./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec7_product17.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec7_product17.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash cc6bd9a8e81eed69bb1e052a3e58ea0f1400924f4533cb09f3cdffebd7dfcd4d --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:01:36,536 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:01:36,538 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:01:36,572 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:01:36,572 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:01:36,575 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:01:36,576 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:01:36,578 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:01:36,579 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:01:36,583 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:01:36,584 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:01:36,585 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:01:36,585 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:01:36,587 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:01:36,588 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:01:36,590 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:01:36,591 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:01:36,592 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:01:36,594 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:01:36,598 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:01:36,599 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:01:36,600 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:01:36,601 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:01:36,601 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:01:36,606 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:01:36,606 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:01:36,607 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:01:36,608 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:01:36,608 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:01:36,609 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:01:36,609 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:01:36,610 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:01:36,611 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:01:36,612 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:01:36,613 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:01:36,613 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:01:36,613 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:01:36,613 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:01:36,614 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:01:36,614 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:01:36,615 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:01:36,616 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:01:36,645 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:01:36,645 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:01:36,646 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:01:36,653 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:01:36,654 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:01:36,654 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:01:36,655 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:01:36,655 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:01:36,655 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:01:36,655 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:01:36,656 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:01:36,656 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:01:36,656 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:01:36,656 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:01:36,656 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:01:36,657 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:01:36,657 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:01:36,657 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:01:36,657 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:01:36,657 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:01:36,657 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:01:36,657 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:01:36,658 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:01:36,658 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:01:36,658 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:01:36,658 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:01:36,658 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:01:36,659 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:01:36,659 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:01:36,659 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:01:36,659 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:01:36,660 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:01:36,660 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:01:36,660 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> cc6bd9a8e81eed69bb1e052a3e58ea0f1400924f4533cb09f3cdffebd7dfcd4d [2022-02-20 18:01:36,837 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:01:36,863 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:01:36,865 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:01:36,866 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:01:36,866 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:01:36,867 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec7_product17.cil.c [2022-02-20 18:01:36,928 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e12a230f8/d945de3b024a4ac2a5a6ac4290cd7078/FLAGda4c0726e [2022-02-20 18:01:37,371 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:01:37,372 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product17.cil.c [2022-02-20 18:01:37,417 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e12a230f8/d945de3b024a4ac2a5a6ac4290cd7078/FLAGda4c0726e [2022-02-20 18:01:37,723 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/e12a230f8/d945de3b024a4ac2a5a6ac4290cd7078 [2022-02-20 18:01:37,725 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:01:37,726 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:01:37,727 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:01:37,727 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:01:37,729 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:01:37,732 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:01:37" (1/1) ... [2022-02-20 18:01:37,732 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@578f5581 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:37, skipping insertion in model container [2022-02-20 18:01:37,733 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:01:37" (1/1) ... [2022-02-20 18:01:37,737 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:01:37,790 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:01:38,109 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product17.cil.c[48205,48218] [2022-02-20 18:01:38,154 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:01:38,163 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:01:38,245 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product17.cil.c[48205,48218] [2022-02-20 18:01:38,276 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:01:38,297 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:01:38,298 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38 WrapperNode [2022-02-20 18:01:38,298 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:01:38,299 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:01:38,299 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:01:38,299 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:01:38,305 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,322 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,361 INFO L137 Inliner]: procedures = 127, calls = 205, calls flagged for inlining = 54, calls inlined = 47, statements flattened = 914 [2022-02-20 18:01:38,362 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:01:38,362 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:01:38,363 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:01:38,363 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:01:38,369 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,369 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,373 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,373 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,383 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,393 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,396 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,419 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:01:38,420 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:01:38,420 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:01:38,420 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:01:38,421 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (1/1) ... [2022-02-20 18:01:38,426 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:01:38,435 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:38,468 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:01:38,472 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:01:38,497 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:01:38,498 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:01:38,498 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:01:38,498 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:01:38,498 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Keys [2022-02-20 18:01:38,498 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Keys [2022-02-20 18:01:38,498 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:01:38,498 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:01:38,499 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:01:38,499 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:01:38,499 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:01:38,499 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:01:38,499 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:01:38,499 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:01:38,499 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:01:38,500 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:01:38,500 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:01:38,500 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:01:38,500 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:01:38,500 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:01:38,500 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:01:38,500 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:01:38,500 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:01:38,501 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:01:38,501 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:01:38,501 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:01:38,501 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:01:38,501 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:01:38,501 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:01:38,501 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:01:38,501 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:01:38,502 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:01:38,502 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:01:38,502 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:01:38,502 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:01:38,502 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:01:38,502 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:01:38,502 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:01:38,502 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:01:38,503 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:01:38,503 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:01:38,503 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:01:38,503 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:01:38,503 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:01:38,503 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:01:38,503 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:01:38,503 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:01:38,742 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:01:38,744 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:01:39,626 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:01:39,636 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:01:39,637 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:01:39,639 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:01:39 BoogieIcfgContainer [2022-02-20 18:01:39,640 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:01:39,641 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:01:39,641 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:01:39,645 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:01:39,645 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:01:37" (1/3) ... [2022-02-20 18:01:39,646 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2e9832e5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:01:39, skipping insertion in model container [2022-02-20 18:01:39,646 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:38" (2/3) ... [2022-02-20 18:01:39,647 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2e9832e5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:01:39, skipping insertion in model container [2022-02-20 18:01:39,647 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:01:39" (3/3) ... [2022-02-20 18:01:39,649 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec7_product17.cil.c [2022-02-20 18:01:39,653 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:01:39,653 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:01:39,687 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:01:39,692 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:01:39,692 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:01:39,714 INFO L276 IsEmpty]: Start isEmpty. Operand has 345 states, 274 states have (on average 1.5875912408759123) internal successors, (435), 277 states have internal predecessors, (435), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (48), 47 states have call predecessors, (48), 48 states have call successors, (48) [2022-02-20 18:01:39,724 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 96 [2022-02-20 18:01:39,724 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:39,725 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:39,725 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:39,729 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:39,729 INFO L85 PathProgramCache]: Analyzing trace with hash -299076794, now seen corresponding path program 1 times [2022-02-20 18:01:39,736 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:39,736 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1379895946] [2022-02-20 18:01:39,736 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:39,737 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:39,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:39,975 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:39,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:39,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:39,988 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:39,988 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:39,988 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {348#true} #1094#return; {348#true} is VALID [2022-02-20 18:01:39,994 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:39,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,006 INFO L290 TraceCheckUtils]: 0: Hoare triple {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,007 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,007 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,007 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {348#true} #1096#return; {348#true} is VALID [2022-02-20 18:01:40,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:40,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {400#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:40,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {400#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {401#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:40,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {401#(= |setClientId_#in~handle| 1)} assume true; {401#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:40,033 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {401#(= |setClientId_#in~handle| 1)} {358#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1098#return; {349#false} is VALID [2022-02-20 18:01:40,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:40,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,039 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,040 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {349#false} #1100#return; {349#false} is VALID [2022-02-20 18:01:40,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:40,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,046 INFO L290 TraceCheckUtils]: 0: Hoare triple {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,046 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,047 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,047 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {349#false} #1102#return; {349#false} is VALID [2022-02-20 18:01:40,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:40,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,053 INFO L290 TraceCheckUtils]: 0: Hoare triple {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,053 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,054 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {349#false} #1104#return; {349#false} is VALID [2022-02-20 18:01:40,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:01:40,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {402#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,067 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,067 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,067 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {349#false} #1066#return; {349#false} is VALID [2022-02-20 18:01:40,075 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:01:40,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,093 INFO L290 TraceCheckUtils]: 0: Hoare triple {403#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,094 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,094 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {349#false} #1068#return; {349#false} is VALID [2022-02-20 18:01:40,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:01:40,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,102 INFO L290 TraceCheckUtils]: 0: Hoare triple {348#true} ~handle := #in~handle;havoc ~retValue_acc~7; {348#true} is VALID [2022-02-20 18:01:40,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {348#true} is VALID [2022-02-20 18:01:40,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,103 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {349#false} #1048#return; {349#false} is VALID [2022-02-20 18:01:40,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:01:40,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {402#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,117 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,117 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,117 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {349#false} #1072#return; {349#false} is VALID [2022-02-20 18:01:40,117 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:01:40,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,123 INFO L290 TraceCheckUtils]: 0: Hoare triple {348#true} ~handle := #in~handle;havoc ~retValue_acc~24; {348#true} is VALID [2022-02-20 18:01:40,123 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {348#true} is VALID [2022-02-20 18:01:40,123 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,124 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {348#true} {349#false} #1074#return; {349#false} is VALID [2022-02-20 18:01:40,124 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:01:40,125 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,128 INFO L290 TraceCheckUtils]: 0: Hoare triple {348#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {348#true} is VALID [2022-02-20 18:01:40,128 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,129 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {348#true} {349#false} #1076#return; {349#false} is VALID [2022-02-20 18:01:40,129 INFO L290 TraceCheckUtils]: 0: Hoare triple {348#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {348#true} is VALID [2022-02-20 18:01:40,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {348#true} is VALID [2022-02-20 18:01:40,133 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {348#true} is VALID [2022-02-20 18:01:40,133 INFO L290 TraceCheckUtils]: 3: Hoare triple {348#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {348#true} is VALID [2022-02-20 18:01:40,133 INFO L290 TraceCheckUtils]: 4: Hoare triple {348#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {348#true} is VALID [2022-02-20 18:01:40,134 INFO L290 TraceCheckUtils]: 5: Hoare triple {348#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {348#true} is VALID [2022-02-20 18:01:40,135 INFO L272 TraceCheckUtils]: 6: Hoare triple {348#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:40,135 INFO L290 TraceCheckUtils]: 7: Hoare triple {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,136 INFO L290 TraceCheckUtils]: 8: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,136 INFO L290 TraceCheckUtils]: 9: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,136 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {348#true} {348#true} #1094#return; {348#true} is VALID [2022-02-20 18:01:40,136 INFO L290 TraceCheckUtils]: 11: Hoare triple {348#true} assume { :end_inline_setup_bob__wrappee__Base } true; {348#true} is VALID [2022-02-20 18:01:40,139 INFO L272 TraceCheckUtils]: 12: Hoare triple {348#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:40,140 INFO L290 TraceCheckUtils]: 13: Hoare triple {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,140 INFO L290 TraceCheckUtils]: 14: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,140 INFO L290 TraceCheckUtils]: 15: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,140 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {348#true} {348#true} #1096#return; {348#true} is VALID [2022-02-20 18:01:40,141 INFO L290 TraceCheckUtils]: 17: Hoare triple {348#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {358#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:40,142 INFO L272 TraceCheckUtils]: 18: Hoare triple {358#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:40,142 INFO L290 TraceCheckUtils]: 19: Hoare triple {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {400#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:40,143 INFO L290 TraceCheckUtils]: 20: Hoare triple {400#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {401#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:40,143 INFO L290 TraceCheckUtils]: 21: Hoare triple {401#(= |setClientId_#in~handle| 1)} assume true; {401#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:40,144 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {401#(= |setClientId_#in~handle| 1)} {358#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1098#return; {349#false} is VALID [2022-02-20 18:01:40,145 INFO L290 TraceCheckUtils]: 23: Hoare triple {349#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {349#false} is VALID [2022-02-20 18:01:40,145 INFO L272 TraceCheckUtils]: 24: Hoare triple {349#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:40,146 INFO L290 TraceCheckUtils]: 25: Hoare triple {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,146 INFO L290 TraceCheckUtils]: 26: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,146 INFO L290 TraceCheckUtils]: 27: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,146 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {348#true} {349#false} #1100#return; {349#false} is VALID [2022-02-20 18:01:40,147 INFO L290 TraceCheckUtils]: 29: Hoare triple {349#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {349#false} is VALID [2022-02-20 18:01:40,147 INFO L272 TraceCheckUtils]: 30: Hoare triple {349#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:40,148 INFO L290 TraceCheckUtils]: 31: Hoare triple {398#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,148 INFO L290 TraceCheckUtils]: 32: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,148 INFO L290 TraceCheckUtils]: 33: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,149 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {348#true} {349#false} #1102#return; {349#false} is VALID [2022-02-20 18:01:40,149 INFO L290 TraceCheckUtils]: 35: Hoare triple {349#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {349#false} is VALID [2022-02-20 18:01:40,149 INFO L272 TraceCheckUtils]: 36: Hoare triple {349#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:40,149 INFO L290 TraceCheckUtils]: 37: Hoare triple {399#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,150 INFO L290 TraceCheckUtils]: 38: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,151 INFO L290 TraceCheckUtils]: 39: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,151 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {348#true} {349#false} #1104#return; {349#false} is VALID [2022-02-20 18:01:40,151 INFO L290 TraceCheckUtils]: 41: Hoare triple {349#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {349#false} is VALID [2022-02-20 18:01:40,152 INFO L290 TraceCheckUtils]: 42: Hoare triple {349#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {349#false} is VALID [2022-02-20 18:01:40,156 INFO L290 TraceCheckUtils]: 43: Hoare triple {349#false} assume false; {349#false} is VALID [2022-02-20 18:01:40,157 INFO L290 TraceCheckUtils]: 44: Hoare triple {349#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {349#false} is VALID [2022-02-20 18:01:40,157 INFO L272 TraceCheckUtils]: 45: Hoare triple {349#false} call sendEmail(~bob~0, ~rjh~0); {349#false} is VALID [2022-02-20 18:01:40,158 INFO L290 TraceCheckUtils]: 46: Hoare triple {349#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {349#false} is VALID [2022-02-20 18:01:40,158 INFO L272 TraceCheckUtils]: 47: Hoare triple {349#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {402#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:40,158 INFO L290 TraceCheckUtils]: 48: Hoare triple {402#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,159 INFO L290 TraceCheckUtils]: 49: Hoare triple {348#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,159 INFO L290 TraceCheckUtils]: 50: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,159 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {348#true} {349#false} #1066#return; {349#false} is VALID [2022-02-20 18:01:40,159 INFO L272 TraceCheckUtils]: 52: Hoare triple {349#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {403#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:40,160 INFO L290 TraceCheckUtils]: 53: Hoare triple {403#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,162 INFO L290 TraceCheckUtils]: 54: Hoare triple {348#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,162 INFO L290 TraceCheckUtils]: 55: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,162 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {348#true} {349#false} #1068#return; {349#false} is VALID [2022-02-20 18:01:40,163 INFO L290 TraceCheckUtils]: 57: Hoare triple {349#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {349#false} is VALID [2022-02-20 18:01:40,163 INFO L290 TraceCheckUtils]: 58: Hoare triple {349#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {349#false} is VALID [2022-02-20 18:01:40,163 INFO L272 TraceCheckUtils]: 59: Hoare triple {349#false} call outgoing(~sender#1, ~email~0#1); {349#false} is VALID [2022-02-20 18:01:40,164 INFO L290 TraceCheckUtils]: 60: Hoare triple {349#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {349#false} is VALID [2022-02-20 18:01:40,164 INFO L290 TraceCheckUtils]: 61: Hoare triple {349#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {349#false} is VALID [2022-02-20 18:01:40,164 INFO L290 TraceCheckUtils]: 62: Hoare triple {349#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {349#false} is VALID [2022-02-20 18:01:40,164 INFO L290 TraceCheckUtils]: 63: Hoare triple {349#false} assume 0 == sign_~privkey~0#1; {349#false} is VALID [2022-02-20 18:01:40,165 INFO L290 TraceCheckUtils]: 64: Hoare triple {349#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {349#false} is VALID [2022-02-20 18:01:40,165 INFO L272 TraceCheckUtils]: 65: Hoare triple {349#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {348#true} is VALID [2022-02-20 18:01:40,166 INFO L290 TraceCheckUtils]: 66: Hoare triple {348#true} ~handle := #in~handle;havoc ~retValue_acc~7; {348#true} is VALID [2022-02-20 18:01:40,166 INFO L290 TraceCheckUtils]: 67: Hoare triple {348#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {348#true} is VALID [2022-02-20 18:01:40,166 INFO L290 TraceCheckUtils]: 68: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,167 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {348#true} {349#false} #1048#return; {349#false} is VALID [2022-02-20 18:01:40,167 INFO L290 TraceCheckUtils]: 70: Hoare triple {349#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {349#false} is VALID [2022-02-20 18:01:40,169 INFO L290 TraceCheckUtils]: 71: Hoare triple {349#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {349#false} is VALID [2022-02-20 18:01:40,169 INFO L272 TraceCheckUtils]: 72: Hoare triple {349#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {349#false} is VALID [2022-02-20 18:01:40,170 INFO L290 TraceCheckUtils]: 73: Hoare triple {349#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {349#false} is VALID [2022-02-20 18:01:40,170 INFO L290 TraceCheckUtils]: 74: Hoare triple {349#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {349#false} is VALID [2022-02-20 18:01:40,170 INFO L290 TraceCheckUtils]: 75: Hoare triple {349#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {349#false} is VALID [2022-02-20 18:01:40,171 INFO L272 TraceCheckUtils]: 76: Hoare triple {349#false} call setEmailFrom(~msg#1, ~tmp~14#1); {402#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:40,173 INFO L290 TraceCheckUtils]: 77: Hoare triple {402#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,173 INFO L290 TraceCheckUtils]: 78: Hoare triple {348#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,174 INFO L290 TraceCheckUtils]: 79: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,174 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {348#true} {349#false} #1072#return; {349#false} is VALID [2022-02-20 18:01:40,174 INFO L290 TraceCheckUtils]: 81: Hoare triple {349#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {349#false} is VALID [2022-02-20 18:01:40,174 INFO L272 TraceCheckUtils]: 82: Hoare triple {349#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {348#true} is VALID [2022-02-20 18:01:40,175 INFO L290 TraceCheckUtils]: 83: Hoare triple {348#true} ~handle := #in~handle;havoc ~retValue_acc~24; {348#true} is VALID [2022-02-20 18:01:40,175 INFO L290 TraceCheckUtils]: 84: Hoare triple {348#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {348#true} is VALID [2022-02-20 18:01:40,175 INFO L290 TraceCheckUtils]: 85: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,175 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {348#true} {349#false} #1074#return; {349#false} is VALID [2022-02-20 18:01:40,175 INFO L290 TraceCheckUtils]: 87: Hoare triple {349#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {349#false} is VALID [2022-02-20 18:01:40,176 INFO L272 TraceCheckUtils]: 88: Hoare triple {349#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {348#true} is VALID [2022-02-20 18:01:40,183 INFO L290 TraceCheckUtils]: 89: Hoare triple {348#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {348#true} is VALID [2022-02-20 18:01:40,183 INFO L290 TraceCheckUtils]: 90: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,184 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {348#true} {349#false} #1076#return; {349#false} is VALID [2022-02-20 18:01:40,184 INFO L290 TraceCheckUtils]: 92: Hoare triple {349#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {349#false} is VALID [2022-02-20 18:01:40,184 INFO L290 TraceCheckUtils]: 93: Hoare triple {349#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {349#false} is VALID [2022-02-20 18:01:40,184 INFO L290 TraceCheckUtils]: 94: Hoare triple {349#false} assume !false; {349#false} is VALID [2022-02-20 18:01:40,185 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:01:40,186 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:40,186 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1379895946] [2022-02-20 18:01:40,186 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1379895946] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:40,187 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [676469327] [2022-02-20 18:01:40,187 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:40,187 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:40,187 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:40,198 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:40,199 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:01:40,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,443 INFO L263 TraceCheckSpWp]: Trace formula consists of 989 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:01:40,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:40,531 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:40,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {348#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {348#true} is VALID [2022-02-20 18:01:40,763 INFO L290 TraceCheckUtils]: 1: Hoare triple {348#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {348#true} is VALID [2022-02-20 18:01:40,764 INFO L290 TraceCheckUtils]: 2: Hoare triple {348#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {348#true} is VALID [2022-02-20 18:01:40,764 INFO L290 TraceCheckUtils]: 3: Hoare triple {348#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {348#true} is VALID [2022-02-20 18:01:40,764 INFO L290 TraceCheckUtils]: 4: Hoare triple {348#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {348#true} is VALID [2022-02-20 18:01:40,764 INFO L290 TraceCheckUtils]: 5: Hoare triple {348#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {348#true} is VALID [2022-02-20 18:01:40,764 INFO L272 TraceCheckUtils]: 6: Hoare triple {348#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {348#true} is VALID [2022-02-20 18:01:40,765 INFO L290 TraceCheckUtils]: 7: Hoare triple {348#true} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,765 INFO L290 TraceCheckUtils]: 8: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,765 INFO L290 TraceCheckUtils]: 9: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,765 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {348#true} {348#true} #1094#return; {348#true} is VALID [2022-02-20 18:01:40,765 INFO L290 TraceCheckUtils]: 11: Hoare triple {348#true} assume { :end_inline_setup_bob__wrappee__Base } true; {348#true} is VALID [2022-02-20 18:01:40,765 INFO L272 TraceCheckUtils]: 12: Hoare triple {348#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {348#true} is VALID [2022-02-20 18:01:40,766 INFO L290 TraceCheckUtils]: 13: Hoare triple {348#true} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,766 INFO L290 TraceCheckUtils]: 14: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,766 INFO L290 TraceCheckUtils]: 15: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,766 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {348#true} {348#true} #1096#return; {348#true} is VALID [2022-02-20 18:01:40,766 INFO L290 TraceCheckUtils]: 17: Hoare triple {348#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {348#true} is VALID [2022-02-20 18:01:40,766 INFO L272 TraceCheckUtils]: 18: Hoare triple {348#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {348#true} is VALID [2022-02-20 18:01:40,767 INFO L290 TraceCheckUtils]: 19: Hoare triple {348#true} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,767 INFO L290 TraceCheckUtils]: 20: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,767 INFO L290 TraceCheckUtils]: 21: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,767 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {348#true} {348#true} #1098#return; {348#true} is VALID [2022-02-20 18:01:40,767 INFO L290 TraceCheckUtils]: 23: Hoare triple {348#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {348#true} is VALID [2022-02-20 18:01:40,767 INFO L272 TraceCheckUtils]: 24: Hoare triple {348#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {348#true} is VALID [2022-02-20 18:01:40,768 INFO L290 TraceCheckUtils]: 25: Hoare triple {348#true} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,768 INFO L290 TraceCheckUtils]: 26: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,768 INFO L290 TraceCheckUtils]: 27: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,769 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {348#true} {348#true} #1100#return; {348#true} is VALID [2022-02-20 18:01:40,769 INFO L290 TraceCheckUtils]: 29: Hoare triple {348#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {348#true} is VALID [2022-02-20 18:01:40,769 INFO L272 TraceCheckUtils]: 30: Hoare triple {348#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {348#true} is VALID [2022-02-20 18:01:40,769 INFO L290 TraceCheckUtils]: 31: Hoare triple {348#true} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,770 INFO L290 TraceCheckUtils]: 32: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,770 INFO L290 TraceCheckUtils]: 33: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,770 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {348#true} {348#true} #1102#return; {348#true} is VALID [2022-02-20 18:01:40,771 INFO L290 TraceCheckUtils]: 35: Hoare triple {348#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {348#true} is VALID [2022-02-20 18:01:40,771 INFO L272 TraceCheckUtils]: 36: Hoare triple {348#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {348#true} is VALID [2022-02-20 18:01:40,771 INFO L290 TraceCheckUtils]: 37: Hoare triple {348#true} ~handle := #in~handle;~value := #in~value; {348#true} is VALID [2022-02-20 18:01:40,771 INFO L290 TraceCheckUtils]: 38: Hoare triple {348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {348#true} is VALID [2022-02-20 18:01:40,771 INFO L290 TraceCheckUtils]: 39: Hoare triple {348#true} assume true; {348#true} is VALID [2022-02-20 18:01:40,771 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {348#true} {348#true} #1104#return; {348#true} is VALID [2022-02-20 18:01:40,771 INFO L290 TraceCheckUtils]: 41: Hoare triple {348#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {348#true} is VALID [2022-02-20 18:01:40,771 INFO L290 TraceCheckUtils]: 42: Hoare triple {348#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {348#true} is VALID [2022-02-20 18:01:40,787 INFO L290 TraceCheckUtils]: 43: Hoare triple {348#true} assume false; {349#false} is VALID [2022-02-20 18:01:40,788 INFO L290 TraceCheckUtils]: 44: Hoare triple {349#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {349#false} is VALID [2022-02-20 18:01:40,788 INFO L272 TraceCheckUtils]: 45: Hoare triple {349#false} call