID [2022-02-20 18:01:38,146 INFO L272 TraceCheckUtils]: 99: Hoare triple {15379#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {15456#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:38,146 INFO L290 TraceCheckUtils]: 100: Hoare triple {15456#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15378#true} is VALID [2022-02-20 18:01:38,146 INFO L290 TraceCheckUtils]: 101: Hoare triple {15378#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15378#true} is VALID [2022-02-20 18:01:38,146 INFO L290 TraceCheckUtils]: 102: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,147 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {15378#true} {15379#false} #1070#return; {15379#false} is VALID [2022-02-20 18:01:38,147 INFO L290 TraceCheckUtils]: 104: Hoare triple {15379#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {15379#false} is VALID [2022-02-20 18:01:38,147 INFO L272 TraceCheckUtils]: 105: Hoare triple {15379#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {15378#true} is VALID [2022-02-20 18:01:38,147 INFO L290 TraceCheckUtils]: 106: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~35; {15378#true} is VALID [2022-02-20 18:01:38,147 INFO L290 TraceCheckUtils]: 107: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {15378#true} is VALID [2022-02-20 18:01:38,147 INFO L290 TraceCheckUtils]: 108: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,147 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {15378#true} {15379#false} #1072#return; {15379#false} is VALID [2022-02-20 18:01:38,148 INFO L290 TraceCheckUtils]: 110: Hoare triple {15379#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {15379#false} is VALID [2022-02-20 18:01:38,148 INFO L290 TraceCheckUtils]: 111: Hoare triple {15379#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {15379#false} is VALID [2022-02-20 18:01:38,148 INFO L272 TraceCheckUtils]: 112: Hoare triple {15379#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {15378#true} is VALID [2022-02-20 18:01:38,148 INFO L290 TraceCheckUtils]: 113: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~32; {15378#true} is VALID [2022-02-20 18:01:38,148 INFO L290 TraceCheckUtils]: 114: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {15378#true} is VALID [2022-02-20 18:01:38,148 INFO L290 TraceCheckUtils]: 115: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,149 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {15378#true} {15379#false} #1074#return; {15379#false} is VALID [2022-02-20 18:01:38,149 INFO L290 TraceCheckUtils]: 117: Hoare triple {15379#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {15379#false} is VALID [2022-02-20 18:01:38,149 INFO L290 TraceCheckUtils]: 118: Hoare triple {15379#false} assume 1 == ~sent_encrypted~0; {15379#false} is VALID [2022-02-20 18:01:38,149 INFO L272 TraceCheckUtils]: 119: Hoare triple {15379#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {15378#true} is VALID [2022-02-20 18:01:38,149 INFO L290 TraceCheckUtils]: 120: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~10; {15378#true} is VALID [2022-02-20 18:01:38,149 INFO L290 TraceCheckUtils]: 121: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {15378#true} is VALID [2022-02-20 18:01:38,150 INFO L290 TraceCheckUtils]: 122: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,150 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {15378#true} {15379#false} #1076#return; {15379#false} is VALID [2022-02-20 18:01:38,150 INFO L290 TraceCheckUtils]: 124: Hoare triple {15379#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {15379#false} is VALID [2022-02-20 18:01:38,150 INFO L272 TraceCheckUtils]: 125: Hoare triple {15379#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {15378#true} is VALID [2022-02-20 18:01:38,150 INFO L290 TraceCheckUtils]: 126: Hoare triple {15378#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15378#true} is VALID [2022-02-20 18:01:38,150 INFO L290 TraceCheckUtils]: 127: Hoare triple {15378#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {15378#true} is VALID [2022-02-20 18:01:38,150 INFO L290 TraceCheckUtils]: 128: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,151 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {15378#true} {15379#false} #1078#return; {15379#false} is VALID [2022-02-20 18:01:38,151 INFO L290 TraceCheckUtils]: 130: Hoare triple {15379#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {15379#false} is VALID [2022-02-20 18:01:38,151 INFO L272 TraceCheckUtils]: 131: Hoare triple {15379#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {15378#true} is VALID [2022-02-20 18:01:38,151 INFO L290 TraceCheckUtils]: 132: Hoare triple {15378#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {15378#true} is VALID [2022-02-20 18:01:38,151 INFO L290 TraceCheckUtils]: 133: Hoare triple {15378#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {15378#true} is VALID [2022-02-20 18:01:38,151 INFO L290 TraceCheckUtils]: 134: Hoare triple {15378#true} assume true; {15378#true} is VALID [2022-02-20 18:01:38,151 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {15378#true} {15379#false} #1080#return; {15379#false} is VALID [2022-02-20 18:01:38,152 INFO L290 TraceCheckUtils]: 136: Hoare triple {15379#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {15379#false} is VALID [2022-02-20 18:01:38,152 INFO L290 TraceCheckUtils]: 137: Hoare triple {15379#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {15379#false} is VALID [2022-02-20 18:01:38,152 INFO L290 TraceCheckUtils]: 138: Hoare triple {15379#false} assume !false; {15379#false} is VALID [2022-02-20 18:01:38,152 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:01:38,153 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:38,153 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [442261391] [2022-02-20 18:01:38,153 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [442261391] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:38,153 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:38,153 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:01:38,153 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [592896137] [2022-02-20 18:01:38,153 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:38,154 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 139 [2022-02-20 18:01:38,155 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:38,155 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:38,237 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 122 edges. 122 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:38,238 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:01:38,238 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:38,238 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:01:38,238 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:38,239 INFO L87 Difference]: Start difference. First operand 446 states and 673 transitions. Second operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:47,541 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:47,542 INFO L93 Difference]: Finished difference Result 1088 states and 1651 transitions. [2022-02-20 18:01:47,542 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:01:47,542 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 139 [2022-02-20 18:01:47,543 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:47,543 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:47,563 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1449 transitions. [2022-02-20 18:01:47,564 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:47,585 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1449 transitions. [2022-02-20 18:01:47,585 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1449 transitions. [2022-02-20 18:01:48,934 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1449 edges. 1449 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:48,969 INFO L225 Difference]: With dead ends: 1088 [2022-02-20 18:01:48,969 INFO L226 Difference]: Without dead ends: 665 [2022-02-20 18:01:48,972 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:01:48,973 INFO L933 BasicCegarLoop]: 727 mSDtfsCounter, 1395 mSDsluCounter, 863 mSDsCounter, 0 mSdLazyCounter, 2664 mSolverCounterSat, 610 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1412 SdHoareTripleChecker+Valid, 1590 SdHoareTripleChecker+Invalid, 3274 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 610 IncrementalHoareTripleChecker+Valid, 2664 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:48,974 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1412 Valid, 1590 Invalid, 3274 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [610 Valid, 2664 Invalid, 0 Unknown, 0 Unchecked, 4.2s Time] [2022-02-20 18:01:48,976 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 665 states. [2022-02-20 18:01:49,083 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 665 to 446. [2022-02-20 18:01:49,083 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:49,085 INFO L82 GeneralOperation]: Start isEquivalent. First operand 665 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (81), 75 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:01:49,086 INFO L74 IsIncluded]: Start isIncluded. First operand 665 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (81), 75 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:01:49,088 INFO L87 Difference]: Start difference. First operand 665 states. Second operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (81), 75 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:01:49,123 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:49,124 INFO L93 Difference]: Finished difference Result 665 states and 1009 transitions. [2022-02-20 18:01:49,124 INFO L276 IsEmpty]: Start isEmpty. Operand 665 states and 1009 transitions. [2022-02-20 18:01:49,128 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:49,128 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:49,130 INFO L74 IsIncluded]: Start isIncluded. First operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (81), 75 states have call predecessors, (81), 75 states have call successors, (81) Second operand 665 states. [2022-02-20 18:01:49,131 INFO L87 Difference]: Start difference. First operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (81), 75 states have call predecessors, (81), 75 states have call successors, (81) Second operand 665 states. [2022-02-20 18:01:49,166 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:49,166 INFO L93 Difference]: Finished difference Result 665 states and 1009 transitions. [2022-02-20 18:01:49,166 INFO L276 IsEmpty]: Start isEmpty. Operand 665 states and 1009 transitions. [2022-02-20 18:01:49,170 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:49,171 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:49,171 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:49,171 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:49,172 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 446 states, 343 states have (on average 1.501457725947522) internal successors, (515), 348 states have internal predecessors, (515), 76 states have call successors, (76), 24 states have call predecessors, (76), 26 states have return successors, (81), 75 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:01:49,192 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 446 states to 446 states and 672 transitions. [2022-02-20 18:01:49,192 INFO L78 Accepts]: Start accepts. Automaton has 446 states and 672 transitions. Word has length 139 [2022-02-20 18:01:49,192 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:49,192 INFO L470 AbstractCegarLoop]: Abstraction has 446 states and 672 transitions. [2022-02-20 18:01:49,193 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:49,193 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 672 transitions. [2022-02-20 18:01:49,195 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 141 [2022-02-20 18:01:49,195 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:49,195 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:49,195 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:01:49,196 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:49,196 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:49,196 INFO L85 PathProgramCache]: Analyzing trace with hash -1634749281, now seen corresponding path program 2 times [2022-02-20 18:01:49,197 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:49,197 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1028115561] [2022-02-20 18:01:49,197 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:49,197 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:49,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:49,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,272 INFO L290 TraceCheckUtils]: 0: Hoare triple {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,273 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,273 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,273 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19008#true} #1144#return; {19008#true} is VALID [2022-02-20 18:01:49,278 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:49,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,281 INFO L290 TraceCheckUtils]: 0: Hoare triple {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,281 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,281 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,281 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19008#true} #1146#return; {19008#true} is VALID [2022-02-20 18:01:49,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:49,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume !(1 == ~handle); {19008#true} is VALID [2022-02-20 18:01:49,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,285 INFO L290 TraceCheckUtils]: 3: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,286 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19008#true} {19008#true} #1148#return; {19008#true} is VALID [2022-02-20 18:01:49,286 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:49,287 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,289 INFO L290 TraceCheckUtils]: 0: Hoare triple {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume !(1 == ~handle); {19008#true} is VALID [2022-02-20 18:01:49,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,289 INFO L290 TraceCheckUtils]: 3: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,289 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19008#true} {19008#true} #1150#return; {19008#true} is VALID [2022-02-20 18:01:49,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:49,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,305 INFO L290 TraceCheckUtils]: 0: Hoare triple {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19085#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {19085#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19085#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,306 INFO L290 TraceCheckUtils]: 2: Hoare triple {19085#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19086#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,307 INFO L290 TraceCheckUtils]: 3: Hoare triple {19086#(= 2 |setClientId_#in~handle|)} assume true; {19086#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,307 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19086#(= 2 |setClientId_#in~handle|)} {19028#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1152#return; {19009#false} is VALID [2022-02-20 18:01:49,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:01:49,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,312 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,312 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1154#return; {19009#false} is VALID [2022-02-20 18:01:49,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:01:49,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,322 INFO L290 TraceCheckUtils]: 0: Hoare triple {19087#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,322 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,322 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1130#return; {19009#false} is VALID [2022-02-20 18:01:49,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:01:49,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,332 INFO L290 TraceCheckUtils]: 0: Hoare triple {19088#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,332 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,332 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,332 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1132#return; {19009#false} is VALID [2022-02-20 18:01:49,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:49,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,345 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~10; {19008#true} is VALID [2022-02-20 18:01:49,345 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {19008#true} is VALID [2022-02-20 18:01:49,345 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,346 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1060#return; {19009#false} is VALID [2022-02-20 18:01:49,346 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:01:49,347 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~32; {19008#true} is VALID [2022-02-20 18:01:49,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {19008#true} is VALID [2022-02-20 18:01:49,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,349 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1062#return; {19009#false} is VALID [2022-02-20 18:01:49,349 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:01:49,350 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,351 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {19008#true} is VALID [2022-02-20 18:01:49,351 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle; {19008#true} is VALID [2022-02-20 18:01:49,352 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {19008#true} is VALID [2022-02-20 18:01:49,352 INFO L290 TraceCheckUtils]: 3: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,352 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19008#true} {19009#false} #1064#return; {19009#false} is VALID [2022-02-20 18:01:49,352 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:01:49,353 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {19087#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,356 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,356 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1070#return; {19009#false} is VALID [2022-02-20 18:01:49,356 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:01:49,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~35; {19008#true} is VALID [2022-02-20 18:01:49,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {19008#true} is VALID [2022-02-20 18:01:49,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,364 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1072#return; {19009#false} is VALID [2022-02-20 18:01:49,364 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:01:49,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,366 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~32; {19008#true} is VALID [2022-02-20 18:01:49,366 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {19008#true} is VALID [2022-02-20 18:01:49,367 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,367 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1074#return; {19009#false} is VALID [2022-02-20 18:01:49,367 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:01:49,367 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,370 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~10; {19008#true} is VALID [2022-02-20 18:01:49,370 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {19008#true} is VALID [2022-02-20 18:01:49,370 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,370 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1076#return; {19009#false} is VALID [2022-02-20 18:01:49,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:01:49,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~36; {19008#true} is VALID [2022-02-20 18:01:49,374 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {19008#true} is VALID [2022-02-20 18:01:49,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,374 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1078#return; {19009#false} is VALID [2022-02-20 18:01:49,374 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 18:01:49,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {19008#true} is VALID [2022-02-20 18:01:49,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {19008#true} is VALID [2022-02-20 18:01:49,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,377 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19008#true} {19009#false} #1080#return; {19009#false} is VALID [2022-02-20 18:01:49,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {19008#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {19008#true} is VALID [2022-02-20 18:01:49,378 INFO L290 TraceCheckUtils]: 1: Hoare triple {19008#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {19008#true} is VALID [2022-02-20 18:01:49,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {19008#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19008#true} is VALID [2022-02-20 18:01:49,378 INFO L290 TraceCheckUtils]: 3: Hoare triple {19008#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {19008#true} is VALID [2022-02-20 18:01:49,378 INFO L290 TraceCheckUtils]: 4: Hoare triple {19008#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {19008#true} is VALID [2022-02-20 18:01:49,378 INFO L290 TraceCheckUtils]: 5: Hoare triple {19008#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19008#true} is VALID [2022-02-20 18:01:49,379 INFO L272 TraceCheckUtils]: 6: Hoare triple {19008#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:49,379 INFO L290 TraceCheckUtils]: 7: Hoare triple {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,379 INFO L290 TraceCheckUtils]: 8: Hoare triple {19008#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,379 INFO L290 TraceCheckUtils]: 9: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,379 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19008#true} {19008#true} #1144#return; {19008#true} is VALID [2022-02-20 18:01:49,379 INFO L290 TraceCheckUtils]: 11: Hoare triple {19008#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19008#true} is VALID [2022-02-20 18:01:49,380 INFO L272 TraceCheckUtils]: 12: Hoare triple {19008#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:49,380 INFO L290 TraceCheckUtils]: 13: Hoare triple {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,380 INFO L290 TraceCheckUtils]: 14: Hoare triple {19008#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,380 INFO L290 TraceCheckUtils]: 15: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,382 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19008#true} {19008#true} #1146#return; {19008#true} is VALID [2022-02-20 18:01:49,382 INFO L290 TraceCheckUtils]: 17: Hoare triple {19008#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19008#true} is VALID [2022-02-20 18:01:49,383 INFO L272 TraceCheckUtils]: 18: Hoare triple {19008#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:49,383 INFO L290 TraceCheckUtils]: 19: Hoare triple {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,383 INFO L290 TraceCheckUtils]: 20: Hoare triple {19008#true} assume !(1 == ~handle); {19008#true} is VALID [2022-02-20 18:01:49,383 INFO L290 TraceCheckUtils]: 21: Hoare triple {19008#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,383 INFO L290 TraceCheckUtils]: 22: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,383 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19008#true} {19008#true} #1148#return; {19008#true} is VALID [2022-02-20 18:01:49,383 INFO L290 TraceCheckUtils]: 24: Hoare triple {19008#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19008#true} is VALID [2022-02-20 18:01:49,384 INFO L272 TraceCheckUtils]: 25: Hoare triple {19008#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:49,384 INFO L290 TraceCheckUtils]: 26: Hoare triple {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,384 INFO L290 TraceCheckUtils]: 27: Hoare triple {19008#true} assume !(1 == ~handle); {19008#true} is VALID [2022-02-20 18:01:49,384 INFO L290 TraceCheckUtils]: 28: Hoare triple {19008#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,384 INFO L290 TraceCheckUtils]: 29: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,384 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19008#true} {19008#true} #1150#return; {19008#true} is VALID [2022-02-20 18:01:49,385 INFO L290 TraceCheckUtils]: 31: Hoare triple {19008#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19028#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:49,385 INFO L272 TraceCheckUtils]: 32: Hoare triple {19028#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:49,386 INFO L290 TraceCheckUtils]: 33: Hoare triple {19083#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19085#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,386 INFO L290 TraceCheckUtils]: 34: Hoare triple {19085#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19085#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,386 INFO L290 TraceCheckUtils]: 35: Hoare triple {19085#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19086#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,387 INFO L290 TraceCheckUtils]: 36: Hoare triple {19086#(= 2 |setClientId_#in~handle|)} assume true; {19086#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,387 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {19086#(= 2 |setClientId_#in~handle|)} {19028#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1152#return; {19009#false} is VALID [2022-02-20 18:01:49,387 INFO L290 TraceCheckUtils]: 38: Hoare triple {19009#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {19009#false} is VALID [2022-02-20 18:01:49,387 INFO L272 TraceCheckUtils]: 39: Hoare triple {19009#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:49,388 INFO L290 TraceCheckUtils]: 40: Hoare triple {19084#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,388 INFO L290 TraceCheckUtils]: 41: Hoare triple {19008#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,388 INFO L290 TraceCheckUtils]: 42: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,388 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {19008#true} {19009#false} #1154#return; {19009#false} is VALID [2022-02-20 18:01:49,388 INFO L290 TraceCheckUtils]: 44: Hoare triple {19009#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {19009#false} is VALID [2022-02-20 18:01:49,388 INFO L290 TraceCheckUtils]: 45: Hoare triple {19009#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19009#false} is VALID [2022-02-20 18:01:49,388 INFO L290 TraceCheckUtils]: 46: Hoare triple {19009#false} assume !false; {19009#false} is VALID [2022-02-20 18:01:49,388 INFO L290 TraceCheckUtils]: 47: Hoare triple {19009#false} assume test_~splverifierCounter~0#1 < 4; {19009#false} is VALID [2022-02-20 18:01:49,388 INFO L290 TraceCheckUtils]: 48: Hoare triple {19009#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 49: Hoare triple {19009#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 50: Hoare triple {19009#false} assume !(0 != test_~tmp___9~0#1); {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 51: Hoare triple {19009#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 52: Hoare triple {19009#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 53: Hoare triple {19009#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 54: Hoare triple {19009#false} assume { :end_inline_setClientAutoResponse } true; {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 55: Hoare triple {19009#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 56: Hoare triple {19009#false} assume !false; {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 57: Hoare triple {19009#false} assume !