sendEmail(~bob~0, ~rjh~0); {349#false} is VALID [2022-02-20 18:01:40,788 INFO L290 TraceCheckUtils]: 46: Hoare triple {349#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {349#false} is VALID [2022-02-20 18:01:40,788 INFO L272 TraceCheckUtils]: 47: Hoare triple {349#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {349#false} is VALID [2022-02-20 18:01:40,788 INFO L290 TraceCheckUtils]: 48: Hoare triple {349#false} ~handle := #in~handle;~value := #in~value; {349#false} is VALID [2022-02-20 18:01:40,788 INFO L290 TraceCheckUtils]: 49: Hoare triple {349#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {349#false} is VALID [2022-02-20 18:01:40,788 INFO L290 TraceCheckUtils]: 50: Hoare triple {349#false} assume true; {349#false} is VALID [2022-02-20 18:01:40,788 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {349#false} {349#false} #1066#return; {349#false} is VALID [2022-02-20 18:01:40,788 INFO L272 TraceCheckUtils]: 52: Hoare triple {349#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {349#false} is VALID [2022-02-20 18:01:40,789 INFO L290 TraceCheckUtils]: 53: Hoare triple {349#false} ~handle := #in~handle;~value := #in~value; {349#false} is VALID [2022-02-20 18:01:40,789 INFO L290 TraceCheckUtils]: 54: Hoare triple {349#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {349#false} is VALID [2022-02-20 18:01:40,789 INFO L290 TraceCheckUtils]: 55: Hoare triple {349#false} assume true; {349#false} is VALID [2022-02-20 18:01:40,789 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {349#false} {349#false} #1068#return; {349#false} is VALID [2022-02-20 18:01:40,789 INFO L290 TraceCheckUtils]: 57: Hoare triple {349#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {349#false} is VALID [2022-02-20 18:01:40,789 INFO L290 TraceCheckUtils]: 58: Hoare triple {349#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {349#false} is VALID [2022-02-20 18:01:40,789 INFO L272 TraceCheckUtils]: 59: Hoare triple {349#false} call outgoing(~sender#1, ~email~0#1); {349#false} is VALID [2022-02-20 18:01:40,789 INFO L290 TraceCheckUtils]: 60: Hoare triple {349#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {349#false} is VALID [2022-02-20 18:01:40,789 INFO L290 TraceCheckUtils]: 61: Hoare triple {349#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {349#false} is VALID [2022-02-20 18:01:40,789 INFO L290 TraceCheckUtils]: 62: Hoare triple {349#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {349#false} is VALID [2022-02-20 18:01:40,790 INFO L290 TraceCheckUtils]: 63: Hoare triple {349#false} assume 0 == sign_~privkey~0#1; {349#false} is VALID [2022-02-20 18:01:40,790 INFO L290 TraceCheckUtils]: 64: Hoare triple {349#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {349#false} is VALID [2022-02-20 18:01:40,790 INFO L272 TraceCheckUtils]: 65: Hoare triple {349#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {349#false} is VALID [2022-02-20 18:01:40,790 INFO L290 TraceCheckUtils]: 66: Hoare triple {349#false} ~handle := #in~handle;havoc ~retValue_acc~7; {349#false} is VALID [2022-02-20 18:01:40,790 INFO L290 TraceCheckUtils]: 67: Hoare triple {349#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {349#false} is VALID [2022-02-20 18:01:40,790 INFO L290 TraceCheckUtils]: 68: Hoare triple {349#false} assume true; {349#false} is VALID [2022-02-20 18:01:40,790 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {349#false} {349#false} #1048#return; {349#false} is VALID [2022-02-20 18:01:40,790 INFO L290 TraceCheckUtils]: 70: Hoare triple {349#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {349#false} is VALID [2022-02-20 18:01:40,790 INFO L290 TraceCheckUtils]: 71: Hoare triple {349#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {349#false} is VALID [2022-02-20 18:01:40,791 INFO L272 TraceCheckUtils]: 72: Hoare triple {349#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {349#false} is VALID [2022-02-20 18:01:40,791 INFO L290 TraceCheckUtils]: 73: Hoare triple {349#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {349#false} is VALID [2022-02-20 18:01:40,791 INFO L290 TraceCheckUtils]: 74: Hoare triple {349#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {349#false} is VALID [2022-02-20 18:01:40,791 INFO L290 TraceCheckUtils]: 75: Hoare triple {349#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {349#false} is VALID [2022-02-20 18:01:40,791 INFO L272 TraceCheckUtils]: 76: Hoare triple {349#false} call setEmailFrom(~msg#1, ~tmp~14#1); {349#false} is VALID [2022-02-20 18:01:40,791 INFO L290 TraceCheckUtils]: 77: Hoare triple {349#false} ~handle := #in~handle;~value := #in~value; {349#false} is VALID [2022-02-20 18:01:40,791 INFO L290 TraceCheckUtils]: 78: Hoare triple {349#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {349#false} is VALID [2022-02-20 18:01:40,791 INFO L290 TraceCheckUtils]: 79: Hoare triple {349#false} assume true; {349#false} is VALID [2022-02-20 18:01:40,791 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {349#false} {349#false} #1072#return; {349#false} is VALID [2022-02-20 18:01:40,791 INFO L290 TraceCheckUtils]: 81: Hoare triple {349#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {349#false} is VALID [2022-02-20 18:01:40,792 INFO L272 TraceCheckUtils]: 82: Hoare triple {349#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {349#false} is VALID [2022-02-20 18:01:40,792 INFO L290 TraceCheckUtils]: 83: Hoare triple {349#false} ~handle := #in~handle;havoc ~retValue_acc~24; {349#false} is VALID [2022-02-20 18:01:40,792 INFO L290 TraceCheckUtils]: 84: Hoare triple {349#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {349#false} is VALID [2022-02-20 18:01:40,792 INFO L290 TraceCheckUtils]: 85: Hoare triple {349#false} assume true; {349#false} is VALID [2022-02-20 18:01:40,792 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {349#false} {349#false} #1074#return; {349#false} is VALID [2022-02-20 18:01:40,792 INFO L290 TraceCheckUtils]: 87: Hoare triple {349#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {349#false} is VALID [2022-02-20 18:01:40,792 INFO L272 TraceCheckUtils]: 88: Hoare triple {349#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {349#false} is VALID [2022-02-20 18:01:40,792 INFO L290 TraceCheckUtils]: 89: Hoare triple {349#false} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {349#false} is VALID [2022-02-20 18:01:40,792 INFO L290 TraceCheckUtils]: 90: Hoare triple {349#false} assume true; {349#false} is VALID [2022-02-20 18:01:40,792 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {349#false} {349#false} #1076#return; {349#false} is VALID [2022-02-20 18:01:40,793 INFO L290 TraceCheckUtils]: 92: Hoare triple {349#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {349#false} is VALID [2022-02-20 18:01:40,793 INFO L290 TraceCheckUtils]: 93: Hoare triple {349#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {349#false} is VALID [2022-02-20 18:01:40,793 INFO L290 TraceCheckUtils]: 94: Hoare triple {349#false} assume !false; {349#false} is VALID [2022-02-20 18:01:40,793 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:01:40,793 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:40,794 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [676469327] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:40,794 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:40,794 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:01:40,796 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [969119200] [2022-02-20 18:01:40,797 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:40,800 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 95 [2022-02-20 18:01:40,803 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:40,806 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:40,864 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 80 edges. 80 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:40,865 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:01:40,865 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:40,880 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:01:40,880 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:40,884 INFO L87 Difference]: Start difference. First operand has 345 states, 274 states have (on average 1.5875912408759123) internal successors, (435), 277 states have internal predecessors, (435), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (48), 47 states have call predecessors, (48), 48 states have call successors, (48) Second operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:41,194 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:41,195 INFO L93 Difference]: Finished difference Result 502 states and 760 transitions. [2022-02-20 18:01:41,196 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:01:41,196 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 95 [2022-02-20 18:01:41,197 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:41,198 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:41,222 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 760 transitions. [2022-02-20 18:01:41,223 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:41,232 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 760 transitions. [2022-02-20 18:01:41,233 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 760 transitions. [2022-02-20 18:01:41,675 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 760 edges. 760 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:41,697 INFO L225 Difference]: With dead ends: 502 [2022-02-20 18:01:41,697 INFO L226 Difference]: Without dead ends: 338 [2022-02-20 18:01:41,701 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 122 GetRequests, 115 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:41,703 INFO L933 BasicCegarLoop]: 527 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 527 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:41,704 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 527 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:41,716 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 338 states. [2022-02-20 18:01:41,737 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 338 to 338. [2022-02-20 18:01:41,738 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:41,740 INFO L82 GeneralOperation]: Start isEquivalent. First operand 338 states. Second operand has 338 states, 268 states have (on average 1.5820895522388059) internal successors, (424), 270 states have internal predecessors, (424), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) [2022-02-20 18:01:41,742 INFO L74 IsIncluded]: Start isIncluded. First operand 338 states. Second operand has 338 states, 268 states have (on average 1.5820895522388059) internal successors, (424), 270 states have internal predecessors, (424), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) [2022-02-20 18:01:41,743 INFO L87 Difference]: Start difference. First operand 338 states. Second operand has 338 states, 268 states have (on average 1.5820895522388059) internal successors, (424), 270 states have internal predecessors, (424), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) [2022-02-20 18:01:41,760 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:41,760 INFO L93 Difference]: Finished difference Result 338 states and 519 transitions. [2022-02-20 18:01:41,760 INFO L276 IsEmpty]: Start isEmpty. Operand 338 states and 519 transitions. [2022-02-20 18:01:41,763 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:41,763 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:41,777 INFO L74 IsIncluded]: Start isIncluded. First operand has 338 states, 268 states have (on average 1.5820895522388059) internal successors, (424), 270 states have internal predecessors, (424), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) Second operand 338 states. [2022-02-20 18:01:41,778 INFO L87 Difference]: Start difference. First operand has 338 states, 268 states have (on average 1.5820895522388059) internal successors, (424), 270 states have internal predecessors, (424), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) Second operand 338 states. [2022-02-20 18:01:41,793 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:41,793 INFO L93 Difference]: Finished difference Result 338 states and 519 transitions. [2022-02-20 18:01:41,793 INFO L276 IsEmpty]: Start isEmpty. Operand 338 states and 519 transitions. [2022-02-20 18:01:41,795 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:41,795 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:41,795 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:41,795 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:41,797 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 338 states, 268 states have (on average 1.5820895522388059) internal successors, (424), 270 states have internal predecessors, (424), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) [2022-02-20 18:01:41,811 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 338 states to 338 states and 519 transitions. [2022-02-20 18:01:41,813 INFO L78 Accepts]: Start accepts. Automaton has 338 states and 519 transitions. Word has length 95 [2022-02-20 18:01:41,813 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:41,813 INFO L470 AbstractCegarLoop]: Abstraction has 338 states and 519 transitions. [2022-02-20 18:01:41,814 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:41,814 INFO L276 IsEmpty]: Start isEmpty. Operand 338 states and 519 transitions. [2022-02-20 18:01:41,816 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-02-20 18:01:41,816 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:41,816 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:41,838 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:42,031 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:01:42,032 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:42,032 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:42,032 INFO L85 PathProgramCache]: Analyzing trace with hash 150434243, now seen corresponding path program 1 times [2022-02-20 18:01:42,033 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:42,033 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1076989778] [2022-02-20 18:01:42,033 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:42,033 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:42,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,102 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:42,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,107 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2509#true} #1094#return; {2509#true} is VALID [2022-02-20 18:01:42,112 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:42,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,117 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,118 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2509#true} #1096#return; {2509#true} is VALID [2022-02-20 18:01:42,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:42,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,135 INFO L290 TraceCheckUtils]: 0: Hoare triple {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2561#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:42,135 INFO L290 TraceCheckUtils]: 1: Hoare triple {2561#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2562#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:42,136 INFO L290 TraceCheckUtils]: 2: Hoare triple {2562#(= |setClientId_#in~handle| 1)} assume true; {2562#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:42,136 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2562#(= |setClientId_#in~handle| 1)} {2519#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1098#return; {2510#false} is VALID [2022-02-20 18:01:42,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:42,138 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,141 INFO L290 TraceCheckUtils]: 0: Hoare triple {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,141 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,141 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2510#false} #1100#return; {2510#false} is VALID [2022-02-20 18:01:42,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:42,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,146 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,146 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,146 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2510#false} #1102#return; {2510#false} is VALID [2022-02-20 18:01:42,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:42,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,152 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,152 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2510#false} #1104#return; {2510#false} is VALID [2022-02-20 18:01:42,158 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:01:42,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,162 INFO L290 TraceCheckUtils]: 0: Hoare triple {2563#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,162 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,162 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,162 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2510#false} #1066#return; {2510#false} is VALID [2022-02-20 18:01:42,169 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:01:42,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,174 INFO L290 TraceCheckUtils]: 0: Hoare triple {2564#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,174 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2510#false} #1068#return; {2510#false} is VALID [2022-02-20 18:01:42,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:01:42,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {2509#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2509#true} is VALID [2022-02-20 18:01:42,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {2509#true} is VALID [2022-02-20 18:01:42,180 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,180 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2510#false} #1048#return; {2510#false} is VALID [2022-02-20 18:01:42,181 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:01:42,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {2563#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,186 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2510#false} #1072#return; {2510#false} is VALID [2022-02-20 18:01:42,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:01:42,187 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,189 INFO L290 TraceCheckUtils]: 0: Hoare triple {2509#true} ~handle := #in~handle;havoc ~retValue_acc~24; {2509#true} is VALID [2022-02-20 18:01:42,190 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {2509#true} is VALID [2022-02-20 18:01:42,190 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,190 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2509#true} {2510#false} #1074#return; {2510#false} is VALID [2022-02-20 18:01:42,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:01:42,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {2509#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {2509#true} is VALID [2022-02-20 18:01:42,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,195 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2509#true} {2510#false} #1076#return; {2510#false} is VALID [2022-02-20 18:01:42,195 INFO L290 TraceCheckUtils]: 0: Hoare triple {2509#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2509#true} is VALID [2022-02-20 18:01:42,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {2509#true} is VALID [2022-02-20 18:01:42,196 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2509#true} is VALID [2022-02-20 18:01:42,197 INFO L290 TraceCheckUtils]: 3: Hoare triple {2509#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {2509#true} is VALID [2022-02-20 18:01:42,197 INFO L290 TraceCheckUtils]: 4: Hoare triple {2509#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {2509#true} is VALID [2022-02-20 18:01:42,197 INFO L290 TraceCheckUtils]: 5: Hoare triple {2509#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2509#true} is VALID [2022-02-20 18:01:42,199 INFO L272 TraceCheckUtils]: 6: Hoare triple {2509#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:42,199 INFO L290 TraceCheckUtils]: 7: Hoare triple {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,199 INFO L290 TraceCheckUtils]: 8: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,200 INFO L290 TraceCheckUtils]: 9: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,200 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2509#true} {2509#true} #1094#return; {2509#true} is VALID [2022-02-20 18:01:42,200 INFO L290 TraceCheckUtils]: 11: Hoare triple {2509#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2509#true} is VALID [2022-02-20 18:01:42,201 INFO L272 TraceCheckUtils]: 12: Hoare triple {2509#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:42,201 INFO L290 TraceCheckUtils]: 13: Hoare triple {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,201 INFO L290 TraceCheckUtils]: 14: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,202 INFO L290 TraceCheckUtils]: 15: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,202 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2509#true} {2509#true} #1096#return; {2509#true} is VALID [2022-02-20 18:01:42,202 INFO L290 TraceCheckUtils]: 17: Hoare triple {2509#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2519#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:42,203 INFO L272 TraceCheckUtils]: 18: Hoare triple {2519#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:42,204 INFO L290 TraceCheckUtils]: 19: Hoare triple {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2561#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:42,204 INFO L290 TraceCheckUtils]: 20: Hoare triple {2561#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2562#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:42,205 INFO L290 TraceCheckUtils]: 21: Hoare triple {2562#(= |setClientId_#in~handle| 1)} assume true; {2562#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:42,205 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2562#(= |setClientId_#in~handle| 1)} {2519#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1098#return; {2510#false} is VALID [2022-02-20 18:01:42,205 INFO L290 TraceCheckUtils]: 23: Hoare triple {2510#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2510#false} is VALID [2022-02-20 18:01:42,206 INFO L272 TraceCheckUtils]: 24: Hoare triple {2510#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:42,206 INFO L290 TraceCheckUtils]: 25: Hoare triple {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,206 INFO L290 TraceCheckUtils]: 26: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,206 INFO L290 TraceCheckUtils]: 27: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,206 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2509#true} {2510#false} #1100#return; {2510#false} is VALID [2022-02-20 18:01:42,206 INFO L290 TraceCheckUtils]: 29: Hoare triple {2510#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2510#false} is VALID [2022-02-20 18:01:42,206 INFO L272 TraceCheckUtils]: 30: Hoare triple {2510#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:42,207 INFO L290 TraceCheckUtils]: 31: Hoare triple {2559#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,207 INFO L290 TraceCheckUtils]: 32: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,207 INFO L290 TraceCheckUtils]: 33: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,207 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2509#true} {2510#false} #1102#return; {2510#false} is VALID [2022-02-20 18:01:42,207 INFO L290 TraceCheckUtils]: 35: Hoare triple {2510#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2510#false} is VALID [2022-02-20 18:01:42,207 INFO L272 TraceCheckUtils]: 36: Hoare triple {2510#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:42,207 INFO L290 TraceCheckUtils]: 37: Hoare triple {2560#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,208 INFO L290 TraceCheckUtils]: 38: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,208 INFO L290 TraceCheckUtils]: 39: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,208 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2509#true} {2510#false} #1104#return; {2510#false} is VALID [2022-02-20 18:01:42,212 INFO L290 TraceCheckUtils]: 41: Hoare triple {2510#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {2510#false} is VALID [2022-02-20 18:01:42,213 INFO L290 TraceCheckUtils]: 42: Hoare triple {2510#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2510#false} is VALID [2022-02-20 18:01:42,213 INFO L290 TraceCheckUtils]: 43: Hoare triple {2510#false} assume !false; {2510#false} is VALID [2022-02-20 18:01:42,213 INFO L290 TraceCheckUtils]: 44: Hoare triple {2510#false} assume !(test_~splverifierCounter~0#1 < 4); {2510#false} is VALID [2022-02-20 18:01:42,213 INFO L290 TraceCheckUtils]: 45: Hoare triple {2510#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {2510#false} is VALID [2022-02-20 18:01:42,213 INFO L272 TraceCheckUtils]: 46: Hoare triple {2510#false} call sendEmail(~bob~0, ~rjh~0); {2510#false} is VALID [2022-02-20 18:01:42,213 INFO L290 TraceCheckUtils]: 47: Hoare triple {2510#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2510#false} is VALID [2022-02-20 18:01:42,213 INFO L272 TraceCheckUtils]: 48: Hoare triple {2510#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2563#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:42,214 INFO L290 TraceCheckUtils]: 49: Hoare triple {2563#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,214 INFO L290 TraceCheckUtils]: 50: Hoare triple {2509#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,214 INFO L290 TraceCheckUtils]: 51: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,214 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2509#true} {2510#false} #1066#return; {2510#false} is VALID [2022-02-20 18:01:42,214 INFO L272 TraceCheckUtils]: 53: Hoare triple {2510#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2564#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:42,214 INFO L290 TraceCheckUtils]: 54: Hoare triple {2564#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,214 INFO L290 TraceCheckUtils]: 55: Hoare triple {2509#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,215 INFO L290 TraceCheckUtils]: 56: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,215 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2509#true} {2510#false} #1068#return; {2510#false} is VALID [2022-02-20 18:01:42,215 INFO L290 TraceCheckUtils]: 58: Hoare triple {2510#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {2510#false} is VALID [2022-02-20 18:01:42,215 INFO L290 TraceCheckUtils]: 59: Hoare triple {2510#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {2510#false} is VALID [2022-02-20 18:01:42,215 INFO L272 TraceCheckUtils]: 60: Hoare triple {2510#false} call outgoing(~sender#1, ~email~0#1); {2510#false} is VALID [2022-02-20 18:01:42,215 INFO L290 TraceCheckUtils]: 61: Hoare triple {2510#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {2510#false} is VALID [2022-02-20 18:01:42,215 INFO L290 TraceCheckUtils]: 62: Hoare triple {2510#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {2510#false} is VALID [2022-02-20 18:01:42,216 INFO L290 TraceCheckUtils]: 63: Hoare triple {2510#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {2510#false} is VALID [2022-02-20 18:01:42,216 INFO L290 TraceCheckUtils]: 64: Hoare triple {2510#false} assume 0 == sign_~privkey~0#1; {2510#false} is VALID [2022-02-20 18:01:42,216 INFO L290 TraceCheckUtils]: 65: Hoare triple {2510#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {2510#false} is VALID [2022-02-20 18:01:42,216 INFO L272 TraceCheckUtils]: 66: Hoare triple {2510#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2509#true} is VALID [2022-02-20 18:01:42,216 INFO L290 TraceCheckUtils]: 67: Hoare triple {2509#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2509#true} is VALID [2022-02-20 18:01:42,217 INFO L290 TraceCheckUtils]: 68: Hoare triple {2509#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {2509#true} is VALID [2022-02-20 18:01:42,217 INFO L290 TraceCheckUtils]: 69: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,217 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {2509#true} {2510#false} #1048#return; {2510#false} is VALID [2022-02-20 18:01:42,217 INFO L290 TraceCheckUtils]: 71: Hoare triple {2510#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {2510#false} is VALID [2022-02-20 18:01:42,217 INFO L290 TraceCheckUtils]: 72: Hoare triple {2510#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {2510#false} is VALID [2022-02-20 18:01:42,217 INFO L272 TraceCheckUtils]: 73: Hoare triple {2510#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2510#false} is VALID [2022-02-20 18:01:42,217 INFO L290 TraceCheckUtils]: 74: Hoare triple {2510#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {2510#false} is VALID [2022-02-20 18:01:42,218 INFO L290 TraceCheckUtils]: 75: Hoare triple {2510#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {2510#false} is VALID [2022-02-20 18:01:42,218 INFO L290 TraceCheckUtils]: 76: Hoare triple {2510#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {2510#false} is VALID [2022-02-20 18:01:42,218 INFO L272 TraceCheckUtils]: 77: Hoare triple {2510#false} call setEmailFrom(~msg#1, ~tmp~14#1); {2563#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:42,218 INFO L290 TraceCheckUtils]: 78: Hoare triple {2563#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,218 INFO L290 TraceCheckUtils]: 79: Hoare triple {2509#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,218 INFO L290 TraceCheckUtils]: 80: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,218 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2509#true} {2510#false} #1072#return; {2510#false} is VALID [2022-02-20 18:01:42,219 INFO L290 TraceCheckUtils]: 82: Hoare triple {2510#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {2510#false} is VALID [2022-02-20 18:01:42,219 INFO L272 TraceCheckUtils]: 83: Hoare triple {2510#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {2509#true} is VALID [2022-02-20 18:01:42,219 INFO L290 TraceCheckUtils]: 84: Hoare triple {2509#true} ~handle := #in~handle;havoc ~retValue_acc~24; {2509#true} is VALID [2022-02-20 18:01:42,219 INFO L290 TraceCheckUtils]: 85: Hoare triple {2509#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {2509#true} is VALID [2022-02-20 18:01:42,219 INFO L290 TraceCheckUtils]: 86: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,219 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {2509#true} {2510#false} #1074#return; {2510#false} is VALID [2022-02-20 18:01:42,219 INFO L290 TraceCheckUtils]: 88: Hoare triple {2510#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {2510#false} is VALID [2022-02-20 18:01:42,220 INFO L272 TraceCheckUtils]: 89: Hoare triple {2510#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {2509#true} is VALID [2022-02-20 18:01:42,221 INFO L290 TraceCheckUtils]: 90: Hoare triple {2509#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {2509#true} is VALID [2022-02-20 18:01:42,222 INFO L290 TraceCheckUtils]: 91: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,228 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {2509#true} {2510#false} #1076#return; {2510#false} is VALID [2022-02-20 18:01:42,229 INFO L290 TraceCheckUtils]: 93: Hoare triple {2510#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {2510#false} is VALID [2022-02-20 18:01:42,229 INFO L290 TraceCheckUtils]: 94: Hoare triple {2510#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {2510#false} is VALID [2022-02-20 18:01:42,230 INFO L290 TraceCheckUtils]: 95: Hoare triple {2510#false} assume !false; {2510#false} is VALID [2022-02-20 18:01:42,231 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:01:42,231 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:42,231 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1076989778] [2022-02-20 18:01:42,232 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1076989778] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:42,233 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [702134306] [2022-02-20 18:01:42,233 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:42,233 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:42,233 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:42,234 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:42,236 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:01:42,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,432 INFO L263 TraceCheckSpWp]: Trace formula consists of 990 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:01:42,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:42,488 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:42,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {2509#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2509#true} is VALID [2022-02-20 18:01:42,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {2509#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {2509#true} is VALID [2022-02-20 18:01:42,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {2509#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2509#true} is VALID [2022-02-20 18:01:42,668 INFO L290 TraceCheckUtils]: 3: Hoare triple {2509#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {2509#true} is VALID [2022-02-20 18:01:42,668 INFO L290 TraceCheckUtils]: 4: Hoare triple {2509#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {2509#true} is VALID [2022-02-20 18:01:42,668 INFO L290 TraceCheckUtils]: 5: Hoare triple {2509#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2509#true} is VALID [2022-02-20 18:01:42,668 INFO L272 TraceCheckUtils]: 6: Hoare triple {2509#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2509#true} is VALID [2022-02-20 18:01:42,668 INFO L290 TraceCheckUtils]: 7: Hoare triple {2509#true} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,668 INFO L290 TraceCheckUtils]: 8: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,669 INFO L290 TraceCheckUtils]: 9: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,669 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2509#true} {2509#true} #1094#return; {2509#true} is VALID [2022-02-20 18:01:42,669 INFO L290 TraceCheckUtils]: 11: Hoare triple {2509#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2509#true} is VALID [2022-02-20 18:01:42,669 INFO L272 TraceCheckUtils]: 12: Hoare triple {2509#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2509#true} is VALID [2022-02-20 18:01:42,669 INFO L290 TraceCheckUtils]: 13: Hoare triple {2509#true} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,669 INFO L290 TraceCheckUtils]: 14: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,669 INFO L290 TraceCheckUtils]: 15: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,670 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2509#true} {2509#true} #1096#return; {2509#true} is VALID [2022-02-20 18:01:42,670 INFO L290 TraceCheckUtils]: 17: Hoare triple {2509#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2509#true} is VALID [2022-02-20 18:01:42,670 INFO L272 TraceCheckUtils]: 18: Hoare triple {2509#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2509#true} is VALID [2022-02-20 18:01:42,670 INFO L290 TraceCheckUtils]: 19: Hoare triple {2509#true} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,670 INFO L290 TraceCheckUtils]: 20: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,670 INFO L290 TraceCheckUtils]: 21: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,671 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2509#true} {2509#true} #1098#return; {2509#true} is VALID [2022-02-20 18:01:42,671 INFO L290 TraceCheckUtils]: 23: Hoare triple {2509#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2509#true} is VALID [2022-02-20 18:01:42,671 INFO L272 TraceCheckUtils]: 24: Hoare triple {2509#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2509#true} is VALID [2022-02-20 18:01:42,671 INFO L290 TraceCheckUtils]: 25: Hoare triple {2509#true} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,671 INFO L290 TraceCheckUtils]: 26: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,671 INFO L290 TraceCheckUtils]: 27: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,672 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2509#true} {2509#true} #1100#return; {2509#true} is VALID [2022-02-20 18:01:42,672 INFO L290 TraceCheckUtils]: 29: Hoare triple {2509#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2509#true} is VALID [2022-02-20 18:01:42,672 INFO L272 TraceCheckUtils]: 30: Hoare triple {2509#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2509#true} is VALID [2022-02-20 18:01:42,672 INFO L290 TraceCheckUtils]: 31: Hoare triple {2509#true} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,672 INFO L290 TraceCheckUtils]: 32: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,672 INFO L290 TraceCheckUtils]: 33: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,672 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2509#true} {2509#true} #1102#return; {2509#true} is VALID [2022-02-20 18:01:42,673 INFO L290 TraceCheckUtils]: 35: Hoare triple {2509#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2509#true} is VALID [2022-02-20 18:01:42,673 INFO L272 TraceCheckUtils]: 36: Hoare triple {2509#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2509#true} is VALID [2022-02-20 18:01:42,673 INFO L290 TraceCheckUtils]: 37: Hoare triple {2509#true} ~handle := #in~handle;~value := #in~value; {2509#true} is VALID [2022-02-20 18:01:42,673 INFO L290 TraceCheckUtils]: 38: Hoare triple {2509#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2509#true} is VALID [2022-02-20 18:01:42,673 INFO L290 TraceCheckUtils]: 39: Hoare triple {2509#true} assume true; {2509#true} is VALID [2022-02-20 18:01:42,673 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2509#true} {2509#true} #1104#return; {2509#true} is VALID [2022-02-20 18:01:42,673 INFO L290 TraceCheckUtils]: 41: Hoare triple {2509#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {2509#true} is VALID [2022-02-20 18:01:42,674 INFO L290 TraceCheckUtils]: 42: Hoare triple {2509#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2694#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:42,675 INFO L290 TraceCheckUtils]: 43: Hoare triple {2694#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2694#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:42,675 INFO L290 TraceCheckUtils]: 44: Hoare triple {2694#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2510#false} is VALID [2022-02-20 18:01:42,675 INFO L290 TraceCheckUtils]: 45: Hoare triple {2510#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {2510#false} is VALID [2022-02-20 18:01:42,675 INFO L272 TraceCheckUtils]: 46: Hoare triple {2510#false} call sendEmail(~bob~0, ~rjh~0); {2510#false} is VALID [2022-02-20 18:01:42,675 INFO L290 TraceCheckUtils]: 47: Hoare triple {2510#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2510#false} is VALID [2022-02-20 18:01:42,676 INFO L272 TraceCheckUtils]: 48: Hoare triple {2510#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2510#false} is VALID [2022-02-20 18:01:42,676 INFO L290 TraceCheckUtils]: 49: Hoare triple {2510#false} ~handle := #in~handle;~value := #in~value; {2510#false} is VALID [2022-02-20 18:01:42,676 INFO L290 TraceCheckUtils]: 50: Hoare triple {2510#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2510#false} is VALID [2022-02-20 18:01:42,676 INFO L290 TraceCheckUtils]: 51: Hoare triple {2510#false} assume true; {2510#false} is VALID [2022-02-20 18:01:42,676 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2510#false} {2510#false} #1066#return; {2510#false} is VALID [2022-02-20 18:01:42,676 INFO L272 TraceCheckUtils]: 53: Hoare triple {2510#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2510#false} is VALID [2022-02-20 18:01:42,676 INFO L290 TraceCheckUtils]: 54: Hoare triple {2510#false} ~handle := #in~handle;~value := #in~value; {2510#false} is VALID [2022-02-20 18:01:42,677 INFO L290 TraceCheckUtils]: 55: Hoare triple {2510#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2510#false} is VALID [2022-02-20 18:01:42,677 INFO L290 TraceCheckUtils]: 56: Hoare triple {2510#false} assume true; {2510#false} is VALID [2022-02-20 18:01:42,677 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2510#false} {2510#false} #1068#return; {2510#false} is VALID [2022-02-20 18:01:42,677 INFO L290 TraceCheckUtils]: 58: Hoare triple {2510#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {2510#false} is VALID [2022-02-20 18:01:42,677 INFO L290 TraceCheckUtils]: 59: Hoare triple {2510#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {2510#false} is VALID [2022-02-20 18:01:42,677 INFO L272 TraceCheckUtils]: 60: Hoare triple {2510#false} call outgoing(~sender#1, ~email~0#1); {2510#false} is VALID [2022-02-20 18:01:42,678 INFO L290 TraceCheckUtils]: 61: Hoare triple {2510#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {2510#false} is VALID [2022-02-20 18:01:42,678 INFO L290 TraceCheckUtils]: 62: Hoare triple {2510#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {2510#false} is VALID [2022-02-20 18:01:42,678 INFO L290 TraceCheckUtils]: 63: Hoare triple {2510#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {2510#false} is VALID [2022-02-20 18:01:42,678 INFO L290 TraceCheckUtils]: 64: Hoare triple {2510#false} assume 0 == sign_~privkey~0#1; {2510#false} is VALID [2022-02-20 18:01:42,678 INFO L290 TraceCheckUtils]: 65: Hoare triple {2510#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {2510#false} is VALID [2022-02-20 18:01:42,678 INFO L272 TraceCheckUtils]: 66: Hoare triple {2510#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2510#false} is VALID [2022-02-20 18:01:42,678 INFO L290 TraceCheckUtils]: 67: Hoare triple {2510#false} ~handle := #in~handle;havoc ~retValue_acc~7; {2510#false} is VALID [2022-02-20 18:01:42,679 INFO L290 TraceCheckUtils]: 68: Hoare triple {2510#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {2510#false} is VALID [2022-02-20 18:01:42,679 INFO L290 TraceCheckUtils]: 69: Hoare triple {2510#false} assume true; {2510#false} is VALID [2022-02-20 18:01:42,679 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {2510#false} {2510#false} #1048#return; {2510#false} is VALID [2022-02-20 18:01:42,679 INFO L290 TraceCheckUtils]: 71: Hoare triple {2510#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {2510#false} is VALID [2022-02-20 18:01:42,679 INFO L290 TraceCheckUtils]: 72: Hoare triple {2510#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {2510#false} is VALID [2022-02-20 18:01:42,679 INFO L272 TraceCheckUtils]: 73: Hoare triple {2510#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2510#false} is VALID [2022-02-20 18:01:42,679 INFO L290 TraceCheckUtils]: 74: Hoare triple {2510#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {2510#false} is VALID [2022-02-20 18:01:42,680 INFO L290 TraceCheckUtils]: 75: Hoare triple {2510#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {2510#false} is VALID [2022-02-20 18:01:42,680 INFO L290 TraceCheckUtils]: 76: Hoare triple {2510#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {2510#false} is VALID [2022-02-20 18:01:42,680 INFO L272 TraceCheckUtils]: 77: Hoare triple {2510#false} call setEmailFrom(~msg#1, ~tmp~14#1); {2510#false} is VALID [2022-02-20 18:01:42,680 INFO L290 TraceCheckUtils]: 78: Hoare triple {2510#false} ~handle := #in~handle;~value := #in~value; {2510#false} is VALID [2022-02-20 18:01:42,680 INFO L290 TraceCheckUtils]: 79: Hoare triple {2510#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2510#false} is VALID [2022-02-20 18:01:42,680 INFO L290 TraceCheckUtils]: 80: Hoare triple {2510#false} assume true; {2510#false} is VALID [2022-02-20 18:01:42,681 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2510#false} {2510#false} #1072#return; {2510#false} is VALID [2022-02-20 18:01:42,681 INFO L290 TraceCheckUtils]: 82: Hoare triple {2510#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {2510#false} is VALID [2022-02-20 18:01:42,681 INFO L272 TraceCheckUtils]: 83: Hoare triple {2510#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {2510#false} is VALID [2022-02-20 18:01:42,681 INFO L290 TraceCheckUtils]: 84: Hoare triple {2510#false} ~handle := #in~handle;havoc ~retValue_acc~24; {2510#false} is VALID [2022-02-20 18:01:42,681 INFO L290 TraceCheckUtils]: 85: Hoare triple {2510#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {2510#false} is VALID [2022-02-20 18:01:42,681 INFO L290 TraceCheckUtils]: 86: Hoare triple {2510#false} assume true; {2510#false} is VALID [2022-02-20 18:01:42,682 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {2510#false} {2510#false} #1074#return; {2510#false} is VALID [2022-02-20 18:01:42,682 INFO L290 TraceCheckUtils]: 88: Hoare triple {2510#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {2510#false} is VALID [2022-02-20 18:01:42,682 INFO L272 TraceCheckUtils]: 89: Hoare triple {2510#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {2510#false} is VALID [2022-02-20 18:01:42,682 INFO L290 TraceCheckUtils]: 90: Hoare triple {2510#false} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {2510#false} is VALID [2022-02-20 18:01:42,682 INFO L290 TraceCheckUtils]: 91: Hoare triple {2510#false} assume true; {2510#false} is VALID [2022-02-20 18:01:42,682 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {2510#false} {2510#false} #1076#return; {2510#false} is VALID [2022-02-20 18:01:42,682 INFO L290 TraceCheckUtils]: 93: Hoare triple {2510#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {2510#false} is VALID [2022-02-20 18:01:42,683 INFO L290 TraceCheckUtils]: 94: Hoare triple {2510#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {2510#false} is VALID [2022-02-20 18:01:42,683 INFO L290 TraceCheckUtils]: 95: Hoare triple {2510#false} assume !false; {2510#false} is VALID [2022-02-20 18:01:42,683 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:01:42,683 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:42,683 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [702134306] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:42,684 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:42,684 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:01:42,684 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [983446702] [2022-02-20 18:01:42,684 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:42,685 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 96 [2022-02-20 18:01:42,686 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:42,686 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:42,740 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:42,740 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:01:42,741 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:42,741 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:01:42,741 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:42,742 INFO L87 Difference]: Start difference. First operand 338 states and 519 transitions. Second operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:43,148 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:43,148 INFO L93 Difference]: Finished difference Result 492 states and 738 transitions. [2022-02-20 18:01:43,149 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:01:43,149 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 96 [2022-02-20 18:01:43,149 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:43,150 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:43,157 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 738 transitions. [2022-02-20 18:01:43,157 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:43,164 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 738 transitions. [2022-02-20 18:01:43,165 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 738 transitions. [2022-02-20 18:01:43,626 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 738 edges. 738 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:43,634 INFO L225 Difference]: With dead ends: 492 [2022-02-20 18:01:43,634 INFO L226 Difference]: Without dead ends: 341 [2022-02-20 18:01:43,635 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 123 GetRequests, 115 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:43,636 INFO L933 BasicCegarLoop]: 517 mSDtfsCounter, 1 mSDsluCounter, 515 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1032 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:43,636 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1032 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:43,637 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 341 states. [2022-02-20 18:01:43,648 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 341 to 340. [2022-02-20 18:01:43,648 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:43,649 INFO L82 GeneralOperation]: Start isEquivalent. First operand 341 states. Second operand has 340 states, 270 states have (on average 1.5777777777777777) internal successors, (426), 272 states have internal predecessors, (426), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) [2022-02-20 18:01:43,650 INFO L74 IsIncluded]: Start isIncluded. First operand 341 states. Second operand has 340 states, 270 states have (on average 1.5777777777777777) internal successors, (426), 272 states have internal predecessors, (426), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) [2022-02-20 18:01:43,651 INFO L87 Difference]: Start difference. First operand 341 states. Second operand has 340 states, 270 states have (on average 1.5777777777777777) internal successors, (426), 272 states have internal predecessors, (426), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) [2022-02-20 18:01:43,661 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:43,661 INFO L93 Difference]: Finished difference Result 341 states and 522 transitions. [2022-02-20 18:01:43,661 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 522 transitions. [2022-02-20 18:01:43,662 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:43,662 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:43,664 INFO L74 IsIncluded]: Start isIncluded. First operand has 340 states, 270 states have (on average 1.5777777777777777) internal successors, (426), 272 states have internal predecessors, (426), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) Second operand 341 states. [2022-02-20 18:01:43,664 INFO L87 Difference]: Start difference. First operand has 340 states, 270 states have (on average 1.5777777777777777) internal successors, (426), 272 states have internal predecessors, (426), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) Second operand 341 states. [2022-02-20 18:01:43,674 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:43,674 INFO L93 Difference]: Finished difference Result 341 states and 522 transitions. [2022-02-20 18:01:43,674 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 522 transitions. [2022-02-20 18:01:43,675 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:43,676 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:43,676 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:43,676 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:43,677 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 340 states, 270 states have (on average 1.5777777777777777) internal successors, (426), 272 states have internal predecessors, (426), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (47), 46 states have call predecessors, (47), 47 states have call successors, (47) [2022-02-20 18:01:43,688 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 340 states to 340 states and 521 transitions. [2022-02-20 18:01:43,688 INFO L78 Accepts]: Start accepts. Automaton has 340 states and 521 transitions. Word has length 96 [2022-02-20 18:01:43,689 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:43,689 INFO L470 AbstractCegarLoop]: Abstraction has 340 states and 521 transitions. [2022-02-20 18:01:43,689 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:43,689 INFO L276 IsEmpty]: Start isEmpty. Operand 340 states and 521 transitions. [2022-02-20 18:01:43,690 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 18:01:43,690 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:43,691 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:43,709 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:43,898 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:01:43,899 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:43,905 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:43,905 INFO L85 PathProgramCache]: Analyzing trace with hash 765324620, now seen corresponding path program 1 times [2022-02-20 18:01:43,905 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:43,907 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1279651741] [2022-02-20 18:01:43,907 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:43,908 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:43,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:44,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,042 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4667#true} #1094#return; {4667#true} is VALID [2022-02-20 18:01:44,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:44,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,049 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4667#true} #1096#return; {4667#true} is VALID [2022-02-20 18:01:44,050 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:44,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,065 INFO L290 TraceCheckUtils]: 0: Hoare triple {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4719#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:44,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {4719#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4720#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:44,066 INFO L290 TraceCheckUtils]: 2: Hoare triple {4720#(= |setClientId_#in~handle| 1)} assume true; {4720#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:44,066 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4720#(= |setClientId_#in~handle| 1)} {4677#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1098#return; {4668#false} is VALID [2022-02-20 18:01:44,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:44,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,085 INFO L290 TraceCheckUtils]: 0: Hoare triple {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,085 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,086 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,086 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4668#false} #1100#return; {4668#false} is VALID [2022-02-20 18:01:44,086 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:44,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,091 INFO L290 TraceCheckUtils]: 0: Hoare triple {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,091 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,091 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,091 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4668#false} #1102#return; {4668#false} is VALID [2022-02-20 18:01:44,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:44,093 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,099 INFO L290 TraceCheckUtils]: 0: Hoare triple {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,100 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,100 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,100 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4668#false} #1104#return; {4668#false} is VALID [2022-02-20 18:01:44,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 18:01:44,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,108 INFO L290 TraceCheckUtils]: 0: Hoare triple {4721#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,109 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4668#false} #1066#return; {4668#false} is VALID [2022-02-20 18:01:44,114 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:01:44,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,132 INFO L290 TraceCheckUtils]: 0: Hoare triple {4722#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,132 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,132 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,132 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4668#false} #1068#return; {4668#false} is VALID [2022-02-20 18:01:44,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:01:44,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,136 INFO L290 TraceCheckUtils]: 0: Hoare triple {4667#true} ~handle := #in~handle;havoc ~retValue_acc~7; {4667#true} is VALID [2022-02-20 18:01:44,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {4667#true} is VALID [2022-02-20 18:01:44,136 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,136 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4668#false} #1048#return; {4668#false} is VALID [2022-02-20 18:01:44,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:01:44,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {4721#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,140 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,140 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4668#false} #1072#return; {4668#false} is VALID [2022-02-20 18:01:44,140 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:01:44,141 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,143 INFO L290 TraceCheckUtils]: 0: Hoare triple {4667#true} ~handle := #in~handle;havoc ~retValue_acc~24; {4667#true} is VALID [2022-02-20 18:01:44,143 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {4667#true} is VALID [2022-02-20 18:01:44,143 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,143 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4667#true} {4668#false} #1074#return; {4668#false} is VALID [2022-02-20 18:01:44,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:01:44,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,145 INFO L290 TraceCheckUtils]: 0: Hoare triple {4667#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {4667#true} is VALID [2022-02-20 18:01:44,145 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,145 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4667#true} {4668#false} #1076#return; {4668#false} is VALID [2022-02-20 18:01:44,145 INFO L290 TraceCheckUtils]: 0: Hoare triple {4667#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4667#true} is VALID [2022-02-20 18:01:44,149 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {4667#true} is VALID [2022-02-20 18:01:44,149 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4667#true} is VALID [2022-02-20 18:01:44,150 INFO L290 TraceCheckUtils]: 3: Hoare triple {4667#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {4667#true} is VALID [2022-02-20 18:01:44,150 INFO L290 TraceCheckUtils]: 4: Hoare triple {4667#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {4667#true} is VALID [2022-02-20 18:01:44,150 INFO L290 TraceCheckUtils]: 5: Hoare triple {4667#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4667#true} is VALID [2022-02-20 18:01:44,151 INFO L272 TraceCheckUtils]: 6: Hoare triple {4667#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:44,151 INFO L290 TraceCheckUtils]: 7: Hoare triple {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,151 INFO L290 TraceCheckUtils]: 8: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,151 INFO L290 TraceCheckUtils]: 9: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,151 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4667#true} {4667#true} #1094#return; {4667#true} is VALID [2022-02-20 18:01:44,151 INFO L290 TraceCheckUtils]: 11: Hoare triple {4667#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4667#true} is VALID [2022-02-20 18:01:44,151 INFO L272 TraceCheckUtils]: 12: Hoare triple {4667#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:44,152 INFO L290 TraceCheckUtils]: 13: Hoare triple {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,152 INFO L290 TraceCheckUtils]: 14: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,152 INFO L290 TraceCheckUtils]: 15: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,152 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4667#true} {4667#true} #1096#return; {4667#true} is VALID [2022-02-20 18:01:44,152 INFO L290 TraceCheckUtils]: 17: Hoare triple {4667#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4677#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:44,153 INFO L272 TraceCheckUtils]: 18: Hoare triple {4677#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:44,153 INFO L290 TraceCheckUtils]: 19: Hoare triple {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4719#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:44,153 INFO L290 TraceCheckUtils]: 20: Hoare triple {4719#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4720#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:44,153 INFO L290 TraceCheckUtils]: 21: Hoare triple {4720#(= |setClientId_#in~handle| 1)} assume true; {4720#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:44,154 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4720#(= |setClientId_#in~handle| 1)} {4677#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1098#return; {4668#false} is VALID [2022-02-20 18:01:44,154 INFO L290 TraceCheckUtils]: 23: Hoare triple {4668#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4668#false} is VALID [2022-02-20 18:01:44,154 INFO L272 TraceCheckUtils]: 24: Hoare triple {4668#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:44,154 INFO L290 TraceCheckUtils]: 25: Hoare triple {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,154 INFO L290 TraceCheckUtils]: 26: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,154 INFO L290 TraceCheckUtils]: 27: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,154 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4667#true} {4668#false} #1100#return; {4668#false} is VALID [2022-02-20 18:01:44,154 INFO L290 TraceCheckUtils]: 29: Hoare triple {4668#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4668#false} is VALID [2022-02-20 18:01:44,154 INFO L272 TraceCheckUtils]: 30: Hoare triple {4668#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:44,154 INFO L290 TraceCheckUtils]: 31: Hoare triple {4717#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,154 INFO L290 TraceCheckUtils]: 32: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,154 INFO L290 TraceCheckUtils]: 33: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,155 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4667#true} {4668#false} #1102#return; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 35: Hoare triple {4668#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L272 TraceCheckUtils]: 36: Hoare triple {4668#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 37: Hoare triple {4718#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 38: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 39: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,155 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4667#true} {4668#false} #1104#return; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 41: Hoare triple {4668#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 42: Hoare triple {4668#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 43: Hoare triple {4668#false} assume !false; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 44: Hoare triple {4668#false} assume test_~splverifierCounter~0#1 < 4; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 45: Hoare triple {4668#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 46: Hoare triple {4668#false} assume !(0 == test_~op1~0#1); {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 47: Hoare triple {4668#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {4668#false} is VALID [2022-02-20 18:01:44,155 INFO L290 TraceCheckUtils]: 48: Hoare triple {4668#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4668#false} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 49: Hoare triple {4668#false} assume !false; {4668#false} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 50: Hoare triple {4668#false} assume !(test_~splverifierCounter~0#1 < 4); {4668#false} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 51: Hoare triple {4668#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {4668#false} is VALID [2022-02-20 18:01:44,156 INFO L272 TraceCheckUtils]: 52: Hoare triple {4668#false} call sendEmail(~bob~0, ~rjh~0); {4668#false} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 53: Hoare triple {4668#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4668#false} is VALID [2022-02-20 18:01:44,156 INFO L272 TraceCheckUtils]: 54: Hoare triple {4668#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4721#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 55: Hoare triple {4721#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 56: Hoare triple {4667#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 57: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,156 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4667#true} {4668#false} #1066#return; {4668#false} is VALID [2022-02-20 18:01:44,156 INFO L272 TraceCheckUtils]: 59: Hoare triple {4668#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4722#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 60: Hoare triple {4722#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 61: Hoare triple {4667#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 62: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,156 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {4667#true} {4668#false} #1068#return; {4668#false} is VALID [2022-02-20 18:01:44,156 INFO L290 TraceCheckUtils]: 64: Hoare triple {4668#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 65: Hoare triple {4668#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L272 TraceCheckUtils]: 66: Hoare triple {4668#false} call outgoing(~sender#1, ~email~0#1); {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 67: Hoare triple {4668#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 68: Hoare triple {4668#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 69: Hoare triple {4668#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 70: Hoare triple {4668#false} assume 0 == sign_~privkey~0#1; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 71: Hoare triple {4668#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L272 TraceCheckUtils]: 72: Hoare triple {4668#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {4667#true} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 73: Hoare triple {4667#true} ~handle := #in~handle;havoc ~retValue_acc~7; {4667#true} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 74: Hoare triple {4667#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {4667#true} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 75: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,157 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {4667#true} {4668#false} #1048#return; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 77: Hoare triple {4668#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 78: Hoare triple {4668#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L272 TraceCheckUtils]: 79: Hoare triple {4668#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {4668#false} is VALID [2022-02-20 18:01:44,157 INFO L290 TraceCheckUtils]: 80: Hoare triple {4668#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {4668#false} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 81: Hoare triple {4668#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {4668#false} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 82: Hoare triple {4668#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {4668#false} is VALID [2022-02-20 18:01:44,158 INFO L272 TraceCheckUtils]: 83: Hoare triple {4668#false} call setEmailFrom(~msg#1, ~tmp~14#1); {4721#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 84: Hoare triple {4721#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 85: Hoare triple {4667#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 86: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {4667#true} {4668#false} #1072#return; {4668#false} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 88: Hoare triple {4668#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {4668#false} is VALID [2022-02-20 18:01:44,158 INFO L272 TraceCheckUtils]: 89: Hoare triple {4668#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 90: Hoare triple {4667#true} ~handle := #in~handle;havoc ~retValue_acc~24; {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 91: Hoare triple {4667#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 92: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {4667#true} {4668#false} #1074#return; {4668#false} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 94: Hoare triple {4668#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {4668#false} is VALID [2022-02-20 18:01:44,158 INFO L272 TraceCheckUtils]: 95: Hoare triple {4668#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 96: Hoare triple {4667#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {4667#true} is VALID [2022-02-20 18:01:44,158 INFO L290 TraceCheckUtils]: 97: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,159 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {4667#true} {4668#false} #1076#return; {4668#false} is VALID [2022-02-20 18:01:44,159 INFO L290 TraceCheckUtils]: 99: Hoare triple {4668#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {4668#false} is VALID [2022-02-20 18:01:44,159 INFO L290 TraceCheckUtils]: 100: Hoare triple {4668#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {4668#false} is VALID [2022-02-20 18:01:44,159 INFO L290 TraceCheckUtils]: 101: Hoare triple {4668#false} assume !false; {4668#false} is VALID [2022-02-20 18:01:44,159 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:01:44,159 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:44,159 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1279651741] [2022-02-20 18:01:44,159 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1279651741] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:44,159 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [782154314] [2022-02-20 18:01:44,159 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:44,160 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:44,160 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:44,175 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:44,187 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:01:44,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,447 INFO L263 TraceCheckSpWp]: Trace formula consists of 1004 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:01:44,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:44,485 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:44,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {4667#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4667#true} is VALID [2022-02-20 18:01:44,648 INFO L290 TraceCheckUtils]: 1: Hoare triple {4667#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {4667#true} is VALID [2022-02-20 18:01:44,648 INFO L290 TraceCheckUtils]: 2: Hoare triple {4667#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4667#true} is VALID [2022-02-20 18:01:44,648 INFO L290 TraceCheckUtils]: 3: Hoare triple {4667#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {4667#true} is VALID [2022-02-20 18:01:44,648 INFO L290 TraceCheckUtils]: 4: Hoare triple {4667#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {4667#true} is VALID [2022-02-20 18:01:44,648 INFO L290 TraceCheckUtils]: 5: Hoare triple {4667#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4667#true} is VALID [2022-02-20 18:01:44,648 INFO L272 TraceCheckUtils]: 6: Hoare triple {4667#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4667#true} is VALID [2022-02-20 18:01:44,649 INFO L290 TraceCheckUtils]: 7: Hoare triple {4667#true} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,649 INFO L290 TraceCheckUtils]: 8: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,649 INFO L290 TraceCheckUtils]: 9: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,649 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4667#true} {4667#true} #1094#return; {4667#true} is VALID [2022-02-20 18:01:44,649 INFO L290 TraceCheckUtils]: 11: Hoare triple {4667#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4667#true} is VALID [2022-02-20 18:01:44,649 INFO L272 TraceCheckUtils]: 12: Hoare triple {4667#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4667#true} is VALID [2022-02-20 18:01:44,649 INFO L290 TraceCheckUtils]: 13: Hoare triple {4667#true} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,649 INFO L290 TraceCheckUtils]: 14: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L290 TraceCheckUtils]: 15: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4667#true} {4667#true} #1096#return; {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L290 TraceCheckUtils]: 17: Hoare triple {4667#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L272 TraceCheckUtils]: 18: Hoare triple {4667#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L290 TraceCheckUtils]: 19: Hoare triple {4667#true} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L290 TraceCheckUtils]: 20: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L290 TraceCheckUtils]: 21: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4667#true} {4667#true} #1098#return; {4667#true} is VALID [2022-02-20 18:01:44,650 INFO L290 TraceCheckUtils]: 23: Hoare triple {4667#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4667#true} is VALID [2022-02-20 18:01:44,651 INFO L272 TraceCheckUtils]: 24: Hoare triple {4667#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4667#true} is VALID [2022-02-20 18:01:44,651 INFO L290 TraceCheckUtils]: 25: Hoare triple {4667#true} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,651 INFO L290 TraceCheckUtils]: 26: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,651 INFO L290 TraceCheckUtils]: 27: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,651 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4667#true} {4667#true} #1100#return; {4667#true} is VALID [2022-02-20 18:01:44,651 INFO L290 TraceCheckUtils]: 29: Hoare triple {4667#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4667#true} is VALID [2022-02-20 18:01:44,651 INFO L272 TraceCheckUtils]: 30: Hoare triple {4667#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4667#true} is VALID [2022-02-20 18:01:44,651 INFO L290 TraceCheckUtils]: 31: Hoare triple {4667#true} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,652 INFO L290 TraceCheckUtils]: 32: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,652 INFO L290 TraceCheckUtils]: 33: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,652 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4667#true} {4667#true} #1102#return; {4667#true} is VALID [2022-02-20 18:01:44,652 INFO L290 TraceCheckUtils]: 35: Hoare triple {4667#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4667#true} is VALID [2022-02-20 18:01:44,652 INFO L272 TraceCheckUtils]: 36: Hoare triple {4667#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4667#true} is VALID [2022-02-20 18:01:44,652 INFO L290 TraceCheckUtils]: 37: Hoare triple {4667#true} ~handle := #in~handle;~value := #in~value; {4667#true} is VALID [2022-02-20 18:01:44,652 INFO L290 TraceCheckUtils]: 38: Hoare triple {4667#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4667#true} is VALID [2022-02-20 18:01:44,652 INFO L290 TraceCheckUtils]: 39: Hoare triple {4667#true} assume true; {4667#true} is VALID [2022-02-20 18:01:44,653 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4667#true} {4667#true} #1104#return; {4667#true} is VALID [2022-02-20 18:01:44,653 INFO L290 TraceCheckUtils]: 41: Hoare triple {4667#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {4667#true} is VALID [2022-02-20 18:01:44,653 INFO L290 TraceCheckUtils]: 42: Hoare triple {4667#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4852#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:44,654 INFO L290 TraceCheckUtils]: 43: Hoare triple {4852#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4852#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:44,654 INFO L290 TraceCheckUtils]: 44: Hoare triple {4852#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4852#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:44,655 INFO L290 TraceCheckUtils]: 45: Hoare triple {4852#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4852#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:44,655 INFO L290 TraceCheckUtils]: 46: Hoare triple {4852#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4668#false} is VALID [2022-02-20 18:01:44,655 INFO L290 TraceCheckUtils]: 47: Hoare triple {4668#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {4668#false} is VALID [2022-02-20 18:01:44,655 INFO L290 TraceCheckUtils]: 48: Hoare triple {4668#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4668#false} is VALID [2022-02-20 18:01:44,655 INFO L290 TraceCheckUtils]: 49: Hoare triple {4668#false} assume !false; {4668#false} is VALID [2022-02-20 18:01:44,655 INFO L290 TraceCheckUtils]: 50: Hoare triple {4668#false} assume !