(test_~splverifierCounter~0#1 < 4); {19009#false} is VALID [2022-02-20 18:01:49,389 INFO L290 TraceCheckUtils]: 58: Hoare triple {19009#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {19009#false} is VALID [2022-02-20 18:01:49,390 INFO L272 TraceCheckUtils]: 59: Hoare triple {19009#false} call sendEmail(~bob~0, ~rjh~0); {19009#false} is VALID [2022-02-20 18:01:49,390 INFO L290 TraceCheckUtils]: 60: Hoare triple {19009#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19009#false} is VALID [2022-02-20 18:01:49,390 INFO L272 TraceCheckUtils]: 61: Hoare triple {19009#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19087#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:49,390 INFO L290 TraceCheckUtils]: 62: Hoare triple {19087#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,390 INFO L290 TraceCheckUtils]: 63: Hoare triple {19008#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,390 INFO L290 TraceCheckUtils]: 64: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,390 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {19008#true} {19009#false} #1130#return; {19009#false} is VALID [2022-02-20 18:01:49,390 INFO L272 TraceCheckUtils]: 66: Hoare triple {19009#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19088#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:49,390 INFO L290 TraceCheckUtils]: 67: Hoare triple {19088#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,391 INFO L290 TraceCheckUtils]: 68: Hoare triple {19008#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,391 INFO L290 TraceCheckUtils]: 69: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,391 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {19008#true} {19009#false} #1132#return; {19009#false} is VALID [2022-02-20 18:01:49,391 INFO L290 TraceCheckUtils]: 71: Hoare triple {19009#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {19009#false} is VALID [2022-02-20 18:01:49,391 INFO L290 TraceCheckUtils]: 72: Hoare triple {19009#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {19009#false} is VALID [2022-02-20 18:01:49,391 INFO L272 TraceCheckUtils]: 73: Hoare triple {19009#false} call outgoing(~sender#1, ~email~0#1); {19009#false} is VALID [2022-02-20 18:01:49,391 INFO L290 TraceCheckUtils]: 74: Hoare triple {19009#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {19009#false} is VALID [2022-02-20 18:01:49,391 INFO L272 TraceCheckUtils]: 75: Hoare triple {19009#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {19008#true} is VALID [2022-02-20 18:01:49,391 INFO L290 TraceCheckUtils]: 76: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~10; {19008#true} is VALID [2022-02-20 18:01:49,392 INFO L290 TraceCheckUtils]: 77: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {19008#true} is VALID [2022-02-20 18:01:49,392 INFO L290 TraceCheckUtils]: 78: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,392 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {19008#true} {19009#false} #1060#return; {19009#false} is VALID [2022-02-20 18:01:49,392 INFO L290 TraceCheckUtils]: 80: Hoare triple {19009#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {19009#false} is VALID [2022-02-20 18:01:49,392 INFO L290 TraceCheckUtils]: 81: Hoare triple {19009#false} assume 0 == sign_~privkey~1#1; {19009#false} is VALID [2022-02-20 18:01:49,392 INFO L290 TraceCheckUtils]: 82: Hoare triple {19009#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {19009#false} is VALID [2022-02-20 18:01:49,392 INFO L272 TraceCheckUtils]: 83: Hoare triple {19009#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {19008#true} is VALID [2022-02-20 18:01:49,392 INFO L290 TraceCheckUtils]: 84: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~32; {19008#true} is VALID [2022-02-20 18:01:49,392 INFO L290 TraceCheckUtils]: 85: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {19008#true} is VALID [2022-02-20 18:01:49,393 INFO L290 TraceCheckUtils]: 86: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,393 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {19008#true} {19009#false} #1062#return; {19009#false} is VALID [2022-02-20 18:01:49,393 INFO L290 TraceCheckUtils]: 88: Hoare triple {19009#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {19009#false} is VALID [2022-02-20 18:01:49,393 INFO L272 TraceCheckUtils]: 89: Hoare triple {19009#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {19008#true} is VALID [2022-02-20 18:01:49,393 INFO L290 TraceCheckUtils]: 90: Hoare triple {19008#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {19008#true} is VALID [2022-02-20 18:01:49,393 INFO L290 TraceCheckUtils]: 91: Hoare triple {19008#true} assume 1 == ~handle; {19008#true} is VALID [2022-02-20 18:01:49,393 INFO L290 TraceCheckUtils]: 92: Hoare triple {19008#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {19008#true} is VALID [2022-02-20 18:01:49,393 INFO L290 TraceCheckUtils]: 93: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,393 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {19008#true} {19009#false} #1064#return; {19009#false} is VALID [2022-02-20 18:01:49,393 INFO L290 TraceCheckUtils]: 95: Hoare triple {19009#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {19009#false} is VALID [2022-02-20 18:01:49,394 INFO L290 TraceCheckUtils]: 96: Hoare triple {19009#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {19009#false} is VALID [2022-02-20 18:01:49,394 INFO L290 TraceCheckUtils]: 97: Hoare triple {19009#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {19009#false} is VALID [2022-02-20 18:01:49,394 INFO L290 TraceCheckUtils]: 98: Hoare triple {19009#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {19009#false} is VALID [2022-02-20 18:01:49,394 INFO L290 TraceCheckUtils]: 99: Hoare triple {19009#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {19009#false} is VALID [2022-02-20 18:01:49,394 INFO L272 TraceCheckUtils]: 100: Hoare triple {19009#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {19087#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:49,394 INFO L290 TraceCheckUtils]: 101: Hoare triple {19087#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19008#true} is VALID [2022-02-20 18:01:49,394 INFO L290 TraceCheckUtils]: 102: Hoare triple {19008#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19008#true} is VALID [2022-02-20 18:01:49,395 INFO L290 TraceCheckUtils]: 103: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,395 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {19008#true} {19009#false} #1070#return; {19009#false} is VALID [2022-02-20 18:01:49,395 INFO L290 TraceCheckUtils]: 105: Hoare triple {19009#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {19009#false} is VALID [2022-02-20 18:01:49,395 INFO L272 TraceCheckUtils]: 106: Hoare triple {19009#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {19008#true} is VALID [2022-02-20 18:01:49,395 INFO L290 TraceCheckUtils]: 107: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~35; {19008#true} is VALID [2022-02-20 18:01:49,395 INFO L290 TraceCheckUtils]: 108: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {19008#true} is VALID [2022-02-20 18:01:49,395 INFO L290 TraceCheckUtils]: 109: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,396 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {19008#true} {19009#false} #1072#return; {19009#false} is VALID [2022-02-20 18:01:49,396 INFO L290 TraceCheckUtils]: 111: Hoare triple {19009#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {19009#false} is VALID [2022-02-20 18:01:49,396 INFO L290 TraceCheckUtils]: 112: Hoare triple {19009#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {19009#false} is VALID [2022-02-20 18:01:49,396 INFO L272 TraceCheckUtils]: 113: Hoare triple {19009#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {19008#true} is VALID [2022-02-20 18:01:49,396 INFO L290 TraceCheckUtils]: 114: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~32; {19008#true} is VALID [2022-02-20 18:01:49,396 INFO L290 TraceCheckUtils]: 115: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {19008#true} is VALID [2022-02-20 18:01:49,396 INFO L290 TraceCheckUtils]: 116: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,397 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {19008#true} {19009#false} #1074#return; {19009#false} is VALID [2022-02-20 18:01:49,397 INFO L290 TraceCheckUtils]: 118: Hoare triple {19009#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {19009#false} is VALID [2022-02-20 18:01:49,397 INFO L290 TraceCheckUtils]: 119: Hoare triple {19009#false} assume 1 == ~sent_encrypted~0; {19009#false} is VALID [2022-02-20 18:01:49,397 INFO L272 TraceCheckUtils]: 120: Hoare triple {19009#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {19008#true} is VALID [2022-02-20 18:01:49,397 INFO L290 TraceCheckUtils]: 121: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~10; {19008#true} is VALID [2022-02-20 18:01:49,397 INFO L290 TraceCheckUtils]: 122: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {19008#true} is VALID [2022-02-20 18:01:49,398 INFO L290 TraceCheckUtils]: 123: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,398 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {19008#true} {19009#false} #1076#return; {19009#false} is VALID [2022-02-20 18:01:49,398 INFO L290 TraceCheckUtils]: 125: Hoare triple {19009#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {19009#false} is VALID [2022-02-20 18:01:49,398 INFO L272 TraceCheckUtils]: 126: Hoare triple {19009#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {19008#true} is VALID [2022-02-20 18:01:49,398 INFO L290 TraceCheckUtils]: 127: Hoare triple {19008#true} ~handle := #in~handle;havoc ~retValue_acc~36; {19008#true} is VALID [2022-02-20 18:01:49,398 INFO L290 TraceCheckUtils]: 128: Hoare triple {19008#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {19008#true} is VALID [2022-02-20 18:01:49,398 INFO L290 TraceCheckUtils]: 129: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,399 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {19008#true} {19009#false} #1078#return; {19009#false} is VALID [2022-02-20 18:01:49,399 INFO L290 TraceCheckUtils]: 131: Hoare triple {19009#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {19009#false} is VALID [2022-02-20 18:01:49,399 INFO L272 TraceCheckUtils]: 132: Hoare triple {19009#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {19008#true} is VALID [2022-02-20 18:01:49,399 INFO L290 TraceCheckUtils]: 133: Hoare triple {19008#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {19008#true} is VALID [2022-02-20 18:01:49,399 INFO L290 TraceCheckUtils]: 134: Hoare triple {19008#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {19008#true} is VALID [2022-02-20 18:01:49,399 INFO L290 TraceCheckUtils]: 135: Hoare triple {19008#true} assume true; {19008#true} is VALID [2022-02-20 18:01:49,399 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {19008#true} {19009#false} #1080#return; {19009#false} is VALID [2022-02-20 18:01:49,400 INFO L290 TraceCheckUtils]: 137: Hoare triple {19009#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {19009#false} is VALID [2022-02-20 18:01:49,400 INFO L290 TraceCheckUtils]: 138: Hoare triple {19009#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {19009#false} is VALID [2022-02-20 18:01:49,400 INFO L290 TraceCheckUtils]: 139: Hoare triple {19009#false} assume !false; {19009#false} is VALID [2022-02-20 18:01:49,400 INFO L134 CoverageAnalysis]: Checked inductivity of 39 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:01:49,401 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:49,401 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1028115561] [2022-02-20 18:01:49,401 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1028115561] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:49,401 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:49,401 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:01:49,401 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1971951466] [2022-02-20 18:01:49,401 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:49,403 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 140 [2022-02-20 18:01:49,403 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:49,403 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:49,505 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:49,506 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:01:49,506 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:49,506 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:01:49,506 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:49,507 INFO L87 Difference]: Start difference. First operand 446 states and 672 transitions. Second operand has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:58,051 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:58,051 INFO L93 Difference]: Finished difference Result 1090 states and 1654 transitions. [2022-02-20 18:01:58,052 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:01:58,052 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 140 [2022-02-20 18:01:58,053 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:58,053 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:58,074 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1450 transitions. [2022-02-20 18:01:58,075 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:58,095 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1450 transitions. [2022-02-20 18:01:58,095 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1450 transitions. [2022-02-20 18:01:59,385 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1450 edges. 1450 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:59,419 INFO L225 Difference]: With dead ends: 1090 [2022-02-20 18:01:59,419 INFO L226 Difference]: Without dead ends: 667 [2022-02-20 18:01:59,421 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:01:59,422 INFO L933 BasicCegarLoop]: 728 mSDtfsCounter, 1390 mSDsluCounter, 863 mSDsCounter, 0 mSdLazyCounter, 2677 mSolverCounterSat, 601 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1408 SdHoareTripleChecker+Valid, 1591 SdHoareTripleChecker+Invalid, 3278 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 601 IncrementalHoareTripleChecker+Valid, 2677 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:59,423 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1408 Valid, 1591 Invalid, 3278 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [601 Valid, 2677 Invalid, 0 Unknown, 0 Unchecked, 3.9s Time] [2022-02-20 18:01:59,424 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 667 states. [2022-02-20 18:01:59,537 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 667 to 448. [2022-02-20 18:01:59,537 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:59,554 INFO L82 GeneralOperation]: Start isEquivalent. First operand 667 states. Second operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:01:59,556 INFO L74 IsIncluded]: Start isIncluded. First operand 667 states. Second operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:01:59,557 INFO L87 Difference]: Start difference. First operand 667 states. Second operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:01:59,594 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:59,595 INFO L93 Difference]: Finished difference Result 667 states and 1012 transitions. [2022-02-20 18:01:59,595 INFO L276 IsEmpty]: Start isEmpty. Operand 667 states and 1012 transitions. [2022-02-20 18:01:59,600 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:59,600 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:59,601 INFO L74 IsIncluded]: Start isIncluded. First operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) Second operand 667 states. [2022-02-20 18:01:59,602 INFO L87 Difference]: Start difference. First operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) Second operand 667 states. [2022-02-20 18:01:59,637 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:59,637 INFO L93 Difference]: Finished difference Result 667 states and 1012 transitions. [2022-02-20 18:01:59,638 INFO L276 IsEmpty]: Start isEmpty. Operand 667 states and 1012 transitions. [2022-02-20 18:01:59,642 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:59,642 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:59,643 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:59,643 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:59,644 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:01:59,663 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 448 states to 448 states and 675 transitions. [2022-02-20 18:01:59,663 INFO L78 Accepts]: Start accepts. Automaton has 448 states and 675 transitions. Word has length 140 [2022-02-20 18:01:59,664 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:59,664 INFO L470 AbstractCegarLoop]: Abstraction has 448 states and 675 transitions. [2022-02-20 18:01:59,664 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.875) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:59,664 INFO L276 IsEmpty]: Start isEmpty. Operand 448 states and 675 transitions. [2022-02-20 18:01:59,667 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 142 [2022-02-20 18:01:59,667 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:59,667 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:59,668 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:01:59,668 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:59,668 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:59,668 INFO L85 PathProgramCache]: Analyzing trace with hash -1665185423, now seen corresponding path program 1 times [2022-02-20 18:01:59,669 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:59,669 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1410236221] [2022-02-20 18:01:59,669 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:59,669 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:59,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:59,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,736 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,736 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22647#true} #1144#return; {22647#true} is VALID [2022-02-20 18:01:59,741 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:59,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,745 INFO L290 TraceCheckUtils]: 0: Hoare triple {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,745 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,745 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,745 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22647#true} #1146#return; {22647#true} is VALID [2022-02-20 18:01:59,746 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:59,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,750 INFO L290 TraceCheckUtils]: 0: Hoare triple {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,750 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume !(1 == ~handle); {22647#true} is VALID [2022-02-20 18:01:59,750 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,750 INFO L290 TraceCheckUtils]: 3: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,750 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22647#true} {22647#true} #1148#return; {22647#true} is VALID [2022-02-20 18:01:59,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:59,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume !(1 == ~handle); {22647#true} is VALID [2022-02-20 18:01:59,757 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,758 INFO L290 TraceCheckUtils]: 3: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,758 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22647#true} {22647#true} #1150#return; {22647#true} is VALID [2022-02-20 18:01:59,758 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:59,760 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:59,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {22725#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:59,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {22725#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:59,777 INFO L290 TraceCheckUtils]: 3: Hoare triple {22725#(= setClientId_~handle |setClientId_#in~handle|)} assume !(3 == ~handle); {22726#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 18:01:59,777 INFO L290 TraceCheckUtils]: 4: Hoare triple {22726#(not (= 3 |setClientId_#in~handle|))} assume true; {22726#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 18:01:59,778 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22726#(not (= 3 |setClientId_#in~handle|))} {22667#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1152#return; {22648#false} is VALID [2022-02-20 18:01:59,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:01:59,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,782 INFO L290 TraceCheckUtils]: 0: Hoare triple {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,782 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,782 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,782 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1154#return; {22648#false} is VALID [2022-02-20 18:01:59,789 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:01:59,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {22727#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,792 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,792 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1130#return; {22648#false} is VALID [2022-02-20 18:01:59,799 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:01:59,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {22728#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,803 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,803 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1132#return; {22648#false} is VALID [2022-02-20 18:01:59,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:01:59,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,806 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~10; {22647#true} is VALID [2022-02-20 18:01:59,807 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {22647#true} is VALID [2022-02-20 18:01:59,807 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,807 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1060#return; {22648#false} is VALID [2022-02-20 18:01:59,807 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:01:59,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~32; {22647#true} is VALID [2022-02-20 18:01:59,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {22647#true} is VALID [2022-02-20 18:01:59,810 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,810 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1062#return; {22648#false} is VALID [2022-02-20 18:01:59,810 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:01:59,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,813 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {22647#true} is VALID [2022-02-20 18:01:59,813 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle; {22647#true} is VALID [2022-02-20 18:01:59,813 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {22647#true} is VALID [2022-02-20 18:01:59,813 INFO L290 TraceCheckUtils]: 3: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,813 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22647#true} {22648#false} #1064#return; {22648#false} is VALID [2022-02-20 18:01:59,814 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:01:59,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,816 INFO L290 TraceCheckUtils]: 0: Hoare triple {22727#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,816 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,816 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,817 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1070#return; {22648#false} is VALID [2022-02-20 18:01:59,817 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:01:59,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~35; {22647#true} is VALID [2022-02-20 18:01:59,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {22647#true} is VALID [2022-02-20 18:01:59,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,821 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1072#return; {22648#false} is VALID [2022-02-20 18:01:59,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:01:59,822 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,825 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~32; {22647#true} is VALID [2022-02-20 18:01:59,825 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {22647#true} is VALID [2022-02-20 18:01:59,825 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,825 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1074#return; {22648#false} is VALID [2022-02-20 18:01:59,825 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 18:01:59,826 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,828 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~10; {22647#true} is VALID [2022-02-20 18:01:59,828 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {22647#true} is VALID [2022-02-20 18:01:59,828 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,829 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1076#return; {22648#false} is VALID [2022-02-20 18:01:59,829 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:01:59,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22647#true} is VALID [2022-02-20 18:01:59,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {22647#true} is VALID [2022-02-20 18:01:59,832 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,832 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1078#return; {22648#false} is VALID [2022-02-20 18:01:59,832 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 18:01:59,833 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,836 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {22647#true} is VALID [2022-02-20 18:01:59,836 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {22647#true} is VALID [2022-02-20 18:01:59,836 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,837 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22647#true} {22648#false} #1080#return; {22648#false} is VALID [2022-02-20 18:01:59,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {22647#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {22647#true} is VALID [2022-02-20 18:01:59,837 INFO L290 TraceCheckUtils]: 1: Hoare triple {22647#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {22647#true} is VALID [2022-02-20 18:01:59,837 INFO L290 TraceCheckUtils]: 2: Hoare triple {22647#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22647#true} is VALID [2022-02-20 18:01:59,837 INFO L290 TraceCheckUtils]: 3: Hoare triple {22647#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {22647#true} is VALID [2022-02-20 18:01:59,837 INFO L290 TraceCheckUtils]: 4: Hoare triple {22647#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {22647#true} is VALID [2022-02-20 18:01:59,838 INFO L290 TraceCheckUtils]: 5: Hoare triple {22647#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22647#true} is VALID [2022-02-20 18:01:59,838 INFO L272 TraceCheckUtils]: 6: Hoare triple {22647#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:59,838 INFO L290 TraceCheckUtils]: 7: Hoare triple {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,839 INFO L290 TraceCheckUtils]: 8: Hoare triple {22647#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,839 INFO L290 TraceCheckUtils]: 9: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,839 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22647#true} {22647#true} #1144#return; {22647#true} is VALID [2022-02-20 18:01:59,839 INFO L290 TraceCheckUtils]: 11: Hoare triple {22647#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22647#true} is VALID [2022-02-20 18:01:59,840 INFO L272 TraceCheckUtils]: 12: Hoare triple {22647#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:59,840 INFO L290 TraceCheckUtils]: 13: Hoare triple {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,840 INFO L290 TraceCheckUtils]: 14: Hoare triple {22647#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,840 INFO L290 TraceCheckUtils]: 15: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,840 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22647#true} {22647#true} #1146#return; {22647#true} is VALID [2022-02-20 18:01:59,840 INFO L290 TraceCheckUtils]: 17: Hoare triple {22647#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22647#true} is VALID [2022-02-20 18:01:59,841 INFO L272 TraceCheckUtils]: 18: Hoare triple {22647#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:59,841 INFO L290 TraceCheckUtils]: 19: Hoare triple {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,841 INFO L290 TraceCheckUtils]: 20: Hoare triple {22647#true} assume !(1 == ~handle); {22647#true} is VALID [2022-02-20 18:01:59,841 INFO L290 TraceCheckUtils]: 21: Hoare triple {22647#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,842 INFO L290 TraceCheckUtils]: 22: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,842 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22647#true} {22647#true} #1148#return; {22647#true} is VALID [2022-02-20 18:01:59,842 INFO L290 TraceCheckUtils]: 24: Hoare triple {22647#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22647#true} is VALID [2022-02-20 18:01:59,843 INFO L272 TraceCheckUtils]: 25: Hoare triple {22647#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:59,843 INFO L290 TraceCheckUtils]: 26: Hoare triple {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,843 INFO L290 TraceCheckUtils]: 27: Hoare triple {22647#true} assume !(1 == ~handle); {22647#true} is VALID [2022-02-20 18:01:59,843 INFO L290 TraceCheckUtils]: 28: Hoare triple {22647#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,843 INFO L290 TraceCheckUtils]: 29: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,843 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22647#true} {22647#true} #1150#return; {22647#true} is VALID [2022-02-20 18:01:59,844 INFO L290 TraceCheckUtils]: 31: Hoare triple {22647#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22667#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:59,844 INFO L272 TraceCheckUtils]: 32: Hoare triple {22667#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:59,845 INFO L290 TraceCheckUtils]: 33: Hoare triple {22723#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:59,845 INFO L290 TraceCheckUtils]: 34: Hoare triple {22725#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:59,845 INFO L290 TraceCheckUtils]: 35: Hoare triple {22725#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22725#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:59,846 INFO L290 TraceCheckUtils]: 36: Hoare triple {22725#(= setClientId_~handle |setClientId_#in~handle|)} assume !