(test_~splverifierCounter~0#1 < 4); {4668#false} is VALID [2022-02-20 18:01:44,656 INFO L290 TraceCheckUtils]: 51: Hoare triple {4668#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {4668#false} is VALID [2022-02-20 18:01:44,656 INFO L272 TraceCheckUtils]: 52: Hoare triple {4668#false} call sendEmail(~bob~0, ~rjh~0); {4668#false} is VALID [2022-02-20 18:01:44,656 INFO L290 TraceCheckUtils]: 53: Hoare triple {4668#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4668#false} is VALID [2022-02-20 18:01:44,656 INFO L272 TraceCheckUtils]: 54: Hoare triple {4668#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4668#false} is VALID [2022-02-20 18:01:44,656 INFO L290 TraceCheckUtils]: 55: Hoare triple {4668#false} ~handle := #in~handle;~value := #in~value; {4668#false} is VALID [2022-02-20 18:01:44,656 INFO L290 TraceCheckUtils]: 56: Hoare triple {4668#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4668#false} is VALID [2022-02-20 18:01:44,656 INFO L290 TraceCheckUtils]: 57: Hoare triple {4668#false} assume true; {4668#false} is VALID [2022-02-20 18:01:44,657 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4668#false} {4668#false} #1066#return; {4668#false} is VALID [2022-02-20 18:01:44,657 INFO L272 TraceCheckUtils]: 59: Hoare triple {4668#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4668#false} is VALID [2022-02-20 18:01:44,657 INFO L290 TraceCheckUtils]: 60: Hoare triple {4668#false} ~handle := #in~handle;~value := #in~value; {4668#false} is VALID [2022-02-20 18:01:44,657 INFO L290 TraceCheckUtils]: 61: Hoare triple {4668#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4668#false} is VALID [2022-02-20 18:01:44,657 INFO L290 TraceCheckUtils]: 62: Hoare triple {4668#false} assume true; {4668#false} is VALID [2022-02-20 18:01:44,657 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {4668#false} {4668#false} #1068#return; {4668#false} is VALID [2022-02-20 18:01:44,657 INFO L290 TraceCheckUtils]: 64: Hoare triple {4668#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {4668#false} is VALID [2022-02-20 18:01:44,657 INFO L290 TraceCheckUtils]: 65: Hoare triple {4668#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {4668#false} is VALID [2022-02-20 18:01:44,658 INFO L272 TraceCheckUtils]: 66: Hoare triple {4668#false} call outgoing(~sender#1, ~email~0#1); {4668#false} is VALID [2022-02-20 18:01:44,658 INFO L290 TraceCheckUtils]: 67: Hoare triple {4668#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {4668#false} is VALID [2022-02-20 18:01:44,658 INFO L290 TraceCheckUtils]: 68: Hoare triple {4668#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {4668#false} is VALID [2022-02-20 18:01:44,658 INFO L290 TraceCheckUtils]: 69: Hoare triple {4668#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {4668#false} is VALID [2022-02-20 18:01:44,658 INFO L290 TraceCheckUtils]: 70: Hoare triple {4668#false} assume 0 == sign_~privkey~0#1; {4668#false} is VALID [2022-02-20 18:01:44,658 INFO L290 TraceCheckUtils]: 71: Hoare triple {4668#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {4668#false} is VALID [2022-02-20 18:01:44,658 INFO L272 TraceCheckUtils]: 72: Hoare triple {4668#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {4668#false} is VALID [2022-02-20 18:01:44,658 INFO L290 TraceCheckUtils]: 73: Hoare triple {4668#false} ~handle := #in~handle;havoc ~retValue_acc~7; {4668#false} is VALID [2022-02-20 18:01:44,659 INFO L290 TraceCheckUtils]: 74: Hoare triple {4668#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {4668#false} is VALID [2022-02-20 18:01:44,659 INFO L290 TraceCheckUtils]: 75: Hoare triple {4668#false} assume true; {4668#false} is VALID [2022-02-20 18:01:44,659 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {4668#false} {4668#false} #1048#return; {4668#false} is VALID [2022-02-20 18:01:44,659 INFO L290 TraceCheckUtils]: 77: Hoare triple {4668#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {4668#false} is VALID [2022-02-20 18:01:44,659 INFO L290 TraceCheckUtils]: 78: Hoare triple {4668#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {4668#false} is VALID [2022-02-20 18:01:44,659 INFO L272 TraceCheckUtils]: 79: Hoare triple {4668#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {4668#false} is VALID [2022-02-20 18:01:44,659 INFO L290 TraceCheckUtils]: 80: Hoare triple {4668#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {4668#false} is VALID [2022-02-20 18:01:44,659 INFO L290 TraceCheckUtils]: 81: Hoare triple {4668#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {4668#false} is VALID [2022-02-20 18:01:44,660 INFO L290 TraceCheckUtils]: 82: Hoare triple {4668#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {4668#false} is VALID [2022-02-20 18:01:44,660 INFO L272 TraceCheckUtils]: 83: Hoare triple {4668#false} call setEmailFrom(~msg#1, ~tmp~14#1); {4668#false} is VALID [2022-02-20 18:01:44,660 INFO L290 TraceCheckUtils]: 84: Hoare triple {4668#false} ~handle := #in~handle;~value := #in~value; {4668#false} is VALID [2022-02-20 18:01:44,660 INFO L290 TraceCheckUtils]: 85: Hoare triple {4668#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4668#false} is VALID [2022-02-20 18:01:44,660 INFO L290 TraceCheckUtils]: 86: Hoare triple {4668#false} assume true; {4668#false} is VALID [2022-02-20 18:01:44,660 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {4668#false} {4668#false} #1072#return; {4668#false} is VALID [2022-02-20 18:01:44,660 INFO L290 TraceCheckUtils]: 88: Hoare triple {4668#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {4668#false} is VALID [2022-02-20 18:01:44,660 INFO L272 TraceCheckUtils]: 89: Hoare triple {4668#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {4668#false} is VALID [2022-02-20 18:01:44,661 INFO L290 TraceCheckUtils]: 90: Hoare triple {4668#false} ~handle := #in~handle;havoc ~retValue_acc~24; {4668#false} is VALID [2022-02-20 18:01:44,661 INFO L290 TraceCheckUtils]: 91: Hoare triple {4668#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {4668#false} is VALID [2022-02-20 18:01:44,661 INFO L290 TraceCheckUtils]: 92: Hoare triple {4668#false} assume true; {4668#false} is VALID [2022-02-20 18:01:44,661 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {4668#false} {4668#false} #1074#return; {4668#false} is VALID [2022-02-20 18:01:44,661 INFO L290 TraceCheckUtils]: 94: Hoare triple {4668#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {4668#false} is VALID [2022-02-20 18:01:44,661 INFO L272 TraceCheckUtils]: 95: Hoare triple {4668#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {4668#false} is VALID [2022-02-20 18:01:44,661 INFO L290 TraceCheckUtils]: 96: Hoare triple {4668#false} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {4668#false} is VALID [2022-02-20 18:01:44,661 INFO L290 TraceCheckUtils]: 97: Hoare triple {4668#false} assume true; {4668#false} is VALID [2022-02-20 18:01:44,662 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {4668#false} {4668#false} #1076#return; {4668#false} is VALID [2022-02-20 18:01:44,662 INFO L290 TraceCheckUtils]: 99: Hoare triple {4668#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {4668#false} is VALID [2022-02-20 18:01:44,662 INFO L290 TraceCheckUtils]: 100: Hoare triple {4668#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {4668#false} is VALID [2022-02-20 18:01:44,662 INFO L290 TraceCheckUtils]: 101: Hoare triple {4668#false} assume !false; {4668#false} is VALID [2022-02-20 18:01:44,662 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:01:44,662 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:44,663 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [782154314] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:44,663 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:44,663 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:01:44,663 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1182896377] [2022-02-20 18:01:44,663 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:44,664 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 102 [2022-02-20 18:01:44,664 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:44,664 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:44,720 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:44,721 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:01:44,721 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:44,722 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:01:44,722 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:44,722 INFO L87 Difference]: Start difference. First operand 340 states and 521 transitions. Second operand has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:45,176 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:45,176 INFO L93 Difference]: Finished difference Result 723 states and 1126 transitions. [2022-02-20 18:01:45,176 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:01:45,177 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 102 [2022-02-20 18:01:45,177 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:45,177 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:45,188 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1124 transitions. [2022-02-20 18:01:45,188 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:45,206 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1124 transitions. [2022-02-20 18:01:45,206 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1124 transitions. [2022-02-20 18:01:45,953 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1124 edges. 1124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:45,963 INFO L225 Difference]: With dead ends: 723 [2022-02-20 18:01:45,964 INFO L226 Difference]: Without dead ends: 410 [2022-02-20 18:01:45,965 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 129 GetRequests, 121 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:45,965 INFO L933 BasicCegarLoop]: 541 mSDtfsCounter, 126 mSDsluCounter, 472 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1013 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:45,966 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1013 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:45,966 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 410 states. [2022-02-20 18:01:45,988 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 410 to 402. [2022-02-20 18:01:45,989 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:45,990 INFO L82 GeneralOperation]: Start isEquivalent. First operand 410 states. Second operand has 402 states, 318 states have (on average 1.5943396226415094) internal successors, (507), 320 states have internal predecessors, (507), 62 states have call successors, (62), 21 states have call predecessors, (62), 21 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:01:45,990 INFO L74 IsIncluded]: Start isIncluded. First operand 410 states. Second operand has 402 states, 318 states have (on average 1.5943396226415094) internal successors, (507), 320 states have internal predecessors, (507), 62 states have call successors, (62), 21 states have call predecessors, (62), 21 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:01:45,991 INFO L87 Difference]: Start difference. First operand 410 states. Second operand has 402 states, 318 states have (on average 1.5943396226415094) internal successors, (507), 320 states have internal predecessors, (507), 62 states have call successors, (62), 21 states have call predecessors, (62), 21 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:01:46,005 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:46,007 INFO L93 Difference]: Finished difference Result 410 states and 639 transitions. [2022-02-20 18:01:46,007 INFO L276 IsEmpty]: Start isEmpty. Operand 410 states and 639 transitions. [2022-02-20 18:01:46,010 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:46,010 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:46,011 INFO L74 IsIncluded]: Start isIncluded. First operand has 402 states, 318 states have (on average 1.5943396226415094) internal successors, (507), 320 states have internal predecessors, (507), 62 states have call successors, (62), 21 states have call predecessors, (62), 21 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 410 states. [2022-02-20 18:01:46,012 INFO L87 Difference]: Start difference. First operand has 402 states, 318 states have (on average 1.5943396226415094) internal successors, (507), 320 states have internal predecessors, (507), 62 states have call successors, (62), 21 states have call predecessors, (62), 21 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 410 states. [2022-02-20 18:01:46,023 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:46,023 INFO L93 Difference]: Finished difference Result 410 states and 639 transitions. [2022-02-20 18:01:46,023 INFO L276 IsEmpty]: Start isEmpty. Operand 410 states and 639 transitions. [2022-02-20 18:01:46,025 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:46,025 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:46,025 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:46,025 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:46,027 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 402 states, 318 states have (on average 1.5943396226415094) internal successors, (507), 320 states have internal predecessors, (507), 62 states have call successors, (62), 21 states have call predecessors, (62), 21 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:01:46,038 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 402 states to 402 states and 630 transitions. [2022-02-20 18:01:46,039 INFO L78 Accepts]: Start accepts. Automaton has 402 states and 630 transitions. Word has length 102 [2022-02-20 18:01:46,039 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:46,039 INFO L470 AbstractCegarLoop]: Abstraction has 402 states and 630 transitions. [2022-02-20 18:01:46,039 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:46,040 INFO L276 IsEmpty]: Start isEmpty. Operand 402 states and 630 transitions. [2022-02-20 18:01:46,041 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 104 [2022-02-20 18:01:46,041 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:46,041 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:46,060 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Ended with exit code 0 [2022-02-20 18:01:46,259 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:46,259 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:46,260 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:46,260 INFO L85 PathProgramCache]: Analyzing trace with hash -1123916787, now seen corresponding path program 1 times [2022-02-20 18:01:46,260 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:46,260 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1505602992] [2022-02-20 18:01:46,260 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:46,260 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:46,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,314 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:46,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,318 INFO L290 TraceCheckUtils]: 0: Hoare triple {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,318 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,318 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,318 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7395#true} #1094#return; {7395#true} is VALID [2022-02-20 18:01:46,323 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:46,325 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,328 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,328 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7395#true} #1096#return; {7395#true} is VALID [2022-02-20 18:01:46,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:46,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7447#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:46,362 INFO L290 TraceCheckUtils]: 1: Hoare triple {7447#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7448#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:46,362 INFO L290 TraceCheckUtils]: 2: Hoare triple {7448#(= |setClientId_#in~handle| 1)} assume true; {7448#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:46,363 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7448#(= |setClientId_#in~handle| 1)} {7405#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1098#return; {7396#false} is VALID [2022-02-20 18:01:46,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:46,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,366 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,366 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,366 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,367 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7396#false} #1100#return; {7396#false} is VALID [2022-02-20 18:01:46,367 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:46,368 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,375 INFO L290 TraceCheckUtils]: 0: Hoare triple {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,375 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,375 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,375 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7396#false} #1102#return; {7396#false} is VALID [2022-02-20 18:01:46,376 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:46,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,379 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,380 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7396#false} #1104#return; {7396#false} is VALID [2022-02-20 18:01:46,386 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:01:46,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {7449#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,389 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,389 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,390 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7396#false} #1066#return; {7396#false} is VALID [2022-02-20 18:01:46,397 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:01:46,398 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {7450#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,400 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,400 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,400 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7396#false} #1068#return; {7396#false} is VALID [2022-02-20 18:01:46,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:01:46,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,402 INFO L290 TraceCheckUtils]: 0: Hoare triple {7395#true} ~handle := #in~handle;havoc ~retValue_acc~7; {7395#true} is VALID [2022-02-20 18:01:46,402 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {7395#true} is VALID [2022-02-20 18:01:46,402 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,402 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7396#false} #1048#return; {7396#false} is VALID [2022-02-20 18:01:46,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:01:46,403 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,405 INFO L290 TraceCheckUtils]: 0: Hoare triple {7449#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,405 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,405 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,405 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7396#false} #1072#return; {7396#false} is VALID [2022-02-20 18:01:46,405 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:01:46,406 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,409 INFO L290 TraceCheckUtils]: 0: Hoare triple {7395#true} ~handle := #in~handle;havoc ~retValue_acc~24; {7395#true} is VALID [2022-02-20 18:01:46,409 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {7395#true} is VALID [2022-02-20 18:01:46,409 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,409 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7395#true} {7396#false} #1074#return; {7396#false} is VALID [2022-02-20 18:01:46,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:01:46,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,412 INFO L290 TraceCheckUtils]: 0: Hoare triple {7395#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {7395#true} is VALID [2022-02-20 18:01:46,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,412 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7395#true} {7396#false} #1076#return; {7396#false} is VALID [2022-02-20 18:01:46,412 INFO L290 TraceCheckUtils]: 0: Hoare triple {7395#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {7395#true} is VALID [2022-02-20 18:01:46,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {7395#true} is VALID [2022-02-20 18:01:46,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7395#true} is VALID [2022-02-20 18:01:46,413 INFO L290 TraceCheckUtils]: 3: Hoare triple {7395#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {7395#true} is VALID [2022-02-20 18:01:46,413 INFO L290 TraceCheckUtils]: 4: Hoare triple {7395#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {7395#true} is VALID [2022-02-20 18:01:46,413 INFO L290 TraceCheckUtils]: 5: Hoare triple {7395#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7395#true} is VALID [2022-02-20 18:01:46,414 INFO L272 TraceCheckUtils]: 6: Hoare triple {7395#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:46,414 INFO L290 TraceCheckUtils]: 7: Hoare triple {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,414 INFO L290 TraceCheckUtils]: 8: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,414 INFO L290 TraceCheckUtils]: 9: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,414 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7395#true} {7395#true} #1094#return; {7395#true} is VALID [2022-02-20 18:01:46,414 INFO L290 TraceCheckUtils]: 11: Hoare triple {7395#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7395#true} is VALID [2022-02-20 18:01:46,415 INFO L272 TraceCheckUtils]: 12: Hoare triple {7395#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:46,415 INFO L290 TraceCheckUtils]: 13: Hoare triple {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,415 INFO L290 TraceCheckUtils]: 14: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,415 INFO L290 TraceCheckUtils]: 15: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,415 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7395#true} {7395#true} #1096#return; {7395#true} is VALID [2022-02-20 18:01:46,416 INFO L290 TraceCheckUtils]: 17: Hoare triple {7395#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7405#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:46,416 INFO L272 TraceCheckUtils]: 18: Hoare triple {7405#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:46,417 INFO L290 TraceCheckUtils]: 19: Hoare triple {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7447#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:46,417 INFO L290 TraceCheckUtils]: 20: Hoare triple {7447#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7448#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:46,417 INFO L290 TraceCheckUtils]: 21: Hoare triple {7448#(= |setClientId_#in~handle| 1)} assume true; {7448#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:46,418 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7448#(= |setClientId_#in~handle| 1)} {7405#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1098#return; {7396#false} is VALID [2022-02-20 18:01:46,418 INFO L290 TraceCheckUtils]: 23: Hoare triple {7396#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7396#false} is VALID [2022-02-20 18:01:46,418 INFO L272 TraceCheckUtils]: 24: Hoare triple {7396#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:46,418 INFO L290 TraceCheckUtils]: 25: Hoare triple {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,418 INFO L290 TraceCheckUtils]: 26: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,418 INFO L290 TraceCheckUtils]: 27: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,418 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7395#true} {7396#false} #1100#return; {7396#false} is VALID [2022-02-20 18:01:46,419 INFO L290 TraceCheckUtils]: 29: Hoare triple {7396#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7396#false} is VALID [2022-02-20 18:01:46,419 INFO L272 TraceCheckUtils]: 30: Hoare triple {7396#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:46,419 INFO L290 TraceCheckUtils]: 31: Hoare triple {7445#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,419 INFO L290 TraceCheckUtils]: 32: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,419 INFO L290 TraceCheckUtils]: 33: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,419 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7395#true} {7396#false} #1102#return; {7396#false} is VALID [2022-02-20 18:01:46,419 INFO L290 TraceCheckUtils]: 35: Hoare triple {7396#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7396#false} is VALID [2022-02-20 18:01:46,419 INFO L272 TraceCheckUtils]: 36: Hoare triple {7396#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:46,420 INFO L290 TraceCheckUtils]: 37: Hoare triple {7446#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,420 INFO L290 TraceCheckUtils]: 38: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,420 INFO L290 TraceCheckUtils]: 39: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,420 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7395#true} {7396#false} #1104#return; {7396#false} is VALID [2022-02-20 18:01:46,420 INFO L290 TraceCheckUtils]: 41: Hoare triple {7396#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {7396#false} is VALID [2022-02-20 18:01:46,420 INFO L290 TraceCheckUtils]: 42: Hoare triple {7396#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7396#false} is VALID [2022-02-20 18:01:46,420 INFO L290 TraceCheckUtils]: 43: Hoare triple {7396#false} assume !false; {7396#false} is VALID [2022-02-20 18:01:46,420 INFO L290 TraceCheckUtils]: 44: Hoare triple {7396#false} assume test_~splverifierCounter~0#1 < 4; {7396#false} is VALID [2022-02-20 18:01:46,421 INFO L290 TraceCheckUtils]: 45: Hoare triple {7396#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7396#false} is VALID [2022-02-20 18:01:46,421 INFO L290 TraceCheckUtils]: 46: Hoare triple {7396#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {7396#false} is VALID [2022-02-20 18:01:46,421 INFO L290 TraceCheckUtils]: 47: Hoare triple {7396#false} assume !(0 != test_~tmp___9~0#1); {7396#false} is VALID [2022-02-20 18:01:46,421 INFO L290 TraceCheckUtils]: 48: Hoare triple {7396#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {7396#false} is VALID [2022-02-20 18:01:46,421 INFO L290 TraceCheckUtils]: 49: Hoare triple {7396#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7396#false} is VALID [2022-02-20 18:01:46,421 INFO L290 TraceCheckUtils]: 50: Hoare triple {7396#false} assume !false; {7396#false} is VALID [2022-02-20 18:01:46,421 INFO L290 TraceCheckUtils]: 51: Hoare triple {7396#false} assume !(test_~splverifierCounter~0#1 < 4); {7396#false} is VALID [2022-02-20 18:01:46,421 INFO L290 TraceCheckUtils]: 52: Hoare triple {7396#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {7396#false} is VALID [2022-02-20 18:01:46,422 INFO L272 TraceCheckUtils]: 53: Hoare triple {7396#false} call sendEmail(~bob~0, ~rjh~0); {7396#false} is VALID [2022-02-20 18:01:46,422 INFO L290 TraceCheckUtils]: 54: Hoare triple {7396#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7396#false} is VALID [2022-02-20 18:01:46,422 INFO L272 TraceCheckUtils]: 55: Hoare triple {7396#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7449#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:46,422 INFO L290 TraceCheckUtils]: 56: Hoare triple {7449#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,422 INFO L290 TraceCheckUtils]: 57: Hoare triple {7395#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,422 INFO L290 TraceCheckUtils]: 58: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,422 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {7395#true} {7396#false} #1066#return; {7396#false} is VALID [2022-02-20 18:01:46,422 INFO L272 TraceCheckUtils]: 60: Hoare triple {7396#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7450#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:46,422 INFO L290 TraceCheckUtils]: 61: Hoare triple {7450#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,423 INFO L290 TraceCheckUtils]: 62: Hoare triple {7395#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,423 INFO L290 TraceCheckUtils]: 63: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,423 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {7395#true} {7396#false} #1068#return; {7396#false} is VALID [2022-02-20 18:01:46,423 INFO L290 TraceCheckUtils]: 65: Hoare triple {7396#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {7396#false} is VALID [2022-02-20 18:01:46,423 INFO L290 TraceCheckUtils]: 66: Hoare triple {7396#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {7396#false} is VALID [2022-02-20 18:01:46,423 INFO L272 TraceCheckUtils]: 67: Hoare triple {7396#false} call outgoing(~sender#1, ~email~0#1); {7396#false} is VALID [2022-02-20 18:01:46,423 INFO L290 TraceCheckUtils]: 68: Hoare triple {7396#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {7396#false} is VALID [2022-02-20 18:01:46,423 INFO L290 TraceCheckUtils]: 69: Hoare triple {7396#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {7396#false} is VALID [2022-02-20 18:01:46,424 INFO L290 TraceCheckUtils]: 70: Hoare triple {7396#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {7396#false} is VALID [2022-02-20 18:01:46,424 INFO L290 TraceCheckUtils]: 71: Hoare triple {7396#false} assume 0 == sign_~privkey~0#1; {7396#false} is VALID [2022-02-20 18:01:46,424 INFO L290 TraceCheckUtils]: 72: Hoare triple {7396#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {7396#false} is VALID [2022-02-20 18:01:46,424 INFO L272 TraceCheckUtils]: 73: Hoare triple {7396#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {7395#true} is VALID [2022-02-20 18:01:46,424 INFO L290 TraceCheckUtils]: 74: Hoare triple {7395#true} ~handle := #in~handle;havoc ~retValue_acc~7; {7395#true} is VALID [2022-02-20 18:01:46,424 INFO L290 TraceCheckUtils]: 75: Hoare triple {7395#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {7395#true} is VALID [2022-02-20 18:01:46,424 INFO L290 TraceCheckUtils]: 76: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,424 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {7395#true} {7396#false} #1048#return; {7396#false} is VALID [2022-02-20 18:01:46,425 INFO L290 TraceCheckUtils]: 78: Hoare triple {7396#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {7396#false} is VALID [2022-02-20 18:01:46,425 INFO L290 TraceCheckUtils]: 79: Hoare triple {7396#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {7396#false} is VALID [2022-02-20 18:01:46,425 INFO L272 TraceCheckUtils]: 80: Hoare triple {7396#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {7396#false} is VALID [2022-02-20 18:01:46,425 INFO L290 TraceCheckUtils]: 81: Hoare triple {7396#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {7396#false} is VALID [2022-02-20 18:01:46,425 INFO L290 TraceCheckUtils]: 82: Hoare triple {7396#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {7396#false} is VALID [2022-02-20 18:01:46,425 INFO L290 TraceCheckUtils]: 83: Hoare triple {7396#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {7396#false} is VALID [2022-02-20 18:01:46,425 INFO L272 TraceCheckUtils]: 84: Hoare triple {7396#false} call setEmailFrom(~msg#1, ~tmp~14#1); {7449#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:46,425 INFO L290 TraceCheckUtils]: 85: Hoare triple {7449#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,426 INFO L290 TraceCheckUtils]: 86: Hoare triple {7395#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,426 INFO L290 TraceCheckUtils]: 87: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,426 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {7395#true} {7396#false} #1072#return; {7396#false} is VALID [2022-02-20 18:01:46,426 INFO L290 TraceCheckUtils]: 89: Hoare triple {7396#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {7396#false} is VALID [2022-02-20 18:01:46,426 INFO L272 TraceCheckUtils]: 90: Hoare triple {7396#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {7395#true} is VALID [2022-02-20 18:01:46,426 INFO L290 TraceCheckUtils]: 91: Hoare triple {7395#true} ~handle := #in~handle;havoc ~retValue_acc~24; {7395#true} is VALID [2022-02-20 18:01:46,426 INFO L290 TraceCheckUtils]: 92: Hoare triple {7395#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {7395#true} is VALID [2022-02-20 18:01:46,426 INFO L290 TraceCheckUtils]: 93: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,426 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {7395#true} {7396#false} #1074#return; {7396#false} is VALID [2022-02-20 18:01:46,427 INFO L290 TraceCheckUtils]: 95: Hoare triple {7396#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {7396#false} is VALID [2022-02-20 18:01:46,427 INFO L272 TraceCheckUtils]: 96: Hoare triple {7396#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {7395#true} is VALID [2022-02-20 18:01:46,427 INFO L290 TraceCheckUtils]: 97: Hoare triple {7395#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {7395#true} is VALID [2022-02-20 18:01:46,427 INFO L290 TraceCheckUtils]: 98: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,427 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {7395#true} {7396#false} #1076#return; {7396#false} is VALID [2022-02-20 18:01:46,427 INFO L290 TraceCheckUtils]: 100: Hoare triple {7396#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {7396#false} is VALID [2022-02-20 18:01:46,427 INFO L290 TraceCheckUtils]: 101: Hoare triple {7396#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {7396#false} is VALID [2022-02-20 18:01:46,427 INFO L290 TraceCheckUtils]: 102: Hoare triple {7396#false} assume !false; {7396#false} is VALID [2022-02-20 18:01:46,428 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:01:46,428 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:46,428 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1505602992] [2022-02-20 18:01:46,428 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1505602992] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:46,428 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [333144624] [2022-02-20 18:01:46,429 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:46,429 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:46,429 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:46,444 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:46,480 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:01:46,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,657 INFO L263 TraceCheckSpWp]: Trace formula consists of 1011 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:01:46,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:46,699 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:46,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {7395#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {7395#true} is VALID [2022-02-20 18:01:46,947 INFO L290 TraceCheckUtils]: 1: Hoare triple {7395#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {7395#true} is VALID [2022-02-20 18:01:46,947 INFO L290 TraceCheckUtils]: 2: Hoare triple {7395#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7395#true} is VALID [2022-02-20 18:01:46,947 INFO L290 TraceCheckUtils]: 3: Hoare triple {7395#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {7395#true} is VALID [2022-02-20 18:01:46,947 INFO L290 TraceCheckUtils]: 4: Hoare triple {7395#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {7395#true} is VALID [2022-02-20 18:01:46,947 INFO L290 TraceCheckUtils]: 5: Hoare triple {7395#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7395#true} is VALID [2022-02-20 18:01:46,947 INFO L272 TraceCheckUtils]: 6: Hoare triple {7395#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7395#true} is VALID [2022-02-20 18:01:46,947 INFO L290 TraceCheckUtils]: 7: Hoare triple {7395#true} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,947 INFO L290 TraceCheckUtils]: 8: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,948 INFO L290 TraceCheckUtils]: 9: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,948 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7395#true} {7395#true} #1094#return; {7395#true} is VALID [2022-02-20 18:01:46,948 INFO L290 TraceCheckUtils]: 11: Hoare triple {7395#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7395#true} is VALID [2022-02-20 18:01:46,948 INFO L272 TraceCheckUtils]: 12: Hoare triple {7395#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7395#true} is VALID [2022-02-20 18:01:46,948 INFO L290 TraceCheckUtils]: 13: Hoare triple {7395#true} ~handle := #in~handle;~value := #in~value; {7395#true} is VALID [2022-02-20 18:01:46,948 INFO L290 TraceCheckUtils]: 14: Hoare triple {7395#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7395#true} is VALID [2022-02-20 18:01:46,948 INFO L290 TraceCheckUtils]: 15: Hoare triple {7395#true} assume true; {7395#true} is VALID [2022-02-20 18:01:46,949 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7395#true} {7395#true} #1096#return; {7395#true} is VALID [2022-02-20 18:01:46,949 INFO L290 TraceCheckUtils]: 17: Hoare triple {7395#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7505#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:01:46,950 INFO L272 TraceCheckUtils]: 18: Hoare triple {7505#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7395#true} is VALID [2022-02-20 18:01:46,950 INFO L290 TraceCheckUtils]: 19: Hoare triple {7395#true} ~handle := #in~handle;~value := #in~value; {7512#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:01:46,950 INFO L290 TraceCheckUtils]: 20: Hoare triple {7512#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7516#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:46,951 INFO L290 TraceCheckUtils]: 21: Hoare triple {7516#(<= |setClientId_#in~handle| 1)} assume true; {7516#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:46,951 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7516#(<= |setClientId_#in~handle| 1)} {7505#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1098#return; {7396#false} is VALID [2022-02-20 18:01:46,952 INFO L290 TraceCheckUtils]: 23: Hoare triple {7396#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7396#false} is VALID [2022-02-20 18:01:46,952 INFO L272 TraceCheckUtils]: 24: Hoare triple {7396#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7396#false} is VALID [2022-02-20 18:01:46,952 INFO L290 TraceCheckUtils]: 25: Hoare triple {7396#false} ~handle := #in~handle;~value := #in~value; {7396#false} is VALID [2022-02-20 18:01:46,952 INFO L290 TraceCheckUtils]: 26: Hoare triple {7396#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7396#false} is VALID [2022-02-20 18:01:46,952 INFO L290 TraceCheckUtils]: 27: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,952 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7396#false} {7396#false} #1100#return; {7396#false} is VALID [2022-02-20 18:01:46,952 INFO L290 TraceCheckUtils]: 29: Hoare triple {7396#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7396#false} is VALID [2022-02-20 18:01:46,953 INFO L272 TraceCheckUtils]: 30: Hoare triple {7396#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7396#false} is VALID [2022-02-20 18:01:46,953 INFO L290 TraceCheckUtils]: 31: Hoare triple {7396#false} ~handle := #in~handle;~value := #in~value; {7396#false} is VALID [2022-02-20 18:01:46,953 INFO L290 TraceCheckUtils]: 32: Hoare triple {7396#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7396#false} is VALID [2022-02-20 18:01:46,953 INFO L290 TraceCheckUtils]: 33: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,953 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7396#false} {7396#false} #1102#return; {7396#false} is VALID [2022-02-20 18:01:46,953 INFO L290 TraceCheckUtils]: 35: Hoare triple {7396#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7396#false} is VALID [2022-02-20 18:01:46,953 INFO L272 TraceCheckUtils]: 36: Hoare triple {7396#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7396#false} is VALID [2022-02-20 18:01:46,953 INFO L290 TraceCheckUtils]: 37: Hoare triple {7396#false} ~handle := #in~handle;~value := #in~value; {7396#false} is VALID [2022-02-20 18:01:46,954 INFO L290 TraceCheckUtils]: 38: Hoare triple {7396#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7396#false} is VALID [2022-02-20 18:01:46,954 INFO L290 TraceCheckUtils]: 39: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,954 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7396#false} {7396#false} #1104#return; {7396#false} is VALID [2022-02-20 18:01:46,954 INFO L290 TraceCheckUtils]: 41: Hoare triple {7396#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {7396#false} is VALID [2022-02-20 18:01:46,954 INFO L290 TraceCheckUtils]: 42: Hoare triple {7396#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7396#false} is VALID [2022-02-20 18:01:46,954 INFO L290 TraceCheckUtils]: 43: Hoare triple {7396#false} assume !false; {7396#false} is VALID [2022-02-20 18:01:46,954 INFO L290 TraceCheckUtils]: 44: Hoare triple {7396#false} assume test_~splverifierCounter~0#1 < 4; {7396#false} is VALID [2022-02-20 18:01:46,955 INFO L290 TraceCheckUtils]: 45: Hoare triple {7396#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7396#false} is VALID [2022-02-20 18:01:46,955 INFO L290 TraceCheckUtils]: 46: Hoare triple {7396#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {7396#false} is VALID [2022-02-20 18:01:46,955 INFO L290 TraceCheckUtils]: 47: Hoare triple {7396#false} assume !(0 != test_~tmp___9~0#1); {7396#false} is VALID [2022-02-20 18:01:46,955 INFO L290 TraceCheckUtils]: 48: Hoare triple {7396#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {7396#false} is VALID [2022-02-20 18:01:46,955 INFO L290 TraceCheckUtils]: 49: Hoare triple {7396#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7396#false} is VALID [2022-02-20 18:01:46,955 INFO L290 TraceCheckUtils]: 50: Hoare triple {7396#false} assume !false; {7396#false} is VALID [2022-02-20 18:01:46,955 INFO L290 TraceCheckUtils]: 51: Hoare triple {7396#false} assume !(test_~splverifierCounter~0#1 < 4); {7396#false} is VALID [2022-02-20 18:01:46,956 INFO L290 TraceCheckUtils]: 52: Hoare triple {7396#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {7396#false} is VALID [2022-02-20 18:01:46,956 INFO L272 TraceCheckUtils]: 53: Hoare triple {7396#false} call sendEmail(~bob~0, ~rjh~0); {7396#false} is VALID [2022-02-20 18:01:46,956 INFO L290 TraceCheckUtils]: 54: Hoare triple {7396#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7396#false} is VALID [2022-02-20 18:01:46,956 INFO L272 TraceCheckUtils]: 55: Hoare triple {7396#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7396#false} is VALID [2022-02-20 18:01:46,956 INFO L290 TraceCheckUtils]: 56: Hoare triple {7396#false} ~handle := #in~handle;~value := #in~value; {7396#false} is VALID [2022-02-20 18:01:46,956 INFO L290 TraceCheckUtils]: 57: Hoare triple {7396#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7396#false} is VALID [2022-02-20 18:01:46,956 INFO L290 TraceCheckUtils]: 58: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,957 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {7396#false} {7396#false} #1066#return; {7396#false} is VALID [2022-02-20 18:01:46,957 INFO L272 TraceCheckUtils]: 60: Hoare triple {7396#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7396#false} is VALID [2022-02-20 18:01:46,957 INFO L290 TraceCheckUtils]: 61: Hoare triple {7396#false} ~handle := #in~handle;~value := #in~value; {7396#false} is VALID [2022-02-20 18:01:46,957 INFO L290 TraceCheckUtils]: 62: Hoare triple {7396#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7396#false} is VALID [2022-02-20 18:01:46,957 INFO L290 TraceCheckUtils]: 63: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,957 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {7396#false} {7396#false} #1068#return; {7396#false} is VALID [2022-02-20 18:01:46,957 INFO L290 TraceCheckUtils]: 65: Hoare triple {7396#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {7396#false} is VALID [2022-02-20 18:01:46,957 INFO L290 TraceCheckUtils]: 66: Hoare triple {7396#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {7396#false} is VALID [2022-02-20 18:01:46,958 INFO L272 TraceCheckUtils]: 67: Hoare triple {7396#false} call outgoing(~sender#1, ~email~0#1); {7396#false} is VALID [2022-02-20 18:01:46,958 INFO L290 TraceCheckUtils]: 68: Hoare triple {7396#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {7396#false} is VALID [2022-02-20 18:01:46,958 INFO L290 TraceCheckUtils]: 69: Hoare triple {7396#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {7396#false} is VALID [2022-02-20 18:01:46,958 INFO L290 TraceCheckUtils]: 70: Hoare triple {7396#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {7396#false} is VALID [2022-02-20 18:01:46,958 INFO L290 TraceCheckUtils]: 71: Hoare triple {7396#false} assume 0 == sign_~privkey~0#1; {7396#false} is VALID [2022-02-20 18:01:46,958 INFO L290 TraceCheckUtils]: 72: Hoare triple {7396#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {7396#false} is VALID [2022-02-20 18:01:46,958 INFO L272 TraceCheckUtils]: 73: Hoare triple {7396#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {7396#false} is VALID [2022-02-20 18:01:46,958 INFO L290 TraceCheckUtils]: 74: Hoare triple {7396#false} ~handle := #in~handle;havoc ~retValue_acc~7; {7396#false} is VALID [2022-02-20 18:01:46,959 INFO L290 TraceCheckUtils]: 75: Hoare triple {7396#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {7396#false} is VALID [2022-02-20 18:01:46,959 INFO L290 TraceCheckUtils]: 76: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,959 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {7396#false} {7396#false} #1048#return; {7396#false} is VALID [2022-02-20 18:01:46,959 INFO L290 TraceCheckUtils]: 78: Hoare triple {7396#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {7396#false} is VALID [2022-02-20 18:01:46,959 INFO L290 TraceCheckUtils]: 79: Hoare triple {7396#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {7396#false} is VALID [2022-02-20 18:01:46,959 INFO L272 TraceCheckUtils]: 80: Hoare triple {7396#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {7396#false} is VALID [2022-02-20 18:01:46,959 INFO L290 TraceCheckUtils]: 81: Hoare triple {7396#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {7396#false} is VALID [2022-02-20 18:01:46,959 INFO L290 TraceCheckUtils]: 82: Hoare triple {7396#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {7396#false} is VALID [2022-02-20 18:01:46,960 INFO L290 TraceCheckUtils]: 83: Hoare triple {7396#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {7396#false} is VALID [2022-02-20 18:01:46,960 INFO L272 TraceCheckUtils]: 84: Hoare triple {7396#false} call setEmailFrom(~msg#1, ~tmp~14#1); {7396#false} is VALID [2022-02-20 18:01:46,960 INFO L290 TraceCheckUtils]: 85: Hoare triple {7396#false} ~handle := #in~handle;~value := #in~value; {7396#false} is VALID [2022-02-20 18:01:46,960 INFO L290 TraceCheckUtils]: 86: Hoare triple {7396#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7396#false} is VALID [2022-02-20 18:01:46,960 INFO L290 TraceCheckUtils]: 87: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,960 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {7396#false} {7396#false} #1072#return; {7396#false} is VALID [2022-02-20 18:01:46,960 INFO L290 TraceCheckUtils]: 89: Hoare triple {7396#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {7396#false} is VALID [2022-02-20 18:01:46,960 INFO L272 TraceCheckUtils]: 90: Hoare triple {7396#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {7396#false} is VALID [2022-02-20 18:01:46,961 INFO L290 TraceCheckUtils]: 91: Hoare triple {7396#false} ~handle := #in~handle;havoc ~retValue_acc~24; {7396#false} is VALID [2022-02-20 18:01:46,961 INFO L290 TraceCheckUtils]: 92: Hoare triple {7396#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {7396#false} is VALID [2022-02-20 18:01:46,961 INFO L290 TraceCheckUtils]: 93: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,961 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {7396#false} {7396#false} #1074#return; {7396#false} is VALID [2022-02-20 18:01:46,961 INFO L290 TraceCheckUtils]: 95: Hoare triple {7396#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {7396#false} is VALID [2022-02-20 18:01:46,961 INFO L272 TraceCheckUtils]: 96: Hoare triple {7396#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {7396#false} is VALID [2022-02-20 18:01:46,961 INFO L290 TraceCheckUtils]: 97: Hoare triple {7396#false} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {7396#false} is VALID [2022-02-20 18:01:46,961 INFO L290 TraceCheckUtils]: 98: Hoare triple {7396#false} assume true; {7396#false} is VALID [2022-02-20 18:01:46,962 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {7396#false} {7396#false} #1076#return; {7396#false} is VALID [2022-02-20 18:01:46,962 INFO L290 TraceCheckUtils]: 100: Hoare triple {7396#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {7396#false} is VALID [2022-02-20 18:01:46,962 INFO L290 TraceCheckUtils]: 101: Hoare triple {7396#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {7396#false} is VALID [2022-02-20 18:01:46,962 INFO L290 TraceCheckUtils]: 102: Hoare triple {7396#false} assume !false; {7396#false} is VALID [2022-02-20 18:01:46,962 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:01:46,962 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:46,963 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [333144624] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:46,963 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:46,963 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:01:46,963 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1735486041] [2022-02-20 18:01:46,963 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:46,964 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 103 [2022-02-20 18:01:46,964 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:46,964 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:47,019 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:47,019 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:01:47,019 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:47,020 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:01:47,020 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:01:47,020 INFO L87 Difference]: Start difference. First operand 402 states and 630 transitions. Second operand has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:47,913 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:47,914 INFO L93 Difference]: Finished difference Result 795 states and 1250 transitions. [2022-02-20 18:01:47,914 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:01:47,914 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 103 [2022-02-20 18:01:47,915 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:47,915 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:47,922 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1028 transitions. [2022-02-20 18:01:47,923 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:47,930 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1028 transitions. [2022-02-20 18:01:47,930 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1028 transitions. [2022-02-20 18:01:48,568 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1028 edges. 1028 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:48,578 INFO L225 Difference]: With dead ends: 795 [2022-02-20 18:01:48,579 INFO L226 Difference]: Without dead ends: 404 [2022-02-20 18:01:48,581 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 120 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:01:48,582 INFO L933 BasicCegarLoop]: 510 mSDtfsCounter, 144 mSDsluCounter, 1364 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 167 SdHoareTripleChecker+Valid, 1874 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:48,582 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [167 Valid, 1874 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:48,583 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 404 states. [2022-02-20 18:01:48,658 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 404 to 404. [2022-02-20 18:01:48,658 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:48,660 INFO L82 GeneralOperation]: Start isEquivalent. First operand 404 states. Second operand has 404 states, 319 states have (on average 1.5924764890282133) internal successors, (508), 322 states have internal predecessors, (508), 62 states have call successors, (62), 21 states have call predecessors, (62), 22 states have return successors, (63), 60 states have call predecessors, (63), 61 states have call successors, (63) [2022-02-20 18:01:48,661 INFO L74 IsIncluded]: Start isIncluded. First operand 404 states. Second operand has 404 states, 319 states have (on average 1.5924764890282133) internal successors, (508), 322 states have internal predecessors, (508), 62 states have call successors, (62), 21 states have call predecessors, (62), 22 states have return successors, (63), 60 states have call predecessors, (63), 61 states have call successors, (63) [2022-02-20 18:01:48,662 INFO L87 Difference]: Start difference. First operand 404 states. Second operand has 404 states, 319 states have (on average 1.5924764890282133) internal successors, (508), 322 states have internal predecessors, (508), 62 states have call successors, (62), 21 states have call predecessors, (62), 22 states have return successors, (63), 60 states have call predecessors, (63), 61 states have call successors, (63) [2022-02-20 18:01:48,674 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:48,675 INFO L93 Difference]: Finished difference Result 404 states and 633 transitions. [2022-02-20 18:01:48,675 INFO L276 IsEmpty]: Start isEmpty. Operand 404 states and 633 transitions. [2022-02-20 18:01:48,676 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:48,676 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:48,678 INFO L74 IsIncluded]: Start isIncluded. First operand has 404 states, 319 states have (on average 1.5924764890282133) internal successors, (508), 322 states have internal predecessors, (508), 62 states have call successors, (62), 21 states have call predecessors, (62), 22 states have return successors, (63), 60 states have call predecessors, (63), 61 states have call successors, (63) Second operand 404 states. [2022-02-20 18:01:48,679 INFO L87 Difference]: Start difference. First operand has 404 states, 319 states have (on average 1.5924764890282133) internal successors, (508), 322 states have internal predecessors, (508), 62 states have call successors, (62), 21 states have call predecessors, (62), 22 states have return successors, (63), 60 states have call predecessors, (63), 61 states have call successors, (63) Second operand 404 states. [2022-02-20 18:01:48,690 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:48,690 INFO L93 Difference]: Finished difference Result 404 states and 633 transitions. [2022-02-20 18:01:48,690 INFO L276 IsEmpty]: Start isEmpty. Operand 404 states and 633 transitions. [2022-02-20 18:01:48,691 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:48,691 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:48,691 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:48,692 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:48,693 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 404 states, 319 states have (on average 1.5924764890282133) internal successors, (508), 322 states have internal predecessors, (508), 62 states have call successors, (62), 21 states have call predecessors, (62), 22 states have return successors, (63), 60 states have call predecessors, (63), 61 states have call successors, (63) [2022-02-20 18:01:48,705 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 404 states to 404 states and 633 transitions. [2022-02-20 18:01:48,706 INFO L78 Accepts]: Start accepts. Automaton has 404 states and 633 transitions. Word has length 103 [2022-02-20 18:01:48,706 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:48,706 INFO L470 AbstractCegarLoop]: Abstraction has 404 states and 633 transitions. [2022-02-20 18:01:48,706 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:48,706 INFO L276 IsEmpty]: Start isEmpty. Operand 404 states and 633 transitions. [2022-02-20 18:01:48,708 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 105 [2022-02-20 18:01:48,708 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:48,708 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:48,731 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:48,926 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:48,927 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:48,927 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:48,927 INFO L85 PathProgramCache]: Analyzing trace with hash 1244565440, now seen corresponding path program 1 times [2022-02-20 18:01:48,927 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:48,927 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [154507324] [2022-02-20 18:01:48,927 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:48,927 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:48,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:48,975 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:48,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:48,978 INFO L290 TraceCheckUtils]: 0: Hoare triple {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:48,978 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:48,978 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:48,978 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10228#true} #1094#return; {10228#true} is VALID [2022-02-20 18:01:48,984 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:48,985 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:48,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:48,992 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:48,992 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:48,992 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10228#true} #1096#return; {10228#true} is VALID [2022-02-20 18:01:48,992 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:48,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,006 INFO L290 TraceCheckUtils]: 0: Hoare triple {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10282#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,007 INFO L290 TraceCheckUtils]: 1: Hoare triple {10282#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10282#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,007 INFO L290 TraceCheckUtils]: 2: Hoare triple {10282#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10283#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,008 INFO L290 TraceCheckUtils]: 3: Hoare triple {10283#(= 2 |setClientId_#in~handle|)} assume true; {10283#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,008 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10283#(= 2 |setClientId_#in~handle|)} {10238#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1098#return; {10244#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:49,008 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:49,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10284#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:49,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {10284#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10285#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:49,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {10285#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10285#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:49,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10285#(= |setClientPrivateKey_#in~handle| 1)} {10244#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1100#return; {10229#false} is VALID [2022-02-20 18:01:49,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:01:49,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,030 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,031 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10229#false} #1102#return; {10229#false} is VALID [2022-02-20 18:01:49,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:01:49,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,034 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10229#false} #1104#return; {10229#false} is VALID [2022-02-20 18:01:49,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:01:49,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {10286#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,045 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10229#false} #1066#return; {10229#false} is VALID [2022-02-20 18:01:49,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:01:49,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,071 INFO L290 TraceCheckUtils]: 0: Hoare triple {10287#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,071 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,071 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,071 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10229#false} #1068#return; {10229#false} is VALID [2022-02-20 18:01:49,071 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:01:49,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {10228#true} ~handle := #in~handle;havoc ~retValue_acc~7; {10228#true} is VALID [2022-02-20 18:01:49,073 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {10228#true} is VALID [2022-02-20 18:01:49,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,073 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10229#false} #1048#return; {10229#false} is VALID [2022-02-20 18:01:49,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:01:49,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,075 INFO L290 TraceCheckUtils]: 0: Hoare triple {10286#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,075 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,075 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10229#false} #1072#return; {10229#false} is VALID [2022-02-20 18:01:49,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:01:49,076 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,077 INFO L290 TraceCheckUtils]: 0: Hoare triple {10228#true} ~handle := #in~handle;havoc ~retValue_acc~24; {10228#true} is VALID [2022-02-20 18:01:49,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {10228#true} is VALID [2022-02-20 18:01:49,077 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,077 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10228#true} {10229#false} #1074#return; {10229#false} is VALID [2022-02-20 18:01:49,078 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:01:49,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {10228#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {10228#true} is VALID [2022-02-20 18:01:49,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,079 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {10228#true} {10229#false} #1076#return; {10229#false} is VALID [2022-02-20 18:01:49,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {10228#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {10228#true} is VALID [2022-02-20 18:01:49,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {10228#true} is VALID [2022-02-20 18:01:49,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10228#true} is VALID [2022-02-20 18:01:49,081 INFO L290 TraceCheckUtils]: 3: Hoare triple {10228#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {10228#true} is VALID [2022-02-20 18:01:49,081 INFO L290 TraceCheckUtils]: 4: Hoare triple {10228#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {10228#true} is VALID [2022-02-20 18:01:49,081 INFO L290 TraceCheckUtils]: 5: Hoare triple {10228#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10228#true} is VALID [2022-02-20 18:01:49,081 INFO L272 TraceCheckUtils]: 6: Hoare triple {10228#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:49,081 INFO L290 TraceCheckUtils]: 7: Hoare triple {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,082 INFO L290 TraceCheckUtils]: 8: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,082 INFO L290 TraceCheckUtils]: 9: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,082 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10228#true} {10228#true} #1094#return; {10228#true} is VALID [2022-02-20 18:01:49,082 INFO L290 TraceCheckUtils]: 11: Hoare triple {10228#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10228#true} is VALID [2022-02-20 18:01:49,082 INFO L272 TraceCheckUtils]: 12: Hoare triple {10228#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:49,082 INFO L290 TraceCheckUtils]: 13: Hoare triple {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,082 INFO L290 TraceCheckUtils]: 14: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,082 INFO L290 TraceCheckUtils]: 15: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,082 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10228#true} {10228#true} #1096#return; {10228#true} is VALID [2022-02-20 18:01:49,083 INFO L290 TraceCheckUtils]: 17: Hoare triple {10228#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10238#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:01:49,083 INFO L272 TraceCheckUtils]: 18: Hoare triple {10238#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:49,084 INFO L290 TraceCheckUtils]: 19: Hoare triple {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10282#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,084 INFO L290 TraceCheckUtils]: 20: Hoare triple {10282#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10282#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,084 INFO L290 TraceCheckUtils]: 21: Hoare triple {10282#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10283#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,084 INFO L290 TraceCheckUtils]: 22: Hoare triple {10283#(= 2 |setClientId_#in~handle|)} assume true; {10283#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:49,085 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10283#(= 2 |setClientId_#in~handle|)} {10238#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1098#return; {10244#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:49,085 INFO L290 TraceCheckUtils]: 24: Hoare triple {10244#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {10244#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:01:49,086 INFO L272 TraceCheckUtils]: 25: Hoare triple {10244#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:49,086 INFO L290 TraceCheckUtils]: 26: Hoare triple {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10284#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:01:49,086 INFO L290 TraceCheckUtils]: 27: Hoare triple {10284#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10285#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:49,086 INFO L290 TraceCheckUtils]: 28: Hoare triple {10285#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10285#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:49,087 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10285#(= |setClientPrivateKey_#in~handle| 1)} {10244#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1100#return; {10229#false} is VALID [2022-02-20 18:01:49,087 INFO L290 TraceCheckUtils]: 30: Hoare triple {10229#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10229#false} is VALID [2022-02-20 18:01:49,087 INFO L272 TraceCheckUtils]: 31: Hoare triple {10229#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:49,087 INFO L290 TraceCheckUtils]: 32: Hoare triple {10280#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,087 INFO L290 TraceCheckUtils]: 33: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,087 INFO L290 TraceCheckUtils]: 34: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,087 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10228#true} {10229#false} #1102#return; {10229#false} is VALID [2022-02-20 18:01:49,087 INFO L290 TraceCheckUtils]: 36: Hoare triple {10229#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10229#false} is VALID [2022-02-20 18:01:49,087 INFO L272 TraceCheckUtils]: 37: Hoare triple {10229#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:49,087 INFO L290 TraceCheckUtils]: 38: Hoare triple {10281#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,087 INFO L290 TraceCheckUtils]: 39: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,087 INFO L290 TraceCheckUtils]: 40: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,087 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10228#true} {10229#false} #1104#return; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 42: Hoare triple {10229#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 43: Hoare triple {10229#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 44: Hoare triple {10229#false} assume !false; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 45: Hoare triple {10229#false} assume test_~splverifierCounter~0#1 < 4; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 46: Hoare triple {10229#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 47: Hoare triple {10229#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 48: Hoare triple {10229#false} assume !(0 != test_~tmp___9~0#1); {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 49: Hoare triple {10229#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 50: Hoare triple {10229#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 51: Hoare triple {10229#false} assume !false; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 52: Hoare triple {10229#false} assume !(test_~splverifierCounter~0#1 < 4); {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 53: Hoare triple {10229#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L272 TraceCheckUtils]: 54: Hoare triple {10229#false} call sendEmail(~bob~0, ~rjh~0); {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 55: Hoare triple {10229#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10229#false} is VALID [2022-02-20 18:01:49,088 INFO L272 TraceCheckUtils]: 56: Hoare triple {10229#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10286#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 57: Hoare triple {10286#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,088 INFO L290 TraceCheckUtils]: 58: Hoare triple {10228#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 59: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,089 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {10228#true} {10229#false} #1066#return; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L272 TraceCheckUtils]: 61: Hoare triple {10229#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10287#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 62: Hoare triple {10287#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 63: Hoare triple {10228#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 64: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,089 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {10228#true} {10229#false} #1068#return; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 66: Hoare triple {10229#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 67: Hoare triple {10229#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L272 TraceCheckUtils]: 68: Hoare triple {10229#false} call outgoing(~sender#1, ~email~0#1); {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 69: Hoare triple {10229#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 70: Hoare triple {10229#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 71: Hoare triple {10229#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 72: Hoare triple {10229#false} assume 0 == sign_~privkey~0#1; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 73: Hoare triple {10229#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {10229#false} is VALID [2022-02-20 18:01:49,089 INFO L272 TraceCheckUtils]: 74: Hoare triple {10229#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {10228#true} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 75: Hoare triple {10228#true} ~handle := #in~handle;havoc ~retValue_acc~7; {10228#true} is VALID [2022-02-20 18:01:49,089 INFO L290 TraceCheckUtils]: 76: Hoare triple {10228#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {10228#true} is VALID [2022-02-20 18:01:49,090 INFO L290 TraceCheckUtils]: 77: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,090 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {10228#true} {10229#false} #1048#return; {10229#false} is VALID [2022-02-20 18:01:49,090 INFO L290 TraceCheckUtils]: 79: Hoare triple {10229#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {10229#false} is VALID [2022-02-20 18:01:49,103 INFO L290 TraceCheckUtils]: 80: Hoare triple {10229#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {10229#false} is VALID [2022-02-20 18:01:49,103 INFO L272 TraceCheckUtils]: 81: Hoare triple {10229#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {10229#false} is VALID [2022-02-20 18:01:49,103 INFO L290 TraceCheckUtils]: 82: Hoare triple {10229#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {10229#false} is VALID [2022-02-20 18:01:49,103 INFO L290 TraceCheckUtils]: 83: Hoare triple {10229#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {10229#false} is VALID [2022-02-20 18:01:49,103 INFO L290 TraceCheckUtils]: 84: Hoare triple {10229#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {10229#false} is VALID [2022-02-20 18:01:49,103 INFO L272 TraceCheckUtils]: 85: Hoare triple {10229#false} call setEmailFrom(~msg#1, ~tmp~14#1); {10286#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:49,103 INFO L290 TraceCheckUtils]: 86: Hoare triple {10286#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,103 INFO L290 TraceCheckUtils]: 87: Hoare triple {10228#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 88: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {10228#true} {10229#false} #1072#return; {10229#false} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 90: Hoare triple {10229#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {10229#false} is VALID [2022-02-20 18:01:49,104 INFO L272 TraceCheckUtils]: 91: Hoare triple {10229#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 92: Hoare triple {10228#true} ~handle := #in~handle;havoc ~retValue_acc~24; {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 93: Hoare triple {10228#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 94: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {10228#true} {10229#false} #1074#return; {10229#false} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 96: Hoare triple {10229#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {10229#false} is VALID [2022-02-20 18:01:49,104 INFO L272 TraceCheckUtils]: 97: Hoare triple {10229#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 98: Hoare triple {10228#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 99: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,104 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {10228#true} {10229#false} #1076#return; {10229#false} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 101: Hoare triple {10229#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {10229#false} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 102: Hoare triple {10229#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {10229#false} is VALID [2022-02-20 18:01:49,104 INFO L290 TraceCheckUtils]: 103: Hoare triple {10229#false} assume !false; {10229#false} is VALID [2022-02-20 18:01:49,105 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:01:49,105 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:49,105 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [154507324] [2022-02-20 18:01:49,105 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [154507324] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:49,105 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [414544954] [2022-02-20 18:01:49,105 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:49,105 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:49,105 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:49,106 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:49,131 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:01:49,388 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,407 INFO L263 TraceCheckSpWp]: Trace formula consists of 1012 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:01:49,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:49,450 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 0: Hoare triple {10228#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 1: Hoare triple {10228#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 2: Hoare triple {10228#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 3: Hoare triple {10228#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 4: Hoare triple {10228#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 5: Hoare triple {10228#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L272 TraceCheckUtils]: 6: Hoare triple {10228#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 7: Hoare triple {10228#true} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 8: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L290 TraceCheckUtils]: 9: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,668 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10228#true} {10228#true} #1094#return; {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L290 TraceCheckUtils]: 11: Hoare triple {10228#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L272 TraceCheckUtils]: 12: Hoare triple {10228#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L290 TraceCheckUtils]: 13: Hoare triple {10228#true} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L290 TraceCheckUtils]: 14: Hoare triple {10228#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L290 TraceCheckUtils]: 15: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10228#true} {10228#true} #1096#return; {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L290 TraceCheckUtils]: 17: Hoare triple {10228#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10342#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:49,669 INFO L272 TraceCheckUtils]: 18: Hoare triple {10342#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L290 TraceCheckUtils]: 19: Hoare triple {10228#true} ~handle := #in~handle;~value := #in~value; {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L290 TraceCheckUtils]: 20: Hoare triple {10228#true} assume !(1 == ~handle); {10228#true} is VALID [2022-02-20 18:01:49,669 INFO L290 TraceCheckUtils]: 21: Hoare triple {10228#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10228#true} is VALID [2022-02-20 18:01:49,670 INFO L290 TraceCheckUtils]: 22: Hoare triple {10228#true} assume true; {10228#true} is VALID [2022-02-20 18:01:49,670 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10228#true} {10342#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1098#return; {10342#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:49,670 INFO L290 TraceCheckUtils]: 24: Hoare triple {10342#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {10342#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:01:49,670 INFO L272 TraceCheckUtils]: 25: Hoare triple {10342#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10228#true} is VALID [2022-02-20 18:01:49,671 INFO L290 TraceCheckUtils]: 26: Hoare triple {10228#true} ~handle := #in~handle;~value := #in~value; {10370#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:01:49,671 INFO L290 TraceCheckUtils]: 27: Hoare triple {10370#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10374#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:49,671 INFO L290 TraceCheckUtils]: 28: Hoare triple {10374#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {10374#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:01:49,672 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10374#(<= |setClientPrivateKey_#in~handle| 1)} {10342#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1100#return; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 30: Hoare triple {10229#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L272 TraceCheckUtils]: 31: Hoare triple {10229#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 32: Hoare triple {10229#false} ~handle := #in~handle;~value := #in~value; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 33: Hoare triple {10229#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 34: Hoare triple {10229#false} assume true; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10229#false} {10229#false} #1102#return; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 36: Hoare triple {10229#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L272 TraceCheckUtils]: 37: Hoare triple {10229#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 38: Hoare triple {10229#false} ~handle := #in~handle;~value := #in~value; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 39: Hoare triple {10229#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 40: Hoare triple {10229#false} assume true; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10229#false} {10229#false} #1104#return; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 42: Hoare triple {10229#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {10229#false} is VALID [2022-02-20 18:01:49,672 INFO L290 TraceCheckUtils]: 43: Hoare triple {10229#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 44: Hoare triple {10229#false} assume !false; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 45: Hoare triple {10229#false} assume test_~splverifierCounter~0#1 < 4; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 46: Hoare triple {10229#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 47: Hoare triple {10229#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 48: Hoare triple {10229#false} assume !