(3 == ~handle); {22726#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 18:01:59,846 INFO L290 TraceCheckUtils]: 37: Hoare triple {22726#(not (= 3 |setClientId_#in~handle|))} assume true; {22726#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 18:01:59,847 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22726#(not (= 3 |setClientId_#in~handle|))} {22667#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1152#return; {22648#false} is VALID [2022-02-20 18:01:59,847 INFO L290 TraceCheckUtils]: 39: Hoare triple {22648#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {22648#false} is VALID [2022-02-20 18:01:59,847 INFO L272 TraceCheckUtils]: 40: Hoare triple {22648#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:59,847 INFO L290 TraceCheckUtils]: 41: Hoare triple {22724#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,847 INFO L290 TraceCheckUtils]: 42: Hoare triple {22647#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,848 INFO L290 TraceCheckUtils]: 43: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,848 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {22647#true} {22648#false} #1154#return; {22648#false} is VALID [2022-02-20 18:01:59,848 INFO L290 TraceCheckUtils]: 45: Hoare triple {22648#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {22648#false} is VALID [2022-02-20 18:01:59,848 INFO L290 TraceCheckUtils]: 46: Hoare triple {22648#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22648#false} is VALID [2022-02-20 18:01:59,848 INFO L290 TraceCheckUtils]: 47: Hoare triple {22648#false} assume !false; {22648#false} is VALID [2022-02-20 18:01:59,848 INFO L290 TraceCheckUtils]: 48: Hoare triple {22648#false} assume test_~splverifierCounter~0#1 < 4; {22648#false} is VALID [2022-02-20 18:01:59,849 INFO L290 TraceCheckUtils]: 49: Hoare triple {22648#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22648#false} is VALID [2022-02-20 18:01:59,849 INFO L290 TraceCheckUtils]: 50: Hoare triple {22648#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {22648#false} is VALID [2022-02-20 18:01:59,849 INFO L290 TraceCheckUtils]: 51: Hoare triple {22648#false} assume !(0 != test_~tmp___9~0#1); {22648#false} is VALID [2022-02-20 18:01:59,849 INFO L290 TraceCheckUtils]: 52: Hoare triple {22648#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {22648#false} is VALID [2022-02-20 18:01:59,849 INFO L290 TraceCheckUtils]: 53: Hoare triple {22648#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {22648#false} is VALID [2022-02-20 18:01:59,849 INFO L290 TraceCheckUtils]: 54: Hoare triple {22648#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {22648#false} is VALID [2022-02-20 18:01:59,849 INFO L290 TraceCheckUtils]: 55: Hoare triple {22648#false} assume { :end_inline_setClientAutoResponse } true; {22648#false} is VALID [2022-02-20 18:01:59,850 INFO L290 TraceCheckUtils]: 56: Hoare triple {22648#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {22648#false} is VALID [2022-02-20 18:01:59,850 INFO L290 TraceCheckUtils]: 57: Hoare triple {22648#false} assume !false; {22648#false} is VALID [2022-02-20 18:01:59,850 INFO L290 TraceCheckUtils]: 58: Hoare triple {22648#false} assume !(test_~splverifierCounter~0#1 < 4); {22648#false} is VALID [2022-02-20 18:01:59,850 INFO L290 TraceCheckUtils]: 59: Hoare triple {22648#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {22648#false} is VALID [2022-02-20 18:01:59,850 INFO L272 TraceCheckUtils]: 60: Hoare triple {22648#false} call sendEmail(~bob~0, ~rjh~0); {22648#false} is VALID [2022-02-20 18:01:59,850 INFO L290 TraceCheckUtils]: 61: Hoare triple {22648#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22648#false} is VALID [2022-02-20 18:01:59,850 INFO L272 TraceCheckUtils]: 62: Hoare triple {22648#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22727#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:59,851 INFO L290 TraceCheckUtils]: 63: Hoare triple {22727#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,851 INFO L290 TraceCheckUtils]: 64: Hoare triple {22647#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,851 INFO L290 TraceCheckUtils]: 65: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,851 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {22647#true} {22648#false} #1130#return; {22648#false} is VALID [2022-02-20 18:01:59,851 INFO L272 TraceCheckUtils]: 67: Hoare triple {22648#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22728#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:59,851 INFO L290 TraceCheckUtils]: 68: Hoare triple {22728#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,852 INFO L290 TraceCheckUtils]: 69: Hoare triple {22647#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,852 INFO L290 TraceCheckUtils]: 70: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,852 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {22647#true} {22648#false} #1132#return; {22648#false} is VALID [2022-02-20 18:01:59,852 INFO L290 TraceCheckUtils]: 72: Hoare triple {22648#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {22648#false} is VALID [2022-02-20 18:01:59,852 INFO L290 TraceCheckUtils]: 73: Hoare triple {22648#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {22648#false} is VALID [2022-02-20 18:01:59,852 INFO L272 TraceCheckUtils]: 74: Hoare triple {22648#false} call outgoing(~sender#1, ~email~0#1); {22648#false} is VALID [2022-02-20 18:01:59,852 INFO L290 TraceCheckUtils]: 75: Hoare triple {22648#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {22648#false} is VALID [2022-02-20 18:01:59,853 INFO L272 TraceCheckUtils]: 76: Hoare triple {22648#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {22647#true} is VALID [2022-02-20 18:01:59,853 INFO L290 TraceCheckUtils]: 77: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~10; {22647#true} is VALID [2022-02-20 18:01:59,853 INFO L290 TraceCheckUtils]: 78: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {22647#true} is VALID [2022-02-20 18:01:59,853 INFO L290 TraceCheckUtils]: 79: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,853 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {22647#true} {22648#false} #1060#return; {22648#false} is VALID [2022-02-20 18:01:59,853 INFO L290 TraceCheckUtils]: 81: Hoare triple {22648#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {22648#false} is VALID [2022-02-20 18:01:59,853 INFO L290 TraceCheckUtils]: 82: Hoare triple {22648#false} assume 0 == sign_~privkey~1#1; {22648#false} is VALID [2022-02-20 18:01:59,854 INFO L290 TraceCheckUtils]: 83: Hoare triple {22648#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {22648#false} is VALID [2022-02-20 18:01:59,854 INFO L272 TraceCheckUtils]: 84: Hoare triple {22648#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {22647#true} is VALID [2022-02-20 18:01:59,854 INFO L290 TraceCheckUtils]: 85: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~32; {22647#true} is VALID [2022-02-20 18:01:59,854 INFO L290 TraceCheckUtils]: 86: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {22647#true} is VALID [2022-02-20 18:01:59,854 INFO L290 TraceCheckUtils]: 87: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,854 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {22647#true} {22648#false} #1062#return; {22648#false} is VALID [2022-02-20 18:01:59,854 INFO L290 TraceCheckUtils]: 89: Hoare triple {22648#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {22648#false} is VALID [2022-02-20 18:01:59,855 INFO L272 TraceCheckUtils]: 90: Hoare triple {22648#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {22647#true} is VALID [2022-02-20 18:01:59,855 INFO L290 TraceCheckUtils]: 91: Hoare triple {22647#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {22647#true} is VALID [2022-02-20 18:01:59,855 INFO L290 TraceCheckUtils]: 92: Hoare triple {22647#true} assume 1 == ~handle; {22647#true} is VALID [2022-02-20 18:01:59,855 INFO L290 TraceCheckUtils]: 93: Hoare triple {22647#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {22647#true} is VALID [2022-02-20 18:01:59,855 INFO L290 TraceCheckUtils]: 94: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,855 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {22647#true} {22648#false} #1064#return; {22648#false} is VALID [2022-02-20 18:01:59,855 INFO L290 TraceCheckUtils]: 96: Hoare triple {22648#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {22648#false} is VALID [2022-02-20 18:01:59,856 INFO L290 TraceCheckUtils]: 97: Hoare triple {22648#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {22648#false} is VALID [2022-02-20 18:01:59,856 INFO L290 TraceCheckUtils]: 98: Hoare triple {22648#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {22648#false} is VALID [2022-02-20 18:01:59,856 INFO L290 TraceCheckUtils]: 99: Hoare triple {22648#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {22648#false} is VALID [2022-02-20 18:01:59,856 INFO L290 TraceCheckUtils]: 100: Hoare triple {22648#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {22648#false} is VALID [2022-02-20 18:01:59,856 INFO L272 TraceCheckUtils]: 101: Hoare triple {22648#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {22727#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:59,856 INFO L290 TraceCheckUtils]: 102: Hoare triple {22727#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22647#true} is VALID [2022-02-20 18:01:59,857 INFO L290 TraceCheckUtils]: 103: Hoare triple {22647#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22647#true} is VALID [2022-02-20 18:01:59,857 INFO L290 TraceCheckUtils]: 104: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,857 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {22647#true} {22648#false} #1070#return; {22648#false} is VALID [2022-02-20 18:01:59,857 INFO L290 TraceCheckUtils]: 106: Hoare triple {22648#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {22648#false} is VALID [2022-02-20 18:01:59,857 INFO L272 TraceCheckUtils]: 107: Hoare triple {22648#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {22647#true} is VALID [2022-02-20 18:01:59,857 INFO L290 TraceCheckUtils]: 108: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~35; {22647#true} is VALID [2022-02-20 18:01:59,857 INFO L290 TraceCheckUtils]: 109: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {22647#true} is VALID [2022-02-20 18:01:59,858 INFO L290 TraceCheckUtils]: 110: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,858 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {22647#true} {22648#false} #1072#return; {22648#false} is VALID [2022-02-20 18:01:59,858 INFO L290 TraceCheckUtils]: 112: Hoare triple {22648#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {22648#false} is VALID [2022-02-20 18:01:59,858 INFO L290 TraceCheckUtils]: 113: Hoare triple {22648#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {22648#false} is VALID [2022-02-20 18:01:59,858 INFO L272 TraceCheckUtils]: 114: Hoare triple {22648#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {22647#true} is VALID [2022-02-20 18:01:59,858 INFO L290 TraceCheckUtils]: 115: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~32; {22647#true} is VALID [2022-02-20 18:01:59,858 INFO L290 TraceCheckUtils]: 116: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {22647#true} is VALID [2022-02-20 18:01:59,859 INFO L290 TraceCheckUtils]: 117: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,859 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {22647#true} {22648#false} #1074#return; {22648#false} is VALID [2022-02-20 18:01:59,859 INFO L290 TraceCheckUtils]: 119: Hoare triple {22648#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {22648#false} is VALID [2022-02-20 18:01:59,859 INFO L290 TraceCheckUtils]: 120: Hoare triple {22648#false} assume 1 == ~sent_encrypted~0; {22648#false} is VALID [2022-02-20 18:01:59,859 INFO L272 TraceCheckUtils]: 121: Hoare triple {22648#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {22647#true} is VALID [2022-02-20 18:01:59,859 INFO L290 TraceCheckUtils]: 122: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~10; {22647#true} is VALID [2022-02-20 18:01:59,859 INFO L290 TraceCheckUtils]: 123: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {22647#true} is VALID [2022-02-20 18:01:59,860 INFO L290 TraceCheckUtils]: 124: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,860 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {22647#true} {22648#false} #1076#return; {22648#false} is VALID [2022-02-20 18:01:59,860 INFO L290 TraceCheckUtils]: 126: Hoare triple {22648#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {22648#false} is VALID [2022-02-20 18:01:59,860 INFO L272 TraceCheckUtils]: 127: Hoare triple {22648#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {22647#true} is VALID [2022-02-20 18:01:59,860 INFO L290 TraceCheckUtils]: 128: Hoare triple {22647#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22647#true} is VALID [2022-02-20 18:01:59,860 INFO L290 TraceCheckUtils]: 129: Hoare triple {22647#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {22647#true} is VALID [2022-02-20 18:01:59,861 INFO L290 TraceCheckUtils]: 130: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,861 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {22647#true} {22648#false} #1078#return; {22648#false} is VALID [2022-02-20 18:01:59,861 INFO L290 TraceCheckUtils]: 132: Hoare triple {22648#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {22648#false} is VALID [2022-02-20 18:01:59,861 INFO L272 TraceCheckUtils]: 133: Hoare triple {22648#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {22647#true} is VALID [2022-02-20 18:01:59,861 INFO L290 TraceCheckUtils]: 134: Hoare triple {22647#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {22647#true} is VALID [2022-02-20 18:01:59,861 INFO L290 TraceCheckUtils]: 135: Hoare triple {22647#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {22647#true} is VALID [2022-02-20 18:01:59,861 INFO L290 TraceCheckUtils]: 136: Hoare triple {22647#true} assume true; {22647#true} is VALID [2022-02-20 18:01:59,862 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {22647#true} {22648#false} #1080#return; {22648#false} is VALID [2022-02-20 18:01:59,862 INFO L290 TraceCheckUtils]: 138: Hoare triple {22648#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {22648#false} is VALID [2022-02-20 18:01:59,862 INFO L290 TraceCheckUtils]: 139: Hoare triple {22648#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {22648#false} is VALID [2022-02-20 18:01:59,862 INFO L290 TraceCheckUtils]: 140: Hoare triple {22648#false} assume !false; {22648#false} is VALID [2022-02-20 18:01:59,863 INFO L134 CoverageAnalysis]: Checked inductivity of 39 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:01:59,864 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:59,864 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1410236221] [2022-02-20 18:01:59,864 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1410236221] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:59,864 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:59,864 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:01:59,864 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [227188046] [2022-02-20 18:01:59,864 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:59,866 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 141 [2022-02-20 18:01:59,867 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:59,867 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:01:59,955 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:59,956 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:01:59,956 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:59,957 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:01:59,957 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:59,957 INFO L87 Difference]: Start difference. First operand 448 states and 675 transitions. Second operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:08,056 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:08,057 INFO L93 Difference]: Finished difference Result 1090 states and 1653 transitions. [2022-02-20 18:02:08,057 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:02:08,057 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 141 [2022-02-20 18:02:08,058 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:08,058 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:08,078 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1449 transitions. [2022-02-20 18:02:08,079 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:08,097 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1449 transitions. [2022-02-20 18:02:08,097 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1449 transitions. [2022-02-20 18:02:09,408 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1449 edges. 