(0 != test_~tmp___9~0#1); {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 49: Hoare triple {10229#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 50: Hoare triple {10229#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 51: Hoare triple {10229#false} assume !false; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 52: Hoare triple {10229#false} assume !(test_~splverifierCounter~0#1 < 4); {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 53: Hoare triple {10229#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L272 TraceCheckUtils]: 54: Hoare triple {10229#false} call sendEmail(~bob~0, ~rjh~0); {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 55: Hoare triple {10229#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L272 TraceCheckUtils]: 56: Hoare triple {10229#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 57: Hoare triple {10229#false} ~handle := #in~handle;~value := #in~value; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 58: Hoare triple {10229#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L290 TraceCheckUtils]: 59: Hoare triple {10229#false} assume true; {10229#false} is VALID [2022-02-20 18:01:49,673 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {10229#false} {10229#false} #1066#return; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L272 TraceCheckUtils]: 61: Hoare triple {10229#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 62: Hoare triple {10229#false} ~handle := #in~handle;~value := #in~value; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 63: Hoare triple {10229#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 64: Hoare triple {10229#false} assume true; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {10229#false} {10229#false} #1068#return; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 66: Hoare triple {10229#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 67: Hoare triple {10229#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L272 TraceCheckUtils]: 68: Hoare triple {10229#false} call outgoing(~sender#1, ~email~0#1); {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 69: Hoare triple {10229#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 70: Hoare triple {10229#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 71: Hoare triple {10229#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 72: Hoare triple {10229#false} assume 0 == sign_~privkey~0#1; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 73: Hoare triple {10229#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L272 TraceCheckUtils]: 74: Hoare triple {10229#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 75: Hoare triple {10229#false} ~handle := #in~handle;havoc ~retValue_acc~7; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 76: Hoare triple {10229#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {10229#false} is VALID [2022-02-20 18:01:49,674 INFO L290 TraceCheckUtils]: 77: Hoare triple {10229#false} assume true; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {10229#false} {10229#false} #1048#return; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 79: Hoare triple {10229#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 80: Hoare triple {10229#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L272 TraceCheckUtils]: 81: Hoare triple {10229#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 82: Hoare triple {10229#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 83: Hoare triple {10229#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 84: Hoare triple {10229#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L272 TraceCheckUtils]: 85: Hoare triple {10229#false} call setEmailFrom(~msg#1, ~tmp~14#1); {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 86: Hoare triple {10229#false} ~handle := #in~handle;~value := #in~value; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 87: Hoare triple {10229#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 88: Hoare triple {10229#false} assume true; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {10229#false} {10229#false} #1072#return; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 90: Hoare triple {10229#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L272 TraceCheckUtils]: 91: Hoare triple {10229#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 92: Hoare triple {10229#false} ~handle := #in~handle;havoc ~retValue_acc~24; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 93: Hoare triple {10229#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {10229#false} is VALID [2022-02-20 18:01:49,675 INFO L290 TraceCheckUtils]: 94: Hoare triple {10229#false} assume true; {10229#false} is VALID [2022-02-20 18:01:49,676 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {10229#false} {10229#false} #1074#return; {10229#false} is VALID [2022-02-20 18:01:49,691 INFO L290 TraceCheckUtils]: 96: Hoare triple {10229#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {10229#false} is VALID [2022-02-20 18:01:49,691 INFO L272 TraceCheckUtils]: 97: Hoare triple {10229#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {10229#false} is VALID [2022-02-20 18:01:49,691 INFO L290 TraceCheckUtils]: 98: Hoare triple {10229#false} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {10229#false} is VALID [2022-02-20 18:01:49,691 INFO L290 TraceCheckUtils]: 99: Hoare triple {10229#false} assume true; {10229#false} is VALID [2022-02-20 18:01:49,691 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {10229#false} {10229#false} #1076#return; {10229#false} is VALID [2022-02-20 18:01:49,691 INFO L290 TraceCheckUtils]: 101: Hoare triple {10229#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {10229#false} is VALID [2022-02-20 18:01:49,691 INFO L290 TraceCheckUtils]: 102: Hoare triple {10229#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {10229#false} is VALID [2022-02-20 18:01:49,691 INFO L290 TraceCheckUtils]: 103: Hoare triple {10229#false} assume !false; {10229#false} is VALID [2022-02-20 18:01:49,692 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:01:49,692 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:49,707 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [414544954] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:49,707 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:49,707 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:01:49,707 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1787668169] [2022-02-20 18:01:49,708 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:49,709 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 104 [2022-02-20 18:01:49,709 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:49,709 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:49,754 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:49,754 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:01:49,754 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:49,755 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:01:49,755 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:01:49,755 INFO L87 Difference]: Start difference. First operand 404 states and 633 transitions. Second operand has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:50,478 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:50,478 INFO L93 Difference]: Finished difference Result 797 states and 1255 transitions. [2022-02-20 18:01:50,478 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:01:50,478 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 104 [2022-02-20 18:01:50,478 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:50,479 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:50,501 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1027 transitions. [2022-02-20 18:01:50,501 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:50,508 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1027 transitions. [2022-02-20 18:01:50,508 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1027 transitions. [2022-02-20 18:01:50,906 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1027 edges. 1027 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:50,917 INFO L225 Difference]: With dead ends: 797 [2022-02-20 18:01:50,917 INFO L226 Difference]: Without dead ends: 406 [2022-02-20 18:01:50,918 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 120 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:01:50,920 INFO L933 BasicCegarLoop]: 508 mSDtfsCounter, 143 mSDsluCounter, 1355 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 166 SdHoareTripleChecker+Valid, 1863 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:50,920 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [166 Valid, 1863 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:50,925 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 406 states. [2022-02-20 18:01:51,005 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 406 to 406. [2022-02-20 18:01:51,005 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:51,006 INFO L82 GeneralOperation]: Start isEquivalent. First operand 406 states. Second operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) [2022-02-20 18:01:51,008 INFO L74 IsIncluded]: Start isIncluded. First operand 406 states. Second operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) [2022-02-20 18:01:51,009 INFO L87 Difference]: Start difference. First operand 406 states. Second operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) [2022-02-20 18:01:51,039 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:51,039 INFO L93 Difference]: Finished difference Result 406 states and 639 transitions. [2022-02-20 18:01:51,039 INFO L276 IsEmpty]: Start isEmpty. Operand 406 states and 639 transitions. [2022-02-20 18:01:51,041 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:51,041 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:51,042 INFO L74 IsIncluded]: Start isIncluded. First operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) Second operand 406 states. [2022-02-20 18:01:51,042 INFO L87 Difference]: Start difference. First operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) Second operand 406 states. [2022-02-20 18:01:51,053 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:51,053 INFO L93 Difference]: Finished difference Result 406 states and 639 transitions. [2022-02-20 18:01:51,053 INFO L276 IsEmpty]: Start isEmpty. Operand 406 states and 639 transitions. [2022-02-20 18:01:51,054 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:51,054 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:51,054 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:51,054 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:51,074 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) [2022-02-20 18:01:51,103 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 406 states to 406 states and 639 transitions. [2022-02-20 18:01:51,103 INFO L78 Accepts]: Start accepts. Automaton has 406 states and 639 transitions. Word has length 104 [2022-02-20 18:01:51,103 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:51,105 INFO L470 AbstractCegarLoop]: Abstraction has 406 states and 639 transitions. [2022-02-20 18:01:51,105 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:51,106 INFO L276 IsEmpty]: Start isEmpty. Operand 406 states and 639 transitions. [2022-02-20 18:01:51,119 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2022-02-20 18:01:51,119 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:51,120 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:51,152 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:51,348 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:51,349 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:51,349 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:51,349 INFO L85 PathProgramCache]: Analyzing trace with hash 904075134, now seen corresponding path program 1 times [2022-02-20 18:01:51,349 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:51,349 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1431504500] [2022-02-20 18:01:51,349 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:51,349 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:51,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:51,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,419 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,419 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13074#true} {13074#true} #1094#return; {13074#true} is VALID [2022-02-20 18:01:51,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:51,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,434 INFO L290 TraceCheckUtils]: 0: Hoare triple {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,434 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13074#true} {13074#true} #1096#return; {13074#true} is VALID [2022-02-20 18:01:51,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:51,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume !(1 == ~handle); {13074#true} is VALID [2022-02-20 18:01:51,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,437 INFO L290 TraceCheckUtils]: 3: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,437 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13074#true} {13074#true} #1098#return; {13074#true} is VALID [2022-02-20 18:01:51,437 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:51,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,445 INFO L290 TraceCheckUtils]: 0: Hoare triple {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,445 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume !(1 == ~handle); {13074#true} is VALID [2022-02-20 18:01:51,445 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,445 INFO L290 TraceCheckUtils]: 3: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,445 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13074#true} {13074#true} #1100#return; {13074#true} is VALID [2022-02-20 18:01:51,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:51,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,469 INFO L290 TraceCheckUtils]: 0: Hoare triple {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13128#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:51,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {13128#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13129#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:51,470 INFO L290 TraceCheckUtils]: 2: Hoare triple {13129#(= |setClientId_#in~handle| 1)} assume true; {13129#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:51,471 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13129#(= |setClientId_#in~handle| 1)} {13094#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1102#return; {13075#false} is VALID [2022-02-20 18:01:51,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:01:51,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,474 INFO L290 TraceCheckUtils]: 0: Hoare triple {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,474 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,474 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,474 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13074#true} {13075#false} #1104#return; {13075#false} is VALID [2022-02-20 18:01:51,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:01:51,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,481 INFO L290 TraceCheckUtils]: 0: Hoare triple {13130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,482 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,482 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,482 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13074#true} {13075#false} #1066#return; {13075#false} is VALID [2022-02-20 18:01:51,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:01:51,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,489 INFO L290 TraceCheckUtils]: 0: Hoare triple {13131#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,490 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13074#true} {13075#false} #1068#return; {13075#false} is VALID [2022-02-20 18:01:51,490 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:51,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {13074#true} ~handle := #in~handle;havoc ~retValue_acc~7; {13074#true} is VALID [2022-02-20 18:01:51,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {13074#true} is VALID [2022-02-20 18:01:51,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13074#true} {13075#false} #1048#return; {13075#false} is VALID [2022-02-20 18:01:51,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:01:51,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,495 INFO L290 TraceCheckUtils]: 0: Hoare triple {13130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,495 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,495 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,495 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13074#true} {13075#false} #1072#return; {13075#false} is VALID [2022-02-20 18:01:51,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:01:51,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {13074#true} ~handle := #in~handle;havoc ~retValue_acc~24; {13074#true} is VALID [2022-02-20 18:01:51,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {13074#true} is VALID [2022-02-20 18:01:51,497 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,497 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13074#true} {13075#false} #1074#return; {13075#false} is VALID [2022-02-20 18:01:51,497 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:01:51,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:51,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {13074#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {13074#true} is VALID [2022-02-20 18:01:51,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,516 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13074#true} {13075#false} #1076#return; {13075#false} is VALID [2022-02-20 18:01:51,517 INFO L290 TraceCheckUtils]: 0: Hoare triple {13074#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {13074#true} is VALID [2022-02-20 18:01:51,517 INFO L290 TraceCheckUtils]: 1: Hoare triple {13074#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {13074#true} is VALID [2022-02-20 18:01:51,517 INFO L290 TraceCheckUtils]: 2: Hoare triple {13074#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13074#true} is VALID [2022-02-20 18:01:51,517 INFO L290 TraceCheckUtils]: 3: Hoare triple {13074#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {13074#true} is VALID [2022-02-20 18:01:51,517 INFO L290 TraceCheckUtils]: 4: Hoare triple {13074#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {13074#true} is VALID [2022-02-20 18:01:51,517 INFO L290 TraceCheckUtils]: 5: Hoare triple {13074#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13074#true} is VALID [2022-02-20 18:01:51,517 INFO L272 TraceCheckUtils]: 6: Hoare triple {13074#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:51,517 INFO L290 TraceCheckUtils]: 7: Hoare triple {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,517 INFO L290 TraceCheckUtils]: 8: Hoare triple {13074#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,518 INFO L290 TraceCheckUtils]: 9: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,518 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13074#true} {13074#true} #1094#return; {13074#true} is VALID [2022-02-20 18:01:51,518 INFO L290 TraceCheckUtils]: 11: Hoare triple {13074#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13074#true} is VALID [2022-02-20 18:01:51,518 INFO L272 TraceCheckUtils]: 12: Hoare triple {13074#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:51,518 INFO L290 TraceCheckUtils]: 13: Hoare triple {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,518 INFO L290 TraceCheckUtils]: 14: Hoare triple {13074#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,518 INFO L290 TraceCheckUtils]: 15: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,518 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13074#true} {13074#true} #1096#return; {13074#true} is VALID [2022-02-20 18:01:51,518 INFO L290 TraceCheckUtils]: 17: Hoare triple {13074#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13074#true} is VALID [2022-02-20 18:01:51,519 INFO L272 TraceCheckUtils]: 18: Hoare triple {13074#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:51,519 INFO L290 TraceCheckUtils]: 19: Hoare triple {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,519 INFO L290 TraceCheckUtils]: 20: Hoare triple {13074#true} assume !(1 == ~handle); {13074#true} is VALID [2022-02-20 18:01:51,519 INFO L290 TraceCheckUtils]: 21: Hoare triple {13074#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,519 INFO L290 TraceCheckUtils]: 22: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,519 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13074#true} {13074#true} #1098#return; {13074#true} is VALID [2022-02-20 18:01:51,519 INFO L290 TraceCheckUtils]: 24: Hoare triple {13074#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {13074#true} is VALID [2022-02-20 18:01:51,520 INFO L272 TraceCheckUtils]: 25: Hoare triple {13074#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:51,520 INFO L290 TraceCheckUtils]: 26: Hoare triple {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,520 INFO L290 TraceCheckUtils]: 27: Hoare triple {13074#true} assume !(1 == ~handle); {13074#true} is VALID [2022-02-20 18:01:51,520 INFO L290 TraceCheckUtils]: 28: Hoare triple {13074#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,520 INFO L290 TraceCheckUtils]: 29: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,520 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13074#true} {13074#true} #1100#return; {13074#true} is VALID [2022-02-20 18:01:51,520 INFO L290 TraceCheckUtils]: 31: Hoare triple {13074#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13094#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:51,521 INFO L272 TraceCheckUtils]: 32: Hoare triple {13094#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:51,521 INFO L290 TraceCheckUtils]: 33: Hoare triple {13126#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13128#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:51,521 INFO L290 TraceCheckUtils]: 34: Hoare triple {13128#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13129#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:51,521 INFO L290 TraceCheckUtils]: 35: Hoare triple {13129#(= |setClientId_#in~handle| 1)} assume true; {13129#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:51,522 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13129#(= |setClientId_#in~handle| 1)} {13094#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1102#return; {13075#false} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 37: Hoare triple {13075#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13075#false} is VALID [2022-02-20 18:01:51,522 INFO L272 TraceCheckUtils]: 38: Hoare triple {13075#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 39: Hoare triple {13127#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 40: Hoare triple {13074#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 41: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,522 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {13074#true} {13075#false} #1104#return; {13075#false} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 43: Hoare triple {13075#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {13075#false} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 44: Hoare triple {13075#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13075#false} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 45: Hoare triple {13075#false} assume !false; {13075#false} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 46: Hoare triple {13075#false} assume test_~splverifierCounter~0#1 < 4; {13075#false} is VALID [2022-02-20 18:01:51,522 INFO L290 TraceCheckUtils]: 47: Hoare triple {13075#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 48: Hoare triple {13075#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 49: Hoare triple {13075#false} assume !(0 != test_~tmp___9~0#1); {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 50: Hoare triple {13075#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 51: Hoare triple {13075#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 52: Hoare triple {13075#false} assume !false; {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 53: Hoare triple {13075#false} assume !(test_~splverifierCounter~0#1 < 4); {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 54: Hoare triple {13075#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L272 TraceCheckUtils]: 55: Hoare triple {13075#false} call sendEmail(~bob~0, ~rjh~0); {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 56: Hoare triple {13075#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L272 TraceCheckUtils]: 57: Hoare triple {13075#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 58: Hoare triple {13130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 59: Hoare triple {13074#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 60: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,523 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {13074#true} {13075#false} #1066#return; {13075#false} is VALID [2022-02-20 18:01:51,523 INFO L272 TraceCheckUtils]: 62: Hoare triple {13075#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13131#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 63: Hoare triple {13131#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,523 INFO L290 TraceCheckUtils]: 64: Hoare triple {13074#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 65: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,524 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {13074#true} {13075#false} #1068#return; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 67: Hoare triple {13075#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 68: Hoare triple {13075#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L272 TraceCheckUtils]: 69: Hoare triple {13075#false} call outgoing(~sender#1, ~email~0#1); {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 70: Hoare triple {13075#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 71: Hoare triple {13075#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 72: Hoare triple {13075#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 73: Hoare triple {13075#false} assume 0 == sign_~privkey~0#1; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 74: Hoare triple {13075#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L272 TraceCheckUtils]: 75: Hoare triple {13075#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {13074#true} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 76: Hoare triple {13074#true} ~handle := #in~handle;havoc ~retValue_acc~7; {13074#true} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 77: Hoare triple {13074#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {13074#true} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 78: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,524 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {13074#true} {13075#false} #1048#return; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 80: Hoare triple {13075#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L290 TraceCheckUtils]: 81: Hoare triple {13075#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {13075#false} is VALID [2022-02-20 18:01:51,524 INFO L272 TraceCheckUtils]: 82: Hoare triple {13075#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {13075#false} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 83: Hoare triple {13075#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {13075#false} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 84: Hoare triple {13075#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {13075#false} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 85: Hoare triple {13075#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {13075#false} is VALID [2022-02-20 18:01:51,525 INFO L272 TraceCheckUtils]: 86: Hoare triple {13075#false} call setEmailFrom(~msg#1, ~tmp~14#1); {13130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 87: Hoare triple {13130#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 88: Hoare triple {13074#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 89: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {13074#true} {13075#false} #1072#return; {13075#false} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 91: Hoare triple {13075#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {13075#false} is VALID [2022-02-20 18:01:51,525 INFO L272 TraceCheckUtils]: 92: Hoare triple {13075#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 93: Hoare triple {13074#true} ~handle := #in~handle;havoc ~retValue_acc~24; {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 94: Hoare triple {13074#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 95: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {13074#true} {13075#false} #1074#return; {13075#false} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 97: Hoare triple {13075#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {13075#false} is VALID [2022-02-20 18:01:51,525 INFO L272 TraceCheckUtils]: 98: Hoare triple {13075#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 99: Hoare triple {13074#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {13074#true} is VALID [2022-02-20 18:01:51,525 INFO L290 TraceCheckUtils]: 100: Hoare triple {13074#true} assume true; {13074#true} is VALID [2022-02-20 18:01:51,526 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {13074#true} {13075#false} #1076#return; {13075#false} is VALID [2022-02-20 18:01:51,526 INFO L290 TraceCheckUtils]: 102: Hoare triple {13075#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {13075#false} is VALID [2022-02-20 18:01:51,526 INFO L290 TraceCheckUtils]: 103: Hoare triple {13075#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {13075#false} is VALID [2022-02-20 18:01:51,526 INFO L290 TraceCheckUtils]: 104: Hoare triple {13075#false} assume !false; {13075#false} is VALID [2022-02-20 18:01:51,526 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:01:51,526 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:51,526 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1431504500] [2022-02-20 18:01:51,526 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1431504500] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:51,526 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:51,526 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:01:51,526 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1221533914] [2022-02-20 18:01:51,526 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:51,527 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 105 [2022-02-20 18:01:51,527 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:51,527 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:51,571 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 94 edges. 94 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:51,571 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:01:51,571 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:51,571 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:01:51,571 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:51,572 INFO L87 Difference]: Start difference. First operand 406 states and 639 transitions. Second operand has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:55,716 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:55,716 INFO L93 Difference]: Finished difference Result 881 states and 1407 transitions. [2022-02-20 18:01:55,716 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:01:55,717 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 105 [2022-02-20 18:01:55,717 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:55,717 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:55,726 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1171 transitions. [2022-02-20 18:01:55,726 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:55,752 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1171 transitions. [2022-02-20 18:01:55,752 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1171 transitions. [2022-02-20 18:01:56,397 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1171 edges. 1171 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:56,428 INFO L225 Difference]: With dead ends: 881 [2022-02-20 18:01:56,428 INFO L226 Difference]: Without dead ends: 498 [2022-02-20 18:01:56,429 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:01:56,430 INFO L933 BasicCegarLoop]: 565 mSDtfsCounter, 1258 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 1755 mSolverCounterSat, 391 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1279 SdHoareTripleChecker+Valid, 1503 SdHoareTripleChecker+Invalid, 2146 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 391 IncrementalHoareTripleChecker+Valid, 1755 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:56,430 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1279 Valid, 1503 Invalid, 2146 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [391 Valid, 1755 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-02-20 18:01:56,431 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 498 states. [2022-02-20 18:01:56,497 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 498 to 406. [2022-02-20 18:01:56,497 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:56,498 INFO L82 GeneralOperation]: Start isEquivalent. First operand 498 states. Second operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (67), 60 states have call predecessors, (67), 61 states have call successors, (67) [2022-02-20 18:01:56,499 INFO L74 IsIncluded]: Start isIncluded. First operand 498 states. Second operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (67), 60 states have call predecessors, (67), 61 states have call successors, (67) [2022-02-20 18:01:56,499 INFO L87 Difference]: Start difference. First operand 498 states. Second operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (67), 60 states have call predecessors, (67), 61 states have call successors, (67) [2022-02-20 18:01:56,527 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:56,527 INFO L93 Difference]: Finished difference Result 498 states and 799 transitions. [2022-02-20 18:01:56,527 INFO L276 IsEmpty]: Start isEmpty. Operand 498 states and 799 transitions. [2022-02-20 18:01:56,529 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:56,529 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:56,530 INFO L74 IsIncluded]: Start isIncluded. First operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (67), 60 states have call predecessors, (67), 61 states have call successors, (67) Second operand 498 states. [2022-02-20 18:01:56,531 INFO L87 Difference]: Start difference. First operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (67), 60 states have call predecessors, (67), 61 states have call successors, (67) Second operand 498 states. [2022-02-20 18:01:56,559 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:56,559 INFO L93 Difference]: Finished difference Result 498 states and 799 transitions. [2022-02-20 18:01:56,559 INFO L276 IsEmpty]: Start isEmpty. Operand 498 states and 799 transitions. [2022-02-20 18:01:56,561 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:56,561 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:56,561 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:56,561 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:56,562 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 406 states, 320 states have (on average 1.590625) internal successors, (509), 324 states have internal predecessors, (509), 62 states have call successors, (62), 21 states have call predecessors, (62), 23 states have return successors, (67), 60 states have call predecessors, (67), 61 states have call successors, (67) [2022-02-20 18:01:56,590 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 406 states to 406 states and 638 transitions. [2022-02-20 18:01:56,590 INFO L78 Accepts]: Start accepts. Automaton has 406 states and 638 transitions. Word has length 105 [2022-02-20 18:01:56,591 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:56,591 INFO L470 AbstractCegarLoop]: Abstraction has 406 states and 638 transitions. [2022-02-20 18:01:56,591 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:56,591 INFO L276 IsEmpty]: Start isEmpty. Operand 406 states and 638 transitions. [2022-02-20 18:01:56,592 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 107 [2022-02-20 18:01:56,592 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:56,592 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:56,592 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:01:56,593 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:56,593 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:56,593 INFO L85 PathProgramCache]: Analyzing trace with hash -232989553, now seen corresponding path program 2 times [2022-02-20 18:01:56,593 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:56,593 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1090685536] [2022-02-20 18:01:56,593 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:56,593 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:56,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,645 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:56,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,648 INFO L290 TraceCheckUtils]: 0: Hoare triple {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,648 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,648 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,648 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15926#true} {15926#true} #1094#return; {15926#true} is VALID [2022-02-20 18:01:56,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:56,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,657 INFO L290 TraceCheckUtils]: 0: Hoare triple {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,657 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15926#true} {15926#true} #1096#return; {15926#true} is VALID [2022-02-20 18:01:56,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:56,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume !(1 == ~handle); {15926#true} is VALID [2022-02-20 18:01:56,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,661 INFO L290 TraceCheckUtils]: 3: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,661 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15926#true} {15926#true} #1098#return; {15926#true} is VALID [2022-02-20 18:01:56,662 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:01:56,663 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,665 INFO L290 TraceCheckUtils]: 0: Hoare triple {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,665 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume !(1 == ~handle); {15926#true} is VALID [2022-02-20 18:01:56,665 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,666 INFO L290 TraceCheckUtils]: 3: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,666 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15926#true} {15926#true} #1100#return; {15926#true} is VALID [2022-02-20 18:01:56,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:01:56,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,681 INFO L290 TraceCheckUtils]: 0: Hoare triple {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15981#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:56,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {15981#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15981#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:56,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {15981#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15982#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:56,682 INFO L290 TraceCheckUtils]: 3: Hoare triple {15982#(= 2 |setClientId_#in~handle|)} assume true; {15982#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:56,683 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15982#(= 2 |setClientId_#in~handle|)} {15946#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1102#return; {15927#false} is VALID [2022-02-20 18:01:56,683 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:01:56,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,686 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,698 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15926#true} {15927#false} #1104#return; {15927#false} is VALID [2022-02-20 18:01:56,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:01:56,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,716 INFO L290 TraceCheckUtils]: 0: Hoare triple {15983#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,717 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,717 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15926#true} {15927#false} #1066#return; {15927#false} is VALID [2022-02-20 18:01:56,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:01:56,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,723 INFO L290 TraceCheckUtils]: 0: Hoare triple {15984#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,723 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,724 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,724 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15926#true} {15927#false} #1068#return; {15927#false} is VALID [2022-02-20 18:01:56,724 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:01:56,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,726 INFO L290 TraceCheckUtils]: 0: Hoare triple {15926#true} ~handle := #in~handle;havoc ~retValue_acc~7; {15926#true} is VALID [2022-02-20 18:01:56,726 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {15926#true} is VALID [2022-02-20 18:01:56,726 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,726 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15926#true} {15927#false} #1048#return; {15927#false} is VALID [2022-02-20 18:01:56,726 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:01:56,727 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,744 INFO L290 TraceCheckUtils]: 0: Hoare triple {15983#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,744 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15926#true} {15927#false} #1072#return; {15927#false} is VALID [2022-02-20 18:01:56,744 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:01:56,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,746 INFO L290 TraceCheckUtils]: 0: Hoare triple {15926#true} ~handle := #in~handle;havoc ~retValue_acc~24; {15926#true} is VALID [2022-02-20 18:01:56,746 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {15926#true} is VALID [2022-02-20 18:01:56,746 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,746 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15926#true} {15927#false} #1074#return; {15927#false} is VALID [2022-02-20 18:01:56,747 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:01:56,747 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:56,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {15926#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {15926#true} is VALID [2022-02-20 18:01:56,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,748 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {15926#true} {15927#false} #1076#return; {15927#false} is VALID [2022-02-20 18:01:56,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {15926#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {15926#true} is VALID [2022-02-20 18:01:56,749 INFO L290 TraceCheckUtils]: 1: Hoare triple {15926#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {15926#true} is VALID [2022-02-20 18:01:56,749 INFO L290 TraceCheckUtils]: 2: Hoare triple {15926#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15926#true} is VALID [2022-02-20 18:01:56,749 INFO L290 TraceCheckUtils]: 3: Hoare triple {15926#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {15926#true} is VALID [2022-02-20 18:01:56,749 INFO L290 TraceCheckUtils]: 4: Hoare triple {15926#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {15926#true} is VALID [2022-02-20 18:01:56,749 INFO L290 TraceCheckUtils]: 5: Hoare triple {15926#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15926#true} is VALID [2022-02-20 18:01:56,749 INFO L272 TraceCheckUtils]: 6: Hoare triple {15926#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,750 INFO L290 TraceCheckUtils]: 7: Hoare triple {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,750 INFO L290 TraceCheckUtils]: 8: Hoare triple {15926#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,750 INFO L290 TraceCheckUtils]: 9: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,750 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15926#true} {15926#true} #1094#return; {15926#true} is VALID [2022-02-20 18:01:56,750 INFO L290 TraceCheckUtils]: 11: Hoare triple {15926#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15926#true} is VALID [2022-02-20 18:01:56,750 INFO L272 TraceCheckUtils]: 12: Hoare triple {15926#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:56,751 INFO L290 TraceCheckUtils]: 13: Hoare triple {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,751 INFO L290 TraceCheckUtils]: 14: Hoare triple {15926#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,751 INFO L290 TraceCheckUtils]: 15: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,751 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15926#true} {15926#true} #1096#return; {15926#true} is VALID [2022-02-20 18:01:56,751 INFO L290 TraceCheckUtils]: 17: Hoare triple {15926#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15926#true} is VALID [2022-02-20 18:01:56,751 INFO L272 TraceCheckUtils]: 18: Hoare triple {15926#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,752 INFO L290 TraceCheckUtils]: 19: Hoare triple {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,752 INFO L290 TraceCheckUtils]: 20: Hoare triple {15926#true} assume !(1 == ~handle); {15926#true} is VALID [2022-02-20 18:01:56,752 INFO L290 TraceCheckUtils]: 21: Hoare triple {15926#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,752 INFO L290 TraceCheckUtils]: 22: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,752 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15926#true} {15926#true} #1098#return; {15926#true} is VALID [2022-02-20 18:01:56,752 INFO L290 TraceCheckUtils]: 24: Hoare triple {15926#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15926#true} is VALID [2022-02-20 18:01:56,753 INFO L272 TraceCheckUtils]: 25: Hoare triple {15926#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:56,753 INFO L290 TraceCheckUtils]: 26: Hoare triple {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,753 INFO L290 TraceCheckUtils]: 27: Hoare triple {15926#true} assume !(1 == ~handle); {15926#true} is VALID [2022-02-20 18:01:56,753 INFO L290 TraceCheckUtils]: 28: Hoare triple {15926#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,753 INFO L290 TraceCheckUtils]: 29: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,753 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15926#true} {15926#true} #1100#return; {15926#true} is VALID [2022-02-20 18:01:56,753 INFO L290 TraceCheckUtils]: 31: Hoare triple {15926#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15946#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:01:56,754 INFO L272 TraceCheckUtils]: 32: Hoare triple {15946#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:56,754 INFO L290 TraceCheckUtils]: 33: Hoare triple {15979#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15981#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:56,754 INFO L290 TraceCheckUtils]: 34: Hoare triple {15981#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15981#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:56,755 INFO L290 TraceCheckUtils]: 35: Hoare triple {15981#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15982#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:56,755 INFO L290 TraceCheckUtils]: 36: Hoare triple {15982#(= 2 |setClientId_#in~handle|)} assume true; {15982#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:56,755 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {15982#(= 2 |setClientId_#in~handle|)} {15946#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1102#return; {15927#false} is VALID [2022-02-20 18:01:56,755 INFO L290 TraceCheckUtils]: 38: Hoare triple {15927#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15927#false} is VALID [2022-02-20 18:01:56,755 INFO L272 TraceCheckUtils]: 39: Hoare triple {15927#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:56,756 INFO L290 TraceCheckUtils]: 40: Hoare triple {15980#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,756 INFO L290 TraceCheckUtils]: 41: Hoare triple {15926#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,756 INFO L290 TraceCheckUtils]: 42: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,756 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {15926#true} {15927#false} #1104#return; {15927#false} is VALID [2022-02-20 18:01:56,756 INFO L290 TraceCheckUtils]: 44: Hoare triple {15927#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {15927#false} is VALID [2022-02-20 18:01:56,756 INFO L290 TraceCheckUtils]: 45: Hoare triple {15927#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15927#false} is VALID [2022-02-20 18:01:56,756 INFO L290 TraceCheckUtils]: 46: Hoare triple {15927#false} assume !false; {15927#false} is VALID [2022-02-20 18:01:56,756 INFO L290 TraceCheckUtils]: 47: Hoare triple {15927#false} assume test_~splverifierCounter~0#1 < 4; {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L290 TraceCheckUtils]: 48: Hoare triple {15927#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L290 TraceCheckUtils]: 49: Hoare triple {15927#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L290 TraceCheckUtils]: 50: Hoare triple {15927#false} assume !(0 != test_~tmp___9~0#1); {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L290 TraceCheckUtils]: 51: Hoare triple {15927#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L290 TraceCheckUtils]: 52: Hoare triple {15927#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L290 TraceCheckUtils]: 53: Hoare triple {15927#false} assume !false; {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L290 TraceCheckUtils]: 54: Hoare triple {15927#false} assume !(test_~splverifierCounter~0#1 < 4); {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L290 TraceCheckUtils]: 55: Hoare triple {15927#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {15927#false} is VALID [2022-02-20 18:01:56,757 INFO L272 TraceCheckUtils]: 56: Hoare triple {15927#false} call sendEmail(~bob~0, ~rjh~0); {15927#false} is VALID [2022-02-20 18:01:56,758 INFO L290 TraceCheckUtils]: 57: Hoare triple {15927#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15927#false} is VALID [2022-02-20 18:01:56,758 INFO L272 TraceCheckUtils]: 58: Hoare triple {15927#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15983#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:56,758 INFO L290 TraceCheckUtils]: 59: Hoare triple {15983#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,758 INFO L290 TraceCheckUtils]: 60: Hoare triple {15926#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,758 INFO L290 TraceCheckUtils]: 61: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,758 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {15926#true} {15927#false} #1066#return; {15927#false} is VALID [2022-02-20 18:01:56,758 INFO L272 TraceCheckUtils]: 63: Hoare triple {15927#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {15984#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:56,758 INFO L290 TraceCheckUtils]: 64: Hoare triple {15984#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,759 INFO L290 TraceCheckUtils]: 65: Hoare triple {15926#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,759 INFO L290 TraceCheckUtils]: 66: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,759 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {15926#true} {15927#false} #1068#return; {15927#false} is VALID [2022-02-20 18:01:56,759 INFO L290 TraceCheckUtils]: 68: Hoare triple {15927#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {15927#false} is VALID [2022-02-20 18:01:56,759 INFO L290 TraceCheckUtils]: 69: Hoare triple {15927#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {15927#false} is VALID [2022-02-20 18:01:56,759 INFO L272 TraceCheckUtils]: 70: Hoare triple {15927#false} call outgoing(~sender#1, ~email~0#1); {15927#false} is VALID [2022-02-20 18:01:56,759 INFO L290 TraceCheckUtils]: 71: Hoare triple {15927#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {15927#false} is VALID [2022-02-20 18:01:56,759 INFO L290 TraceCheckUtils]: 72: Hoare triple {15927#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {15927#false} is VALID [2022-02-20 18:01:56,759 INFO L290 TraceCheckUtils]: 73: Hoare triple {15927#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {15927#false} is VALID [2022-02-20 18:01:56,760 INFO L290 TraceCheckUtils]: 74: Hoare triple {15927#false} assume 0 == sign_~privkey~0#1; {15927#false} is VALID [2022-02-20 18:01:56,760 INFO L290 TraceCheckUtils]: 75: Hoare triple {15927#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {15927#false} is VALID [2022-02-20 18:01:56,760 INFO L272 TraceCheckUtils]: 76: Hoare triple {15927#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {15926#true} is VALID [2022-02-20 18:01:56,760 INFO L290 TraceCheckUtils]: 77: Hoare triple {15926#true} ~handle := #in~handle;havoc ~retValue_acc~7; {15926#true} is VALID [2022-02-20 18:01:56,760 INFO L290 TraceCheckUtils]: 78: Hoare triple {15926#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {15926#true} is VALID [2022-02-20 18:01:56,760 INFO L290 TraceCheckUtils]: 79: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,760 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {15926#true} {15927#false} #1048#return; {15927#false} is VALID [2022-02-20 18:01:56,760 INFO L290 TraceCheckUtils]: 81: Hoare triple {15927#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {15927#false} is VALID [2022-02-20 18:01:56,761 INFO L290 TraceCheckUtils]: 82: Hoare triple {15927#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {15927#false} is VALID [2022-02-20 18:01:56,761 INFO L272 TraceCheckUtils]: 83: Hoare triple {15927#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {15927#false} is VALID [2022-02-20 18:01:56,761 INFO L290 TraceCheckUtils]: 84: Hoare triple {15927#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {15927#false} is VALID [2022-02-20 18:01:56,761 INFO L290 TraceCheckUtils]: 85: Hoare triple {15927#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {15927#false} is VALID [2022-02-20 18:01:56,761 INFO L290 TraceCheckUtils]: 86: Hoare triple {15927#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {15927#false} is VALID [2022-02-20 18:01:56,761 INFO L272 TraceCheckUtils]: 87: Hoare triple {15927#false} call setEmailFrom(~msg#1, ~tmp~14#1); {15983#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:56,761 INFO L290 TraceCheckUtils]: 88: Hoare triple {15983#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15926#true} is VALID [2022-02-20 18:01:56,761 INFO L290 TraceCheckUtils]: 89: Hoare triple {15926#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15926#true} is VALID [2022-02-20 18:01:56,761 INFO L290 TraceCheckUtils]: 90: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,762 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {15926#true} {15927#false} #1072#return; {15927#false} is VALID [2022-02-20 18:01:56,762 INFO L290 TraceCheckUtils]: 92: Hoare triple {15927#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {15927#false} is VALID [2022-02-20 18:01:56,762 INFO L272 TraceCheckUtils]: 93: Hoare triple {15927#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {15926#true} is VALID [2022-02-20 18:01:56,762 INFO L290 TraceCheckUtils]: 94: Hoare triple {15926#true} ~handle := #in~handle;havoc ~retValue_acc~24; {15926#true} is VALID [2022-02-20 18:01:56,762 INFO L290 TraceCheckUtils]: 95: Hoare triple {15926#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {15926#true} is VALID [2022-02-20 18:01:56,775 INFO L290 TraceCheckUtils]: 96: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,775 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {15926#true} {15927#false} #1074#return; {15927#false} is VALID [2022-02-20 18:01:56,775 INFO L290 TraceCheckUtils]: 98: Hoare triple {15927#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {15927#false} is VALID [2022-02-20 18:01:56,776 INFO L272 TraceCheckUtils]: 99: Hoare triple {15927#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {15926#true} is VALID [2022-02-20 18:01:56,776 INFO L290 TraceCheckUtils]: 100: Hoare triple {15926#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {15926#true} is VALID [2022-02-20 18:01:56,776 INFO L290 TraceCheckUtils]: 101: Hoare triple {15926#true} assume true; {15926#true} is VALID [2022-02-20 18:01:56,776 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {15926#true} {15927#false} #1076#return; {15927#false} is VALID [2022-02-20 18:01:56,776 INFO L290 TraceCheckUtils]: 103: Hoare triple {15927#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {15927#false} is VALID [2022-02-20 18:01:56,776 INFO L290 TraceCheckUtils]: 104: Hoare triple {15927#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {15927#false} is VALID [2022-02-20 18:01:56,776 INFO L290 TraceCheckUtils]: 105: Hoare triple {15927#false} assume !false; {15927#false} is VALID [2022-02-20 18:01:56,777 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:01:56,777 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:56,777 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1090685536] [2022-02-20 18:01:56,777 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1090685536] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:56,777 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:01:56,777 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:01:56,777 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1313245791] [2022-02-20 18:01:56,778 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:56,778 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 18:01:56,778 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:56,779 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:01:56,831 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:56,831 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:01:56,832 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:56,832 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:01:56,832 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:56,832 INFO L87 Difference]: Start difference. First operand 406 states and 638 transitions. Second operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:02,620 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:02,620 INFO L93 Difference]: Finished difference Result 883 states and 1410 transitions. [2022-02-20 18:02:02,620 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:02:02,620 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 18:02:02,621 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:02,622 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:02,630 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1172 transitions. [2022-02-20 18:02:02,631 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:02,640 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1172 transitions. [2022-02-20 18:02:02,640 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1172 transitions. [2022-02-20 18:02:03,606 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1172 edges. 1172 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:03,620 INFO L225 Difference]: With dead ends: 883 [2022-02-20 18:02:03,621 INFO L226 Difference]: Without dead ends: 500 [2022-02-20 18:02:03,622 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:03,623 INFO L933 BasicCegarLoop]: 565 mSDtfsCounter, 1253 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 1766 mSolverCounterSat, 392 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1274 SdHoareTripleChecker+Valid, 1503 SdHoareTripleChecker+Invalid, 2158 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 392 IncrementalHoareTripleChecker+Valid, 1766 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:03,623 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1274 Valid, 1503 Invalid, 2158 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [392 Valid, 1766 Invalid, 0 Unknown, 0 Unchecked, 2.5s Time] [2022-02-20 18:02:03,624 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 500 states. [2022-02-20 18:02:03,706 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 500 to 408. [2022-02-20 18:02:03,706 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:03,707 INFO L82 GeneralOperation]: Start isEquivalent. First operand 500 states. Second operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (69), 60 states have call predecessors, (69), 61 states have call successors, (69) [2022-02-20 18:02:03,708 INFO L74 IsIncluded]: Start isIncluded. First operand 500 states. Second operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (69), 60 states have call predecessors, (69), 61 states have call successors, (69) [2022-02-20 18:02:03,709 INFO L87 Difference]: Start difference. First operand 500 states. Second operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (69), 60 states have call predecessors, (69), 61 states have call successors, (69) [2022-02-20 18:02:03,723 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:03,723 INFO L93 Difference]: Finished difference Result 500 states and 802 transitions. [2022-02-20 18:02:03,723 INFO L276 IsEmpty]: Start isEmpty. Operand 500 states and 802 transitions. [2022-02-20 18:02:03,725 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:03,725 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:03,726 INFO L74 IsIncluded]: Start isIncluded. First operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (69), 60 states have call predecessors, (69), 61 states have call successors, (69) Second operand 500 states. [2022-02-20 18:02:03,726 INFO L87 Difference]: Start difference. First operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (69), 60 states have call predecessors, (69), 61 states have call successors, (69) Second operand 500 states. [2022-02-20 18:02:03,741 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:03,741 INFO L93 Difference]: Finished difference Result 500 states and 802 transitions. [2022-02-20 18:02:03,741 INFO L276 IsEmpty]: Start isEmpty. Operand 500 states and 802 transitions. [2022-02-20 18:02:03,743 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:03,743 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:03,743 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:03,743 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:03,744 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (69), 60 states have call predecessors, (69), 61 states have call successors, (69) [2022-02-20 18:02:03,758 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 408 states to 408 states and 641 transitions. [2022-02-20 18:02:03,758 INFO L78 Accepts]: Start accepts. Automaton has 408 states and 641 transitions. Word has length 106 [2022-02-20 18:02:03,758 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:03,759 INFO L470 AbstractCegarLoop]: Abstraction has 408 states and 641 transitions. [2022-02-20 18:02:03,759 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:03,759 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 641 transitions. [2022-02-20 18:02:03,760 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 108 [2022-02-20 18:02:03,760 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:03,760 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:03,760 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:02:03,761 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:03,761 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:03,761 INFO L85 PathProgramCache]: Analyzing trace with hash 754334179, now seen corresponding path program 1 times [2022-02-20 18:02:03,761 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:03,761 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2027050000] [2022-02-20 18:02:03,761 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:03,761 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:03,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,819 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:03,820 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,822 INFO L290 TraceCheckUtils]: 0: Hoare triple {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,822 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,822 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,822 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18787#true} {18787#true} #1094#return; {18787#true} is VALID [2022-02-20 18:02:03,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:03,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,831 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,831 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18787#true} {18787#true} #1096#return; {18787#true} is VALID [2022-02-20 18:02:03,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:03,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,834 INFO L290 TraceCheckUtils]: 0: Hoare triple {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume !(1 == ~handle); {18787#true} is VALID [2022-02-20 18:02:03,834 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,834 INFO L290 TraceCheckUtils]: 3: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,834 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18787#true} {18787#true} #1098#return; {18787#true} is VALID [2022-02-20 18:02:03,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:03,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,837 INFO L290 TraceCheckUtils]: 0: Hoare triple {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,837 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume !(1 == ~handle); {18787#true} is VALID [2022-02-20 18:02:03,837 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,837 INFO L290 TraceCheckUtils]: 3: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,837 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18787#true} {18787#true} #1100#return; {18787#true} is VALID [2022-02-20 18:02:03,837 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:03,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18844#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {18844#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18844#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {18844#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {18844#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,855 INFO L290 TraceCheckUtils]: 3: Hoare triple {18844#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18845#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,855 INFO L290 TraceCheckUtils]: 4: Hoare triple {18845#(= 3 |setClientId_#in~handle|)} assume true; {18845#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,856 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {18845#(= 3 |setClientId_#in~handle|)} {18807#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1102#return; {18814#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:03,856 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:03,857 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,874 INFO L290 TraceCheckUtils]: 0: Hoare triple {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18846#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:03,875 INFO L290 TraceCheckUtils]: 1: Hoare triple {18846#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18847#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:03,875 INFO L290 TraceCheckUtils]: 2: Hoare triple {18847#(= |setClientPrivateKey_#in~handle| 1)} assume true; {18847#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:03,875 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18847#(= |setClientPrivateKey_#in~handle| 1)} {18814#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1104#return; {18788#false} is VALID [2022-02-20 18:02:03,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:02:03,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,888 INFO L290 TraceCheckUtils]: 0: Hoare triple {18848#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,889 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18787#true} {18788#false} #1066#return; {18788#false} is VALID [2022-02-20 18:02:03,897 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:02:03,898 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,899 INFO L290 TraceCheckUtils]: 0: Hoare triple {18849#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,899 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,899 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,900 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18787#true} {18788#false} #1068#return; {18788#false} is VALID [2022-02-20 18:02:03,900 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:02:03,900 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,902 INFO L290 TraceCheckUtils]: 0: Hoare triple {18787#true} ~handle := #in~handle;havoc ~retValue_acc~7; {18787#true} is VALID [2022-02-20 18:02:03,902 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {18787#true} is VALID [2022-02-20 18:02:03,902 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,902 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18787#true} {18788#false} #1048#return; {18788#false} is VALID [2022-02-20 18:02:03,902 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:02:03,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,907 INFO L290 TraceCheckUtils]: 0: Hoare triple {18848#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,907 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,907 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,907 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18787#true} {18788#false} #1072#return; {18788#false} is VALID [2022-02-20 18:02:03,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:02:03,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,909 INFO L290 TraceCheckUtils]: 0: Hoare triple {18787#true} ~handle := #in~handle;havoc ~retValue_acc~24; {18787#true} is VALID [2022-02-20 18:02:03,909 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {18787#true} is VALID [2022-02-20 18:02:03,909 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,909 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18787#true} {18788#false} #1074#return; {18788#false} is VALID [2022-02-20 18:02:03,910 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:02:03,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {18787#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {18787#true} is VALID [2022-02-20 18:02:03,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,911 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {18787#true} {18788#false} #1076#return; {18788#false} is VALID [2022-02-20 18:02:03,912 INFO L290 TraceCheckUtils]: 0: Hoare triple {18787#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {18787#true} is VALID [2022-02-20 18:02:03,912 INFO L290 TraceCheckUtils]: 1: Hoare triple {18787#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {18787#true} is VALID [2022-02-20 18:02:03,912 INFO L290 TraceCheckUtils]: 2: Hoare triple {18787#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18787#true} is VALID [2022-02-20 18:02:03,912 INFO L290 TraceCheckUtils]: 3: Hoare triple {18787#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {18787#true} is VALID [2022-02-20 18:02:03,912 INFO L290 TraceCheckUtils]: 4: Hoare triple {18787#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {18787#true} is VALID [2022-02-20 18:02:03,912 INFO L290 TraceCheckUtils]: 5: Hoare triple {18787#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18787#true} is VALID [2022-02-20 18:02:03,913 INFO L272 TraceCheckUtils]: 6: Hoare triple {18787#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,913 INFO L290 TraceCheckUtils]: 7: Hoare triple {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,913 INFO L290 TraceCheckUtils]: 8: Hoare triple {18787#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,913 INFO L290 TraceCheckUtils]: 9: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,913 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18787#true} {18787#true} #1094#return; {18787#true} is VALID [2022-02-20 18:02:03,913 INFO L290 TraceCheckUtils]: 11: Hoare triple {18787#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18787#true} is VALID [2022-02-20 18:02:03,914 INFO L272 TraceCheckUtils]: 12: Hoare triple {18787#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:03,914 INFO L290 TraceCheckUtils]: 13: Hoare triple {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,914 INFO L290 TraceCheckUtils]: 14: Hoare triple {18787#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,914 INFO L290 TraceCheckUtils]: 15: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,914 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18787#true} {18787#true} #1096#return; {18787#true} is VALID [2022-02-20 18:02:03,915 INFO L290 TraceCheckUtils]: 17: Hoare triple {18787#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18787#true} is VALID [2022-02-20 18:02:03,915 INFO L272 TraceCheckUtils]: 18: Hoare triple {18787#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,915 INFO L290 TraceCheckUtils]: 19: Hoare triple {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,915 INFO L290 TraceCheckUtils]: 20: Hoare triple {18787#true} assume !(1 == ~handle); {18787#true} is VALID [2022-02-20 18:02:03,916 INFO L290 TraceCheckUtils]: 21: Hoare triple {18787#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,916 INFO L290 TraceCheckUtils]: 22: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,916 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18787#true} {18787#true} #1098#return; {18787#true} is VALID [2022-02-20 18:02:03,916 INFO L290 TraceCheckUtils]: 24: Hoare triple {18787#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18787#true} is VALID [2022-02-20 18:02:03,916 INFO L272 TraceCheckUtils]: 25: Hoare triple {18787#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:03,917 INFO L290 TraceCheckUtils]: 26: Hoare triple {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,917 INFO L290 TraceCheckUtils]: 27: Hoare triple {18787#true} assume !(1 == ~handle); {18787#true} is VALID [2022-02-20 18:02:03,917 INFO L290 TraceCheckUtils]: 28: Hoare triple {18787#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,917 INFO L290 TraceCheckUtils]: 29: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,917 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18787#true} {18787#true} #1100#return; {18787#true} is VALID [2022-02-20 18:02:03,917 INFO L290 TraceCheckUtils]: 31: Hoare triple {18787#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18807#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:03,918 INFO L272 TraceCheckUtils]: 32: Hoare triple {18807#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,918 INFO L290 TraceCheckUtils]: 33: Hoare triple {18842#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18844#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,919 INFO L290 TraceCheckUtils]: 34: Hoare triple {18844#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18844#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,919 INFO L290 TraceCheckUtils]: 35: Hoare triple {18844#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {18844#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,919 INFO L290 TraceCheckUtils]: 36: Hoare triple {18844#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18845#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,919 INFO L290 TraceCheckUtils]: 37: Hoare triple {18845#(= 3 |setClientId_#in~handle|)} assume true; {18845#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,920 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {18845#(= 3 |setClientId_#in~handle|)} {18807#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1102#return; {18814#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:03,920 INFO L290 TraceCheckUtils]: 39: Hoare triple {18814#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {18814#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:03,921 INFO L272 TraceCheckUtils]: 40: Hoare triple {18814#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:03,921 INFO L290 TraceCheckUtils]: 41: Hoare triple {18843#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18846#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:03,921 INFO L290 TraceCheckUtils]: 42: Hoare triple {18846#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18847#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:03,922 INFO L290 TraceCheckUtils]: 43: Hoare triple {18847#(= |setClientPrivateKey_#in~handle| 1)} assume true; {18847#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:03,922 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {18847#(= |setClientPrivateKey_#in~handle| 1)} {18814#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1104#return; {18788#false} is VALID [2022-02-20 18:02:03,922 INFO L290 TraceCheckUtils]: 45: Hoare triple {18788#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {18788#false} is VALID [2022-02-20 18:02:03,922 INFO L290 TraceCheckUtils]: 46: Hoare triple {18788#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18788#false} is VALID [2022-02-20 18:02:03,922 INFO L290 TraceCheckUtils]: 47: Hoare triple {18788#false} assume !false; {18788#false} is VALID [2022-02-20 18:02:03,923 INFO L290 TraceCheckUtils]: 48: Hoare triple {18788#false} assume test_~splverifierCounter~0#1 < 4; {18788#false} is VALID [2022-02-20 18:02:03,923 INFO L290 TraceCheckUtils]: 49: Hoare triple {18788#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18788#false} is VALID [2022-02-20 18:02:03,923 INFO L290 TraceCheckUtils]: 50: Hoare triple {18788#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {18788#false} is VALID [2022-02-20 18:02:03,923 INFO L290 TraceCheckUtils]: 51: Hoare triple {18788#false} assume !(0 != test_~tmp___9~0#1); {18788#false} is VALID [2022-02-20 18:02:03,923 INFO L290 TraceCheckUtils]: 52: Hoare triple {18788#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {18788#false} is VALID [2022-02-20 18:02:03,923 INFO L290 TraceCheckUtils]: 53: Hoare triple {18788#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18788#false} is VALID [2022-02-20 18:02:03,923 INFO L290 TraceCheckUtils]: 54: Hoare triple {18788#false} assume !false; {18788#false} is VALID [2022-02-20 18:02:03,923 INFO L290 TraceCheckUtils]: 55: Hoare triple {18788#false} assume !