1449 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:09,447 INFO L225 Difference]: With dead ends: 1090 [2022-02-20 18:02:09,448 INFO L226 Difference]: Without dead ends: 667 [2022-02-20 18:02:09,450 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 54 GetRequests, 38 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 41 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=89, Invalid=217, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:02:09,451 INFO L933 BasicCegarLoop]: 727 mSDtfsCounter, 1393 mSDsluCounter, 863 mSDsCounter, 0 mSdLazyCounter, 2648 mSolverCounterSat, 617 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1410 SdHoareTripleChecker+Valid, 1590 SdHoareTripleChecker+Invalid, 3265 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 617 IncrementalHoareTripleChecker+Valid, 2648 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:09,451 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1410 Valid, 1590 Invalid, 3265 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [617 Valid, 2648 Invalid, 0 Unknown, 0 Unchecked, 3.6s Time] [2022-02-20 18:02:09,452 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 667 states. [2022-02-20 18:02:09,548 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 667 to 448. [2022-02-20 18:02:09,548 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:09,550 INFO L82 GeneralOperation]: Start isEquivalent. First operand 667 states. Second operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:09,550 INFO L74 IsIncluded]: Start isIncluded. First operand 667 states. Second operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:09,552 INFO L87 Difference]: Start difference. First operand 667 states. Second operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:09,593 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:09,594 INFO L93 Difference]: Finished difference Result 667 states and 1011 transitions. [2022-02-20 18:02:09,594 INFO L276 IsEmpty]: Start isEmpty. Operand 667 states and 1011 transitions. [2022-02-20 18:02:09,598 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:09,598 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:09,599 INFO L74 IsIncluded]: Start isIncluded. First operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) Second operand 667 states. [2022-02-20 18:02:09,600 INFO L87 Difference]: Start difference. First operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) Second operand 667 states. [2022-02-20 18:02:09,632 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:09,633 INFO L93 Difference]: Finished difference Result 667 states and 1011 transitions. [2022-02-20 18:02:09,633 INFO L276 IsEmpty]: Start isEmpty. Operand 667 states and 1011 transitions. [2022-02-20 18:02:09,636 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:09,637 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:09,637 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:09,637 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:09,638 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 448 states, 344 states have (on average 1.5) internal successors, (516), 350 states have internal predecessors, (516), 76 states have call successors, (76), 24 states have call predecessors, (76), 27 states have return successors, (83), 75 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:09,657 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 448 states to 448 states and 675 transitions. [2022-02-20 18:02:09,658 INFO L78 Accepts]: Start accepts. Automaton has 448 states and 675 transitions. Word has length 141 [2022-02-20 18:02:09,658 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:09,658 INFO L470 AbstractCegarLoop]: Abstraction has 448 states and 675 transitions. [2022-02-20 18:02:09,659 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (19), 6 states have call predecessors, (19), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:09,659 INFO L276 IsEmpty]: Start isEmpty. Operand 448 states and 675 transitions. [2022-02-20 18:02:09,661 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 142 [2022-02-20 18:02:09,661 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:09,661 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:09,661 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:02:09,661 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:09,662 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:09,662 INFO L85 PathProgramCache]: Analyzing trace with hash -1783626897, now seen corresponding path program 1 times [2022-02-20 18:02:09,662 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:09,662 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1117461897] [2022-02-20 18:02:09,662 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:09,663 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:09,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,734 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:09,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,739 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,739 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,739 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26290#true} #1144#return; {26290#true} is VALID [2022-02-20 18:02:09,745 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:09,747 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,749 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,749 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,749 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26290#true} #1146#return; {26290#true} is VALID [2022-02-20 18:02:09,749 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:09,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,754 INFO L290 TraceCheckUtils]: 0: Hoare triple {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,754 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume !(1 == ~handle); {26290#true} is VALID [2022-02-20 18:02:09,754 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,754 INFO L290 TraceCheckUtils]: 3: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,754 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26290#true} {26290#true} #1148#return; {26290#true} is VALID [2022-02-20 18:02:09,754 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:09,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,758 INFO L290 TraceCheckUtils]: 0: Hoare triple {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,758 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume !(1 == ~handle); {26290#true} is VALID [2022-02-20 18:02:09,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,758 INFO L290 TraceCheckUtils]: 3: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,759 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26290#true} {26290#true} #1150#return; {26290#true} is VALID [2022-02-20 18:02:09,759 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:09,761 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,779 INFO L290 TraceCheckUtils]: 0: Hoare triple {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26369#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,780 INFO L290 TraceCheckUtils]: 1: Hoare triple {26369#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26369#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,780 INFO L290 TraceCheckUtils]: 2: Hoare triple {26369#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26369#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,780 INFO L290 TraceCheckUtils]: 3: Hoare triple {26369#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26370#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,781 INFO L290 TraceCheckUtils]: 4: Hoare triple {26370#(= 3 |setClientId_#in~handle|)} assume true; {26370#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,781 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {26370#(= 3 |setClientId_#in~handle|)} {26310#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1152#return; {26317#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:09,782 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:09,784 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26371#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:09,801 INFO L290 TraceCheckUtils]: 1: Hoare triple {26371#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26372#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:09,801 INFO L290 TraceCheckUtils]: 2: Hoare triple {26372#(= |setClientPrivateKey_#in~handle| 1)} assume true; {26372#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:09,802 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26372#(= |setClientPrivateKey_#in~handle| 1)} {26317#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1154#return; {26291#false} is VALID [2022-02-20 18:02:09,810 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:02:09,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,813 INFO L290 TraceCheckUtils]: 0: Hoare triple {26373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,813 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,813 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,813 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1130#return; {26291#false} is VALID [2022-02-20 18:02:09,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:02:09,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,829 INFO L290 TraceCheckUtils]: 0: Hoare triple {26374#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,829 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,829 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1132#return; {26291#false} is VALID [2022-02-20 18:02:09,830 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:02:09,831 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,833 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~10; {26290#true} is VALID [2022-02-20 18:02:09,833 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {26290#true} is VALID [2022-02-20 18:02:09,833 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,833 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1060#return; {26291#false} is VALID [2022-02-20 18:02:09,833 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:02:09,834 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,836 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~32; {26290#true} is VALID [2022-02-20 18:02:09,836 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {26290#true} is VALID [2022-02-20 18:02:09,836 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,836 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1062#return; {26291#false} is VALID [2022-02-20 18:02:09,837 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:02:09,837 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {26290#true} is VALID [2022-02-20 18:02:09,841 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle; {26290#true} is VALID [2022-02-20 18:02:09,841 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {26290#true} is VALID [2022-02-20 18:02:09,841 INFO L290 TraceCheckUtils]: 3: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,841 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26290#true} {26291#false} #1064#return; {26291#false} is VALID [2022-02-20 18:02:09,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:09,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,844 INFO L290 TraceCheckUtils]: 0: Hoare triple {26373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,844 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,844 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,845 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1070#return; {26291#false} is VALID [2022-02-20 18:02:09,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:02:09,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~35; {26290#true} is VALID [2022-02-20 18:02:09,849 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {26290#true} is VALID [2022-02-20 18:02:09,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,849 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1072#return; {26291#false} is VALID [2022-02-20 18:02:09,849 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:02:09,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,852 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~32; {26290#true} is VALID [2022-02-20 18:02:09,852 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {26290#true} is VALID [2022-02-20 18:02:09,852 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,852 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1074#return; {26291#false} is VALID [2022-02-20 18:02:09,852 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 18:02:09,853 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,855 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~10; {26290#true} is VALID [2022-02-20 18:02:09,855 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {26290#true} is VALID [2022-02-20 18:02:09,855 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,855 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1076#return; {26291#false} is VALID [2022-02-20 18:02:09,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:02:09,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,858 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~36; {26290#true} is VALID [2022-02-20 18:02:09,859 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {26290#true} is VALID [2022-02-20 18:02:09,859 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,859 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1078#return; {26291#false} is VALID [2022-02-20 18:02:09,859 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 18:02:09,860 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:09,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {26290#true} is VALID [2022-02-20 18:02:09,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {26290#true} is VALID [2022-02-20 18:02:09,862 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,863 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26290#true} {26291#false} #1080#return; {26291#false} is VALID [2022-02-20 18:02:09,863 INFO L290 TraceCheckUtils]: 0: Hoare triple {26290#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(4, 4);call write~init~int(37, 4, 0, 1);call write~init~int(115, 4, 1, 1);call write~init~int(10, 4, 2, 1);call write~init~int(0, 4, 3, 1);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(16, 6);call #Ultimate.allocInit(20, 7);call #Ultimate.allocInit(22, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(19, 11);call #Ultimate.allocInit(16, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(12, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(18, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(21, 39);call #Ultimate.allocInit(13, 40);call #Ultimate.allocInit(16, 41);call #Ultimate.allocInit(25, 42);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_encrypted~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {26290#true} is VALID [2022-02-20 18:02:09,863 INFO L290 TraceCheckUtils]: 1: Hoare triple {26290#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret59#1, main_~retValue_acc~23#1, main_~tmp~16#1;havoc main_~retValue_acc~23#1;havoc main_~tmp~16#1;assume { :begin_inline_select_helpers } true; {26290#true} is VALID [2022-02-20 18:02:09,863 INFO L290 TraceCheckUtils]: 2: Hoare triple {26290#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {26290#true} is VALID [2022-02-20 18:02:09,863 INFO L290 TraceCheckUtils]: 3: Hoare triple {26290#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~25#1;havoc valid_product_~retValue_acc~25#1;valid_product_~retValue_acc~25#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~25#1; {26290#true} is VALID [2022-02-20 18:02:09,863 INFO L290 TraceCheckUtils]: 4: Hoare triple {26290#true} main_#t~ret59#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret59#1 && main_#t~ret59#1 <= 2147483647;main_~tmp~16#1 := main_#t~ret59#1;havoc main_#t~ret59#1; {26290#true} is VALID [2022-02-20 18:02:09,864 INFO L290 TraceCheckUtils]: 5: Hoare triple {26290#true} assume 0 != main_~tmp~16#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet56#1, setup_#t~nondet57#1, setup_#t~nondet58#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {26290#true} is VALID [2022-02-20 18:02:09,864 INFO L272 TraceCheckUtils]: 6: Hoare triple {26290#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:09,864 INFO L290 TraceCheckUtils]: 7: Hoare triple {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,865 INFO L290 TraceCheckUtils]: 8: Hoare triple {26290#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,865 INFO L290 TraceCheckUtils]: 9: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,865 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {26290#true} {26290#true} #1144#return; {26290#true} is VALID [2022-02-20 18:02:09,865 INFO L290 TraceCheckUtils]: 11: Hoare triple {26290#true} assume { :end_inline_setup_bob__wrappee__Base } true; {26290#true} is VALID [2022-02-20 18:02:09,866 INFO L272 TraceCheckUtils]: 12: Hoare triple {26290#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:09,866 INFO L290 TraceCheckUtils]: 13: Hoare triple {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,866 INFO L290 TraceCheckUtils]: 14: Hoare triple {26290#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,866 INFO L290 TraceCheckUtils]: 15: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,866 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {26290#true} {26290#true} #1146#return; {26290#true} is VALID [2022-02-20 18:02:09,866 INFO L290 TraceCheckUtils]: 17: Hoare triple {26290#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet56#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {26290#true} is VALID [2022-02-20 18:02:09,867 INFO L272 TraceCheckUtils]: 18: Hoare triple {26290#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:09,867 INFO L290 TraceCheckUtils]: 19: Hoare triple {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,867 INFO L290 TraceCheckUtils]: 20: Hoare triple {26290#true} assume !(1 == ~handle); {26290#true} is VALID [2022-02-20 18:02:09,868 INFO L290 TraceCheckUtils]: 21: Hoare triple {26290#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,868 INFO L290 TraceCheckUtils]: 22: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,868 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {26290#true} {26290#true} #1148#return; {26290#true} is VALID [2022-02-20 18:02:09,868 INFO L290 TraceCheckUtils]: 24: Hoare triple {26290#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {26290#true} is VALID [2022-02-20 18:02:09,869 INFO L272 TraceCheckUtils]: 25: Hoare triple {26290#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:09,869 INFO L290 TraceCheckUtils]: 26: Hoare triple {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,869 INFO L290 TraceCheckUtils]: 27: Hoare triple {26290#true} assume !(1 == ~handle); {26290#true} is VALID [2022-02-20 18:02:09,869 INFO L290 TraceCheckUtils]: 28: Hoare triple {26290#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,869 INFO L290 TraceCheckUtils]: 29: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,869 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {26290#true} {26290#true} #1150#return; {26290#true} is VALID [2022-02-20 18:02:09,870 INFO L290 TraceCheckUtils]: 31: Hoare triple {26290#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 17, 0;havoc setup_#t~nondet57#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26310#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:09,871 INFO L272 TraceCheckUtils]: 32: Hoare triple {26310#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:09,871 INFO L290 TraceCheckUtils]: 33: Hoare triple {26367#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26369#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,871 INFO L290 TraceCheckUtils]: 34: Hoare triple {26369#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26369#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,872 INFO L290 TraceCheckUtils]: 35: Hoare triple {26369#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26369#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,872 INFO L290 TraceCheckUtils]: 36: Hoare triple {26369#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26370#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,872 INFO L290 TraceCheckUtils]: 37: Hoare triple {26370#(= 3 |setClientId_#in~handle|)} assume true; {26370#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:09,873 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26370#(= 3 |setClientId_#in~handle|)} {26310#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1152#return; {26317#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:09,873 INFO L290 TraceCheckUtils]: 39: Hoare triple {26317#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {26317#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:09,874 INFO L272 TraceCheckUtils]: 40: Hoare triple {26317#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:09,874 INFO L290 TraceCheckUtils]: 41: Hoare triple {26368#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26371#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:09,875 INFO L290 TraceCheckUtils]: 42: Hoare triple {26371#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26372#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:09,875 INFO L290 TraceCheckUtils]: 43: Hoare triple {26372#(= |setClientPrivateKey_#in~handle| 1)} assume true; {26372#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:09,876 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {26372#(= |setClientPrivateKey_#in~handle| 1)} {26317#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1154#return; {26291#false} is VALID [2022-02-20 18:02:09,876 INFO L290 TraceCheckUtils]: 45: Hoare triple {26291#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet58#1; {26291#false} is VALID [2022-02-20 18:02:09,876 INFO L290 TraceCheckUtils]: 46: Hoare triple {26291#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet40#1, test_#t~nondet41#1, test_#t~nondet42#1, test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~14#1, test_~tmp___0~4#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~14#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26291#false} is VALID [2022-02-20 18:02:09,876 INFO L290 TraceCheckUtils]: 47: Hoare triple {26291#false} assume !false; {26291#false} is VALID [2022-02-20 18:02:09,876 INFO L290 TraceCheckUtils]: 48: Hoare triple {26291#false} assume test_~splverifierCounter~0#1 < 4; {26291#false} is VALID [2022-02-20 18:02:09,876 INFO L290 TraceCheckUtils]: 49: Hoare triple {26291#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26291#false} is VALID [2022-02-20 18:02:09,877 INFO L290 TraceCheckUtils]: 50: Hoare triple {26291#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet40#1 && test_#t~nondet40#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet40#1;havoc test_#t~nondet40#1; {26291#false} is VALID [2022-02-20 18:02:09,877 INFO L290 TraceCheckUtils]: 51: Hoare triple {26291#false} assume !(0 != test_~tmp___9~0#1); {26291#false} is VALID [2022-02-20 18:02:09,877 INFO L290 TraceCheckUtils]: 52: Hoare triple {26291#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet41#1 && test_#t~nondet41#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet41#1;havoc test_#t~nondet41#1; {26291#false} is VALID [2022-02-20 18:02:09,877 INFO L290 TraceCheckUtils]: 53: Hoare triple {26291#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {26291#false} is VALID [2022-02-20 18:02:09,877 INFO L290 TraceCheckUtils]: 54: Hoare triple {26291#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {26291#false} is VALID [2022-02-20 18:02:09,877 INFO L290 TraceCheckUtils]: 55: Hoare triple {26291#false} assume { :end_inline_setClientAutoResponse } true; {26291#false} is VALID [2022-02-20 18:02:09,878 INFO L290 TraceCheckUtils]: 56: Hoare triple {26291#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {26291#false} is VALID [2022-02-20 18:02:09,878 INFO L290 TraceCheckUtils]: 57: Hoare triple {26291#false} assume !false; {26291#false} is VALID [2022-02-20 18:02:09,878 INFO L290 TraceCheckUtils]: 58: Hoare triple {26291#false} assume !(test_~splverifierCounter~0#1 < 4); {26291#false} is VALID [2022-02-20 18:02:09,878 INFO L290 TraceCheckUtils]: 59: Hoare triple {26291#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret51#1, bobToRjh_#t~ret52#1, bobToRjh_#t~ret53#1, bobToRjh_#t~ret54#1, bobToRjh_~tmp~15#1, bobToRjh_~tmp___0~5#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~15#1;havoc bobToRjh_~tmp___0~5#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret51#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret51#1 && bobToRjh_#t~ret51#1 <= 2147483647;havoc bobToRjh_#t~ret51#1; {26291#false} is VALID [2022-02-20 18:02:09,878 INFO L272 TraceCheckUtils]: 60: Hoare triple {26291#false} call sendEmail(~bob~0, ~rjh~0); {26291#false} is VALID [2022-02-20 18:02:09,878 INFO L290 TraceCheckUtils]: 61: Hoare triple {26291#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {26291#false} is VALID [2022-02-20 18:02:09,878 INFO L272 TraceCheckUtils]: 62: Hoare triple {26291#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:09,879 INFO L290 TraceCheckUtils]: 63: Hoare triple {26373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,879 INFO L290 TraceCheckUtils]: 64: Hoare triple {26290#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,879 INFO L290 TraceCheckUtils]: 65: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,879 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {26290#true} {26291#false} #1130#return; {26291#false} is VALID [2022-02-20 18:02:09,880 INFO L272 TraceCheckUtils]: 67: Hoare triple {26291#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26374#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:09,880 INFO L290 TraceCheckUtils]: 68: Hoare triple {26374#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,880 INFO L290 TraceCheckUtils]: 69: Hoare triple {26290#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,880 INFO L290 TraceCheckUtils]: 70: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,880 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {26290#true} {26291#false} #1132#return; {26291#false} is VALID [2022-02-20 18:02:09,880 INFO L290 TraceCheckUtils]: 72: Hoare triple {26291#false} createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {26291#false} is VALID [2022-02-20 18:02:09,881 INFO L290 TraceCheckUtils]: 73: Hoare triple {26291#false} #t~ret20#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp~9#1 := #t~ret20#1;havoc #t~ret20#1;~email~0#1 := ~tmp~9#1; {26291#false} is VALID [2022-02-20 18:02:09,881 INFO L272 TraceCheckUtils]: 74: Hoare triple {26291#false} call outgoing(~sender#1, ~email~0#1); {26291#false} is VALID [2022-02-20 18:02:09,881 INFO L290 TraceCheckUtils]: 75: Hoare triple {26291#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret24#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {26291#false} is VALID [2022-02-20 18:02:09,881 INFO L272 TraceCheckUtils]: 76: Hoare triple {26291#false} call sign_#t~ret24#1 := getClientPrivateKey(sign_~client#1); {26290#true} is VALID [2022-02-20 18:02:09,881 INFO L290 TraceCheckUtils]: 77: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~10; {26290#true} is VALID [2022-02-20 18:02:09,881 INFO L290 TraceCheckUtils]: 78: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {26290#true} is VALID [2022-02-20 18:02:09,881 INFO L290 TraceCheckUtils]: 79: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,881 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {26290#true} {26291#false} #1060#return; {26291#false} is VALID [2022-02-20 18:02:09,882 INFO L290 TraceCheckUtils]: 81: Hoare triple {26291#false} assume -2147483648 <= sign_#t~ret24#1 && sign_#t~ret24#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret24#1;havoc sign_#t~ret24#1;sign_~privkey~1#1 := sign_~tmp~11#1; {26291#false} is VALID [2022-02-20 18:02:09,882 INFO L290 TraceCheckUtils]: 82: Hoare triple {26291#false} assume 0 == sign_~privkey~1#1; {26291#false} is VALID [2022-02-20 18:02:09,882 INFO L290 TraceCheckUtils]: 83: Hoare triple {26291#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1, outgoing__wrappee__AutoResponder_#t~ret11#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~4#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~0#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~4#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~0#1; {26291#false} is VALID [2022-02-20 18:02:09,882 INFO L272 TraceCheckUtils]: 84: Hoare triple {26291#false} call outgoing__wrappee__AutoResponder_#t~ret10#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {26290#true} is VALID [2022-02-20 18:02:09,882 INFO L290 TraceCheckUtils]: 85: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~32; {26290#true} is VALID [2022-02-20 18:02:09,882 INFO L290 TraceCheckUtils]: 86: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {26290#true} is VALID [2022-02-20 18:02:09,883 INFO L290 TraceCheckUtils]: 87: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,883 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {26290#true} {26291#false} #1062#return; {26291#false} is VALID [2022-02-20 18:02:09,883 INFO L290 TraceCheckUtils]: 89: Hoare triple {26291#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret10#1 && outgoing__wrappee__AutoResponder_#t~ret10#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~4#1 := outgoing__wrappee__AutoResponder_#t~ret10#1;havoc outgoing__wrappee__AutoResponder_#t~ret10#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~4#1; {26291#false} is VALID [2022-02-20 18:02:09,883 INFO L272 TraceCheckUtils]: 90: Hoare triple {26291#false} call outgoing__wrappee__AutoResponder_#t~ret11#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {26290#true} is VALID [2022-02-20 18:02:09,883 INFO L290 TraceCheckUtils]: 91: Hoare triple {26290#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {26290#true} is VALID [2022-02-20 18:02:09,883 INFO L290 TraceCheckUtils]: 92: Hoare triple {26290#true} assume 1 == ~handle; {26290#true} is VALID [2022-02-20 18:02:09,883 INFO L290 TraceCheckUtils]: 93: Hoare triple {26290#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {26290#true} is VALID [2022-02-20 18:02:09,884 INFO L290 TraceCheckUtils]: 94: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,884 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {26290#true} {26291#false} #1064#return; {26291#false} is VALID [2022-02-20 18:02:09,884 INFO L290 TraceCheckUtils]: 96: Hoare triple {26291#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret11#1 && outgoing__wrappee__AutoResponder_#t~ret11#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~0#1 := outgoing__wrappee__AutoResponder_#t~ret11#1;havoc outgoing__wrappee__AutoResponder_#t~ret11#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~0#1; {26291#false} is VALID [2022-02-20 18:02:09,884 INFO L290 TraceCheckUtils]: 97: Hoare triple {26291#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {26291#false} is VALID [2022-02-20 18:02:09,884 INFO L290 TraceCheckUtils]: 98: Hoare triple {26291#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret9#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~3#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {26291#false} is VALID [2022-02-20 18:02:09,884 INFO L290 TraceCheckUtils]: 99: Hoare triple {26291#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {26291#false} is VALID [2022-02-20 18:02:09,884 INFO L290 TraceCheckUtils]: 100: Hoare triple {26291#false} outgoing__wrappee__Keys_#t~ret9#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret9#1 && outgoing__wrappee__Keys_#t~ret9#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~3#1 := outgoing__wrappee__Keys_#t~ret9#1;havoc outgoing__wrappee__Keys_#t~ret9#1; {26291#false} is VALID [2022-02-20 18:02:09,885 INFO L272 TraceCheckUtils]: 101: Hoare triple {26291#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~3#1); {26373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:09,885 INFO L290 TraceCheckUtils]: 102: Hoare triple {26373#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26290#true} is VALID [2022-02-20 18:02:09,885 INFO L290 TraceCheckUtils]: 103: Hoare triple {26290#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26290#true} is VALID [2022-02-20 18:02:09,885 INFO L290 TraceCheckUtils]: 104: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,885 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {26290#true} {26291#false} #1070#return; {26291#false} is VALID [2022-02-20 18:02:09,885 INFO L290 TraceCheckUtils]: 106: Hoare triple {26291#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret7#1, mail_#t~ret8#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~2#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~2#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__1 } true;__utac_acc__EncryptDecrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1, __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1, __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1, __utac_acc__EncryptDecrypt_spec__1_~msg#1, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__EncryptDecrypt_spec__1_~msg#1 := __utac_acc__EncryptDecrypt_spec__1_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 := puts(10, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret32#1; {26291#false} is VALID [2022-02-20 18:02:09,885 INFO L272 TraceCheckUtils]: 107: Hoare triple {26291#false} call __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 := isEncrypted(__utac_acc__EncryptDecrypt_spec__1_~msg#1); {26290#true} is VALID [2022-02-20 18:02:09,886 INFO L290 TraceCheckUtils]: 108: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~35; {26290#true} is VALID [2022-02-20 18:02:09,886 INFO L290 TraceCheckUtils]: 109: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~35; {26290#true} is VALID [2022-02-20 18:02:09,886 INFO L290 TraceCheckUtils]: 110: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,886 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {26290#true} {26291#false} #1072#return; {26291#false} is VALID [2022-02-20 18:02:09,886 INFO L290 TraceCheckUtils]: 112: Hoare triple {26291#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 && __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1 <= 2147483647;~sent_encrypted~0 := __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;havoc __utac_acc__EncryptDecrypt_spec__1_#t~ret33#1;__utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.base, __utac_acc__EncryptDecrypt_spec__1_~__cil_tmp2~0#1.offset := 11, 0;havoc __utac_acc__EncryptDecrypt_spec__1_#t~nondet34#1; {26291#false} is VALID [2022-02-20 18:02:09,886 INFO L290 TraceCheckUtils]: 113: Hoare triple {26291#false} assume { :end_inline___utac_acc__EncryptDecrypt_spec__1 } true;call mail_#t~ret7#1 := puts(5, 0);assume -2147483648 <= mail_#t~ret7#1 && mail_#t~ret7#1 <= 2147483647;havoc mail_#t~ret7#1; {26291#false} is VALID [2022-02-20 18:02:09,887 INFO L272 TraceCheckUtils]: 114: Hoare triple {26291#false} call mail_#t~ret8#1 := getEmailTo(mail_~msg#1); {26290#true} is VALID [2022-02-20 18:02:09,887 INFO L290 TraceCheckUtils]: 115: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~32; {26290#true} is VALID [2022-02-20 18:02:09,887 INFO L290 TraceCheckUtils]: 116: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {26290#true} is VALID [2022-02-20 18:02:09,887 INFO L290 TraceCheckUtils]: 117: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,887 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {26290#true} {26291#false} #1074#return; {26291#false} is VALID [2022-02-20 18:02:09,887 INFO L290 TraceCheckUtils]: 119: Hoare triple {26291#false} assume -2147483648 <= mail_#t~ret8#1 && mail_#t~ret8#1 <= 2147483647;mail_~tmp~2#1 := mail_#t~ret8#1;havoc mail_#t~ret8#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~2#1, mail_~msg#1;havoc incoming_#t~ret15#1, incoming_#t~ret16#1, incoming_#t~ret17#1, incoming_#t~ret18#1, incoming_~client#1, incoming_~msg#1, incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1, incoming_~privkey~0#1, incoming_~tmp~7#1, incoming_~tmp___0~1#1, incoming_~tmp___1~0#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~__utac__ad__arg1~1#1;havoc incoming_~__utac__ad__arg2~0#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~7#1;havoc incoming_~tmp___0~1#1;havoc incoming_~tmp___1~0#1;havoc incoming_~tmp___2~0#1;incoming_~__utac__ad__arg1~1#1 := incoming_~client#1;incoming_~__utac__ad__arg2~0#1 := incoming_~msg#1;assume { :begin_inline___utac_acc__EncryptDecrypt_spec__2 } true;__utac_acc__EncryptDecrypt_spec__2_#in~client#1, __utac_acc__EncryptDecrypt_spec__2_#in~msg#1 := incoming_~__utac__ad__arg1~1#1, incoming_~__utac__ad__arg2~0#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1, __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1, __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1, __utac_acc__EncryptDecrypt_spec__2_~client#1, __utac_acc__EncryptDecrypt_spec__2_~msg#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;__utac_acc__EncryptDecrypt_spec__2_~client#1 := __utac_acc__EncryptDecrypt_spec__2_#in~client#1;__utac_acc__EncryptDecrypt_spec__2_~msg#1 := __utac_acc__EncryptDecrypt_spec__2_#in~msg#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1;havoc __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1;havoc __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset;call __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 := puts(12, 0);assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1 <= 2147483647;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret35#1;__utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.base, __utac_acc__EncryptDecrypt_spec__2_~__cil_tmp6~0#1.offset := 13, 0;havoc __utac_acc__EncryptDecrypt_spec__2_#t~nondet36#1; {26291#false} is VALID [2022-02-20 18:02:09,887 INFO L290 TraceCheckUtils]: 120: Hoare triple {26291#false} assume 1 == ~sent_encrypted~0; {26291#false} is VALID [2022-02-20 18:02:09,888 INFO L272 TraceCheckUtils]: 121: Hoare triple {26291#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 := getClientPrivateKey(__utac_acc__EncryptDecrypt_spec__2_~client#1); {26290#true} is VALID [2022-02-20 18:02:09,888 INFO L290 TraceCheckUtils]: 122: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~10; {26290#true} is VALID [2022-02-20 18:02:09,888 INFO L290 TraceCheckUtils]: 123: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {26290#true} is VALID [2022-02-20 18:02:09,888 INFO L290 TraceCheckUtils]: 124: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,888 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {26290#true} {26291#false} #1076#return; {26291#false} is VALID [2022-02-20 18:02:09,888 INFO L290 TraceCheckUtils]: 126: Hoare triple {26291#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp~13#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret37#1; {26291#false} is VALID [2022-02-20 18:02:09,888 INFO L272 TraceCheckUtils]: 127: Hoare triple {26291#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 := getEmailEncryptionKey(__utac_acc__EncryptDecrypt_spec__2_~msg#1); {26290#true} is VALID [2022-02-20 18:02:09,889 INFO L290 TraceCheckUtils]: 128: Hoare triple {26290#true} ~handle := #in~handle;havoc ~retValue_acc~36; {26290#true} is VALID [2022-02-20 18:02:09,889 INFO L290 TraceCheckUtils]: 129: Hoare triple {26290#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_encryptionKey0~0;#res := ~retValue_acc~36; {26290#true} is VALID [2022-02-20 18:02:09,889 INFO L290 TraceCheckUtils]: 130: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,889 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {26290#true} {26291#false} #1078#return; {26291#false} is VALID [2022-02-20 18:02:09,889 INFO L290 TraceCheckUtils]: 132: Hoare triple {26291#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret38#1; {26291#false} is VALID [2022-02-20 18:02:09,889 INFO L272 TraceCheckUtils]: 133: Hoare triple {26291#false} call __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 := isKeyPairValid(__utac_acc__EncryptDecrypt_spec__2_~tmp___0~3#1, __utac_acc__EncryptDecrypt_spec__2_~tmp~13#1); {26290#true} is VALID [2022-02-20 18:02:09,890 INFO L290 TraceCheckUtils]: 134: Hoare triple {26290#true} ~publicKey := #in~publicKey;~privateKey := #in~privateKey;havoc ~retValue_acc~22;havoc ~__cil_tmp4~1.base, ~__cil_tmp4~1.offset;~__cil_tmp4~1.base, ~__cil_tmp4~1.offset := 7, 0;havoc #t~nondet21; {26290#true} is VALID [2022-02-20 18:02:09,890 INFO L290 TraceCheckUtils]: 135: Hoare triple {26290#true} assume 0 == ~publicKey;~retValue_acc~22 := 0;#res := ~retValue_acc~22; {26290#true} is VALID [2022-02-20 18:02:09,890 INFO L290 TraceCheckUtils]: 136: Hoare triple {26290#true} assume true; {26290#true} is VALID [2022-02-20 18:02:09,890 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {26290#true} {26291#false} #1080#return; {26291#false} is VALID [2022-02-20 18:02:09,890 INFO L290 TraceCheckUtils]: 138: Hoare triple {26291#false} assume -2147483648 <= __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 && __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1 <= 2147483647;__utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1 := __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1;havoc __utac_acc__EncryptDecrypt_spec__2_#t~ret39#1; {26291#false} is VALID [2022-02-20 18:02:09,890 INFO L290 TraceCheckUtils]: 139: Hoare triple {26291#false} assume !(0 != __utac_acc__EncryptDecrypt_spec__2_~tmp___1~2#1);assume { :begin_inline___automaton_fail } true; {26291#false} is VALID [2022-02-20 18:02:09,890 INFO L290 TraceCheckUtils]: 140: Hoare triple {26291#false} assume !false; {26291#false} is VALID [2022-02-20 18:02:09,891 INFO L134 CoverageAnalysis]: Checked inductivity of 39 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:02:09,891 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:09,891 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1117461897] [2022-02-20 18:02:09,891 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1117461897] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:09,891 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:09,892 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:09,892 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1039566316] [2022-02-20 18:02:09,892 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:09,893 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.272727272727273) internal successors, (91), 8 states have internal predecessors, (91), 4 states have call successors, (19), 6 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 141 [2022-02-20 18:02:09,893 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:09,893 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.272727272727273) internal successors, (91), 8 states have internal predecessors, (91), 4 states have call successors, (19), 6 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 18:02:09,991 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 127 edges. 127 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:09,991 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:09,992 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:09,992 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:09,992 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:09,993 INFO L87 Difference]: Start difference. First operand 448 states and 675 transitions. Second operand has 12 states, 11 states have (on average 8.272727272727273) internal successors, (91), 8 states have internal predecessors, (91), 4 states have call successors, (19), 6 states have call predecessors, (19), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17)