(test_~splverifierCounter~0#1 < 4); {18788#false} is VALID [2022-02-20 18:02:03,924 INFO L290 TraceCheckUtils]: 56: Hoare triple {18788#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {18788#false} is VALID [2022-02-20 18:02:03,924 INFO L272 TraceCheckUtils]: 57: Hoare triple {18788#false} call sendEmail(~bob~0, ~rjh~0); {18788#false} is VALID [2022-02-20 18:02:03,924 INFO L290 TraceCheckUtils]: 58: Hoare triple {18788#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18788#false} is VALID [2022-02-20 18:02:03,924 INFO L272 TraceCheckUtils]: 59: Hoare triple {18788#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18848#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:03,924 INFO L290 TraceCheckUtils]: 60: Hoare triple {18848#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,924 INFO L290 TraceCheckUtils]: 61: Hoare triple {18787#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,924 INFO L290 TraceCheckUtils]: 62: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,924 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {18787#true} {18788#false} #1066#return; {18788#false} is VALID [2022-02-20 18:02:03,924 INFO L272 TraceCheckUtils]: 64: Hoare triple {18788#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18849#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:03,925 INFO L290 TraceCheckUtils]: 65: Hoare triple {18849#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,925 INFO L290 TraceCheckUtils]: 66: Hoare triple {18787#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,925 INFO L290 TraceCheckUtils]: 67: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,925 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {18787#true} {18788#false} #1068#return; {18788#false} is VALID [2022-02-20 18:02:03,925 INFO L290 TraceCheckUtils]: 69: Hoare triple {18788#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {18788#false} is VALID [2022-02-20 18:02:03,925 INFO L290 TraceCheckUtils]: 70: Hoare triple {18788#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {18788#false} is VALID [2022-02-20 18:02:03,925 INFO L272 TraceCheckUtils]: 71: Hoare triple {18788#false} call outgoing(~sender#1, ~email~0#1); {18788#false} is VALID [2022-02-20 18:02:03,925 INFO L290 TraceCheckUtils]: 72: Hoare triple {18788#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {18788#false} is VALID [2022-02-20 18:02:03,925 INFO L290 TraceCheckUtils]: 73: Hoare triple {18788#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {18788#false} is VALID [2022-02-20 18:02:03,926 INFO L290 TraceCheckUtils]: 74: Hoare triple {18788#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {18788#false} is VALID [2022-02-20 18:02:03,926 INFO L290 TraceCheckUtils]: 75: Hoare triple {18788#false} assume 0 == sign_~privkey~0#1; {18788#false} is VALID [2022-02-20 18:02:03,926 INFO L290 TraceCheckUtils]: 76: Hoare triple {18788#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {18788#false} is VALID [2022-02-20 18:02:03,926 INFO L272 TraceCheckUtils]: 77: Hoare triple {18788#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {18787#true} is VALID [2022-02-20 18:02:03,926 INFO L290 TraceCheckUtils]: 78: Hoare triple {18787#true} ~handle := #in~handle;havoc ~retValue_acc~7; {18787#true} is VALID [2022-02-20 18:02:03,926 INFO L290 TraceCheckUtils]: 79: Hoare triple {18787#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {18787#true} is VALID [2022-02-20 18:02:03,926 INFO L290 TraceCheckUtils]: 80: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,926 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {18787#true} {18788#false} #1048#return; {18788#false} is VALID [2022-02-20 18:02:03,927 INFO L290 TraceCheckUtils]: 82: Hoare triple {18788#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {18788#false} is VALID [2022-02-20 18:02:03,927 INFO L290 TraceCheckUtils]: 83: Hoare triple {18788#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {18788#false} is VALID [2022-02-20 18:02:03,927 INFO L272 TraceCheckUtils]: 84: Hoare triple {18788#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {18788#false} is VALID [2022-02-20 18:02:03,927 INFO L290 TraceCheckUtils]: 85: Hoare triple {18788#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {18788#false} is VALID [2022-02-20 18:02:03,927 INFO L290 TraceCheckUtils]: 86: Hoare triple {18788#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {18788#false} is VALID [2022-02-20 18:02:03,927 INFO L290 TraceCheckUtils]: 87: Hoare triple {18788#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {18788#false} is VALID [2022-02-20 18:02:03,927 INFO L272 TraceCheckUtils]: 88: Hoare triple {18788#false} call setEmailFrom(~msg#1, ~tmp~14#1); {18848#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:03,927 INFO L290 TraceCheckUtils]: 89: Hoare triple {18848#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18787#true} is VALID [2022-02-20 18:02:03,927 INFO L290 TraceCheckUtils]: 90: Hoare triple {18787#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18787#true} is VALID [2022-02-20 18:02:03,928 INFO L290 TraceCheckUtils]: 91: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,928 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {18787#true} {18788#false} #1072#return; {18788#false} is VALID [2022-02-20 18:02:03,928 INFO L290 TraceCheckUtils]: 93: Hoare triple {18788#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {18788#false} is VALID [2022-02-20 18:02:03,928 INFO L272 TraceCheckUtils]: 94: Hoare triple {18788#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {18787#true} is VALID [2022-02-20 18:02:03,928 INFO L290 TraceCheckUtils]: 95: Hoare triple {18787#true} ~handle := #in~handle;havoc ~retValue_acc~24; {18787#true} is VALID [2022-02-20 18:02:03,928 INFO L290 TraceCheckUtils]: 96: Hoare triple {18787#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {18787#true} is VALID [2022-02-20 18:02:03,928 INFO L290 TraceCheckUtils]: 97: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,928 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {18787#true} {18788#false} #1074#return; {18788#false} is VALID [2022-02-20 18:02:03,928 INFO L290 TraceCheckUtils]: 99: Hoare triple {18788#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {18788#false} is VALID [2022-02-20 18:02:03,929 INFO L272 TraceCheckUtils]: 100: Hoare triple {18788#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {18787#true} is VALID [2022-02-20 18:02:03,929 INFO L290 TraceCheckUtils]: 101: Hoare triple {18787#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {18787#true} is VALID [2022-02-20 18:02:03,929 INFO L290 TraceCheckUtils]: 102: Hoare triple {18787#true} assume true; {18787#true} is VALID [2022-02-20 18:02:03,929 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {18787#true} {18788#false} #1076#return; {18788#false} is VALID [2022-02-20 18:02:03,929 INFO L290 TraceCheckUtils]: 104: Hoare triple {18788#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {18788#false} is VALID [2022-02-20 18:02:03,929 INFO L290 TraceCheckUtils]: 105: Hoare triple {18788#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {18788#false} is VALID [2022-02-20 18:02:03,929 INFO L290 TraceCheckUtils]: 106: Hoare triple {18788#false} assume !false; {18788#false} is VALID [2022-02-20 18:02:03,930 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:02:03,930 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:03,930 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2027050000] [2022-02-20 18:02:03,930 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2027050000] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:03,930 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:03,930 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:03,930 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [165562785] [2022-02-20 18:02:03,930 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:03,931 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 107 [2022-02-20 18:02:03,931 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:03,931 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:03,997 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:03,997 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:03,997 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:03,998 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:03,998 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:03,998 INFO L87 Difference]: Start difference. First operand 408 states and 641 transitions. Second operand has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:10,697 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:10,698 INFO L93 Difference]: Finished difference Result 881 states and 1405 transitions. [2022-02-20 18:02:10,698 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:02:10,698 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 107 [2022-02-20 18:02:10,698 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:10,698 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:10,709 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1173 transitions. [2022-02-20 18:02:10,709 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:10,718 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1173 transitions. [2022-02-20 18:02:10,719 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1173 transitions. [2022-02-20 18:02:11,518 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1173 edges. 1173 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:11,534 INFO L225 Difference]: With dead ends: 881 [2022-02-20 18:02:11,534 INFO L226 Difference]: Without dead ends: 500 [2022-02-20 18:02:11,536 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:02:11,536 INFO L933 BasicCegarLoop]: 555 mSDtfsCounter, 1385 mSDsluCounter, 1302 mSDsCounter, 0 mSdLazyCounter, 3220 mSolverCounterSat, 458 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1385 SdHoareTripleChecker+Valid, 1857 SdHoareTripleChecker+Invalid, 3678 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 458 IncrementalHoareTripleChecker+Valid, 3220 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:11,536 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1385 Valid, 1857 Invalid, 3678 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [458 Valid, 3220 Invalid, 0 Unknown, 0 Unchecked, 2.9s Time] [2022-02-20 18:02:11,537 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 500 states. [2022-02-20 18:02:11,618 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 500 to 408. [2022-02-20 18:02:11,618 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:11,631 INFO L82 GeneralOperation]: Start isEquivalent. First operand 500 states. Second operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) [2022-02-20 18:02:11,632 INFO L74 IsIncluded]: Start isIncluded. First operand 500 states. Second operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) [2022-02-20 18:02:11,633 INFO L87 Difference]: Start difference. First operand 500 states. Second operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) [2022-02-20 18:02:11,650 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:11,650 INFO L93 Difference]: Finished difference Result 500 states and 801 transitions. [2022-02-20 18:02:11,650 INFO L276 IsEmpty]: Start isEmpty. Operand 500 states and 801 transitions. [2022-02-20 18:02:11,652 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:11,652 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:11,653 INFO L74 IsIncluded]: Start isIncluded. First operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) Second operand 500 states. [2022-02-20 18:02:11,654 INFO L87 Difference]: Start difference. First operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) Second operand 500 states. [2022-02-20 18:02:11,668 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:11,669 INFO L93 Difference]: Finished difference Result 500 states and 801 transitions. [2022-02-20 18:02:11,669 INFO L276 IsEmpty]: Start isEmpty. Operand 500 states and 801 transitions. [2022-02-20 18:02:11,671 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:11,671 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:11,671 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:11,671 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:11,672 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 408 states, 321 states have (on average 1.588785046728972) internal successors, (510), 326 states have internal predecessors, (510), 62 states have call successors, (62), 21 states have call predecessors, (62), 24 states have return successors, (68), 60 states have call predecessors, (68), 61 states have call successors, (68) [2022-02-20 18:02:11,684 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 408 states to 408 states and 640 transitions. [2022-02-20 18:02:11,684 INFO L78 Accepts]: Start accepts. Automaton has 408 states and 640 transitions. Word has length 107 [2022-02-20 18:02:11,684 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:11,684 INFO L470 AbstractCegarLoop]: Abstraction has 408 states and 640 transitions. [2022-02-20 18:02:11,685 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:11,685 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 640 transitions. [2022-02-20 18:02:11,686 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 18:02:11,686 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:11,686 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:11,686 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:02:11,687 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:11,687 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:11,687 INFO L85 PathProgramCache]: Analyzing trace with hash 1320832791, now seen corresponding path program 2 times [2022-02-20 18:02:11,687 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:11,687 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1140962646] [2022-02-20 18:02:11,687 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:11,688 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:11,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,738 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:11,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,741 INFO L290 TraceCheckUtils]: 0: Hoare triple {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,741 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,741 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21657#true} {21657#true} #1094#return; {21657#true} is VALID [2022-02-20 18:02:11,746 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:11,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,748 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,748 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21657#true} {21657#true} #1096#return; {21657#true} is VALID [2022-02-20 18:02:11,748 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:11,750 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,751 INFO L290 TraceCheckUtils]: 0: Hoare triple {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,751 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume !(1 == ~handle); {21657#true} is VALID [2022-02-20 18:02:11,751 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,752 INFO L290 TraceCheckUtils]: 3: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,752 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21657#true} {21657#true} #1098#return; {21657#true} is VALID [2022-02-20 18:02:11,752 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:11,753 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,754 INFO L290 TraceCheckUtils]: 0: Hoare triple {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,754 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume !(1 == ~handle); {21657#true} is VALID [2022-02-20 18:02:11,754 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,754 INFO L290 TraceCheckUtils]: 3: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,755 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21657#true} {21657#true} #1100#return; {21657#true} is VALID [2022-02-20 18:02:11,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:11,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21715#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {21715#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21715#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {21715#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21715#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,770 INFO L290 TraceCheckUtils]: 3: Hoare triple {21715#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21716#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,770 INFO L290 TraceCheckUtils]: 4: Hoare triple {21716#(= 3 |setClientId_#in~handle|)} assume true; {21716#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,770 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21716#(= 3 |setClientId_#in~handle|)} {21677#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1102#return; {21684#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:11,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:11,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21717#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:11,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {21717#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {21717#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:11,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {21717#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21718#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:11,785 INFO L290 TraceCheckUtils]: 3: Hoare triple {21718#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {21718#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:11,785 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21718#(= 2 |setClientPrivateKey_#in~handle|)} {21684#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1104#return; {21658#false} is VALID [2022-02-20 18:02:11,791 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:02:11,792 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {21719#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,808 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,808 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,808 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21657#true} {21658#false} #1066#return; {21658#false} is VALID [2022-02-20 18:02:11,815 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:02:11,816 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {21720#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,818 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,818 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21657#true} {21658#false} #1068#return; {21658#false} is VALID [2022-02-20 18:02:11,819 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:02:11,819 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {21657#true} ~handle := #in~handle;havoc ~retValue_acc~7; {21657#true} is VALID [2022-02-20 18:02:11,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {21657#true} is VALID [2022-02-20 18:02:11,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,821 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21657#true} {21658#false} #1048#return; {21658#false} is VALID [2022-02-20 18:02:11,821 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:02:11,822 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,824 INFO L290 TraceCheckUtils]: 0: Hoare triple {21719#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,824 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,824 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,824 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21657#true} {21658#false} #1072#return; {21658#false} is VALID [2022-02-20 18:02:11,825 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:02:11,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,827 INFO L290 TraceCheckUtils]: 0: Hoare triple {21657#true} ~handle := #in~handle;havoc ~retValue_acc~24; {21657#true} is VALID [2022-02-20 18:02:11,827 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {21657#true} is VALID [2022-02-20 18:02:11,827 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,827 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21657#true} {21658#false} #1074#return; {21658#false} is VALID [2022-02-20 18:02:11,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:11,828 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:11,829 INFO L290 TraceCheckUtils]: 0: Hoare triple {21657#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {21657#true} is VALID [2022-02-20 18:02:11,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,830 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21657#true} {21658#false} #1076#return; {21658#false} is VALID [2022-02-20 18:02:11,830 INFO L290 TraceCheckUtils]: 0: Hoare triple {21657#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {21657#true} is VALID [2022-02-20 18:02:11,830 INFO L290 TraceCheckUtils]: 1: Hoare triple {21657#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {21657#true} is VALID [2022-02-20 18:02:11,830 INFO L290 TraceCheckUtils]: 2: Hoare triple {21657#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21657#true} is VALID [2022-02-20 18:02:11,830 INFO L290 TraceCheckUtils]: 3: Hoare triple {21657#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {21657#true} is VALID [2022-02-20 18:02:11,830 INFO L290 TraceCheckUtils]: 4: Hoare triple {21657#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {21657#true} is VALID [2022-02-20 18:02:11,830 INFO L290 TraceCheckUtils]: 5: Hoare triple {21657#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21657#true} is VALID [2022-02-20 18:02:11,831 INFO L272 TraceCheckUtils]: 6: Hoare triple {21657#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:11,831 INFO L290 TraceCheckUtils]: 7: Hoare triple {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,831 INFO L290 TraceCheckUtils]: 8: Hoare triple {21657#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,831 INFO L290 TraceCheckUtils]: 9: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,831 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21657#true} {21657#true} #1094#return; {21657#true} is VALID [2022-02-20 18:02:11,832 INFO L290 TraceCheckUtils]: 11: Hoare triple {21657#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21657#true} is VALID [2022-02-20 18:02:11,832 INFO L272 TraceCheckUtils]: 12: Hoare triple {21657#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:11,832 INFO L290 TraceCheckUtils]: 13: Hoare triple {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,832 INFO L290 TraceCheckUtils]: 14: Hoare triple {21657#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,832 INFO L290 TraceCheckUtils]: 15: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,833 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21657#true} {21657#true} #1096#return; {21657#true} is VALID [2022-02-20 18:02:11,833 INFO L290 TraceCheckUtils]: 17: Hoare triple {21657#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21657#true} is VALID [2022-02-20 18:02:11,833 INFO L272 TraceCheckUtils]: 18: Hoare triple {21657#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:11,833 INFO L290 TraceCheckUtils]: 19: Hoare triple {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,833 INFO L290 TraceCheckUtils]: 20: Hoare triple {21657#true} assume !(1 == ~handle); {21657#true} is VALID [2022-02-20 18:02:11,834 INFO L290 TraceCheckUtils]: 21: Hoare triple {21657#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,834 INFO L290 TraceCheckUtils]: 22: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,834 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21657#true} {21657#true} #1098#return; {21657#true} is VALID [2022-02-20 18:02:11,834 INFO L290 TraceCheckUtils]: 24: Hoare triple {21657#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21657#true} is VALID [2022-02-20 18:02:11,834 INFO L272 TraceCheckUtils]: 25: Hoare triple {21657#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:11,835 INFO L290 TraceCheckUtils]: 26: Hoare triple {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,835 INFO L290 TraceCheckUtils]: 27: Hoare triple {21657#true} assume !(1 == ~handle); {21657#true} is VALID [2022-02-20 18:02:11,835 INFO L290 TraceCheckUtils]: 28: Hoare triple {21657#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,835 INFO L290 TraceCheckUtils]: 29: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,835 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21657#true} {21657#true} #1100#return; {21657#true} is VALID [2022-02-20 18:02:11,835 INFO L290 TraceCheckUtils]: 31: Hoare triple {21657#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21677#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:11,836 INFO L272 TraceCheckUtils]: 32: Hoare triple {21677#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:11,836 INFO L290 TraceCheckUtils]: 33: Hoare triple {21713#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21715#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,836 INFO L290 TraceCheckUtils]: 34: Hoare triple {21715#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21715#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,837 INFO L290 TraceCheckUtils]: 35: Hoare triple {21715#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21715#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,837 INFO L290 TraceCheckUtils]: 36: Hoare triple {21715#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21716#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,837 INFO L290 TraceCheckUtils]: 37: Hoare triple {21716#(= 3 |setClientId_#in~handle|)} assume true; {21716#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:11,838 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21716#(= 3 |setClientId_#in~handle|)} {21677#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1102#return; {21684#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:11,838 INFO L290 TraceCheckUtils]: 39: Hoare triple {21684#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21684#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:11,839 INFO L272 TraceCheckUtils]: 40: Hoare triple {21684#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:11,839 INFO L290 TraceCheckUtils]: 41: Hoare triple {21714#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21717#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:11,839 INFO L290 TraceCheckUtils]: 42: Hoare triple {21717#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {21717#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:11,839 INFO L290 TraceCheckUtils]: 43: Hoare triple {21717#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21718#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:11,840 INFO L290 TraceCheckUtils]: 44: Hoare triple {21718#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {21718#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:11,840 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {21718#(= 2 |setClientPrivateKey_#in~handle|)} {21684#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1104#return; {21658#false} is VALID [2022-02-20 18:02:11,840 INFO L290 TraceCheckUtils]: 46: Hoare triple {21658#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {21658#false} is VALID [2022-02-20 18:02:11,840 INFO L290 TraceCheckUtils]: 47: Hoare triple {21658#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 48: Hoare triple {21658#false} assume !false; {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 49: Hoare triple {21658#false} assume test_~splverifierCounter~0#1 < 4; {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 50: Hoare triple {21658#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 51: Hoare triple {21658#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 52: Hoare triple {21658#false} assume !(0 != test_~tmp___9~0#1); {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 53: Hoare triple {21658#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 54: Hoare triple {21658#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 55: Hoare triple {21658#false} assume !false; {21658#false} is VALID [2022-02-20 18:02:11,841 INFO L290 TraceCheckUtils]: 56: Hoare triple {21658#false} assume !(test_~splverifierCounter~0#1 < 4); {21658#false} is VALID [2022-02-20 18:02:11,842 INFO L290 TraceCheckUtils]: 57: Hoare triple {21658#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {21658#false} is VALID [2022-02-20 18:02:11,842 INFO L272 TraceCheckUtils]: 58: Hoare triple {21658#false} call sendEmail(~bob~0, ~rjh~0); {21658#false} is VALID [2022-02-20 18:02:11,842 INFO L290 TraceCheckUtils]: 59: Hoare triple {21658#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21658#false} is VALID [2022-02-20 18:02:11,842 INFO L272 TraceCheckUtils]: 60: Hoare triple {21658#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21719#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:11,842 INFO L290 TraceCheckUtils]: 61: Hoare triple {21719#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,842 INFO L290 TraceCheckUtils]: 62: Hoare triple {21657#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,842 INFO L290 TraceCheckUtils]: 63: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,842 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21657#true} {21658#false} #1066#return; {21658#false} is VALID [2022-02-20 18:02:11,843 INFO L272 TraceCheckUtils]: 65: Hoare triple {21658#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21720#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:11,843 INFO L290 TraceCheckUtils]: 66: Hoare triple {21720#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,843 INFO L290 TraceCheckUtils]: 67: Hoare triple {21657#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,843 INFO L290 TraceCheckUtils]: 68: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,843 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {21657#true} {21658#false} #1068#return; {21658#false} is VALID [2022-02-20 18:02:11,843 INFO L290 TraceCheckUtils]: 70: Hoare triple {21658#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {21658#false} is VALID [2022-02-20 18:02:11,843 INFO L290 TraceCheckUtils]: 71: Hoare triple {21658#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {21658#false} is VALID [2022-02-20 18:02:11,843 INFO L272 TraceCheckUtils]: 72: Hoare triple {21658#false} call outgoing(~sender#1, ~email~0#1); {21658#false} is VALID [2022-02-20 18:02:11,843 INFO L290 TraceCheckUtils]: 73: Hoare triple {21658#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {21658#false} is VALID [2022-02-20 18:02:11,844 INFO L290 TraceCheckUtils]: 74: Hoare triple {21658#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {21658#false} is VALID [2022-02-20 18:02:11,844 INFO L290 TraceCheckUtils]: 75: Hoare triple {21658#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {21658#false} is VALID [2022-02-20 18:02:11,844 INFO L290 TraceCheckUtils]: 76: Hoare triple {21658#false} assume 0 == sign_~privkey~0#1; {21658#false} is VALID [2022-02-20 18:02:11,844 INFO L290 TraceCheckUtils]: 77: Hoare triple {21658#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {21658#false} is VALID [2022-02-20 18:02:11,844 INFO L272 TraceCheckUtils]: 78: Hoare triple {21658#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {21657#true} is VALID [2022-02-20 18:02:11,844 INFO L290 TraceCheckUtils]: 79: Hoare triple {21657#true} ~handle := #in~handle;havoc ~retValue_acc~7; {21657#true} is VALID [2022-02-20 18:02:11,844 INFO L290 TraceCheckUtils]: 80: Hoare triple {21657#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {21657#true} is VALID [2022-02-20 18:02:11,844 INFO L290 TraceCheckUtils]: 81: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,845 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {21657#true} {21658#false} #1048#return; {21658#false} is VALID [2022-02-20 18:02:11,845 INFO L290 TraceCheckUtils]: 83: Hoare triple {21658#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {21658#false} is VALID [2022-02-20 18:02:11,845 INFO L290 TraceCheckUtils]: 84: Hoare triple {21658#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {21658#false} is VALID [2022-02-20 18:02:11,845 INFO L272 TraceCheckUtils]: 85: Hoare triple {21658#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {21658#false} is VALID [2022-02-20 18:02:11,845 INFO L290 TraceCheckUtils]: 86: Hoare triple {21658#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {21658#false} is VALID [2022-02-20 18:02:11,845 INFO L290 TraceCheckUtils]: 87: Hoare triple {21658#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {21658#false} is VALID [2022-02-20 18:02:11,845 INFO L290 TraceCheckUtils]: 88: Hoare triple {21658#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {21658#false} is VALID [2022-02-20 18:02:11,845 INFO L272 TraceCheckUtils]: 89: Hoare triple {21658#false} call setEmailFrom(~msg#1, ~tmp~14#1); {21719#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:11,845 INFO L290 TraceCheckUtils]: 90: Hoare triple {21719#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21657#true} is VALID [2022-02-20 18:02:11,846 INFO L290 TraceCheckUtils]: 91: Hoare triple {21657#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21657#true} is VALID [2022-02-20 18:02:11,846 INFO L290 TraceCheckUtils]: 92: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,846 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {21657#true} {21658#false} #1072#return; {21658#false} is VALID [2022-02-20 18:02:11,846 INFO L290 TraceCheckUtils]: 94: Hoare triple {21658#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {21658#false} is VALID [2022-02-20 18:02:11,846 INFO L272 TraceCheckUtils]: 95: Hoare triple {21658#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {21657#true} is VALID [2022-02-20 18:02:11,846 INFO L290 TraceCheckUtils]: 96: Hoare triple {21657#true} ~handle := #in~handle;havoc ~retValue_acc~24; {21657#true} is VALID [2022-02-20 18:02:11,846 INFO L290 TraceCheckUtils]: 97: Hoare triple {21657#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {21657#true} is VALID [2022-02-20 18:02:11,846 INFO L290 TraceCheckUtils]: 98: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,846 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {21657#true} {21658#false} #1074#return; {21658#false} is VALID [2022-02-20 18:02:11,847 INFO L290 TraceCheckUtils]: 100: Hoare triple {21658#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {21658#false} is VALID [2022-02-20 18:02:11,847 INFO L272 TraceCheckUtils]: 101: Hoare triple {21658#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {21657#true} is VALID [2022-02-20 18:02:11,847 INFO L290 TraceCheckUtils]: 102: Hoare triple {21657#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {21657#true} is VALID [2022-02-20 18:02:11,847 INFO L290 TraceCheckUtils]: 103: Hoare triple {21657#true} assume true; {21657#true} is VALID [2022-02-20 18:02:11,847 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {21657#true} {21658#false} #1076#return; {21658#false} is VALID [2022-02-20 18:02:11,847 INFO L290 TraceCheckUtils]: 105: Hoare triple {21658#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {21658#false} is VALID [2022-02-20 18:02:11,847 INFO L290 TraceCheckUtils]: 106: Hoare triple {21658#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {21658#false} is VALID [2022-02-20 18:02:11,847 INFO L290 TraceCheckUtils]: 107: Hoare triple {21658#false} assume !false; {21658#false} is VALID [2022-02-20 18:02:11,848 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:02:11,848 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:11,848 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1140962646] [2022-02-20 18:02:11,848 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1140962646] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:11,848 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:11,848 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:11,849 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1176363136] [2022-02-20 18:02:11,849 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:11,849 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 108 [2022-02-20 18:02:11,849 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:11,850 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:11,909 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:11,910 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:11,910 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:11,910 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:11,910 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:11,910 INFO L87 Difference]: Start difference. First operand 408 states and 640 transitions. Second operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:17,877 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:17,877 INFO L93 Difference]: Finished difference Result 883 states and 1411 transitions. [2022-02-20 18:02:17,878 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:02:17,878 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 108 [2022-02-20 18:02:17,878 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:17,878 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:17,886 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1174 transitions. [2022-02-20 18:02:17,886 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:17,893 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1174 transitions. [2022-02-20 18:02:17,894 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1174 transitions. [2022-02-20 18:02:18,635 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1174 edges. 1174 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:18,649 INFO L225 Difference]: With dead ends: 883 [2022-02-20 18:02:18,649 INFO L226 Difference]: Without dead ends: 502 [2022-02-20 18:02:18,650 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:02:18,652 INFO L933 BasicCegarLoop]: 556 mSDtfsCounter, 1379 mSDsluCounter, 1302 mSDsCounter, 0 mSdLazyCounter, 3250 mSolverCounterSat, 451 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1379 SdHoareTripleChecker+Valid, 1858 SdHoareTripleChecker+Invalid, 3701 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 451 IncrementalHoareTripleChecker+Valid, 3250 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:18,652 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1379 Valid, 1858 Invalid, 3701 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [451 Valid, 3250 Invalid, 0 Unknown, 0 Unchecked, 2.7s Time] [2022-02-20 18:02:18,653 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 502 states. [2022-02-20 18:02:18,727 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 502 to 410. [2022-02-20 18:02:18,727 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:18,728 INFO L82 GeneralOperation]: Start isEquivalent. First operand 502 states. Second operand has 410 states, 322 states have (on average 1.5869565217391304) internal successors, (511), 328 states have internal predecessors, (511), 62 states have call successors, (62), 21 states have call predecessors, (62), 25 states have return successors, (73), 60 states have call predecessors, (73), 61 states have call successors, (73) [2022-02-20 18:02:18,729 INFO L74 IsIncluded]: Start isIncluded. First operand 502 states. Second operand has 410 states, 322 states have (on average 1.5869565217391304) internal successors, (511), 328 states have internal predecessors, (511), 62 states have call successors, (62), 21 states have call predecessors, (62), 25 states have return successors, (73), 60 states have call predecessors, (73), 61 states have call successors, (73) [2022-02-20 18:02:18,729 INFO L87 Difference]: Start difference. First operand 502 states. Second operand has 410 states, 322 states have (on average 1.5869565217391304) internal successors, (511), 328 states have internal predecessors, (511), 62 states have call successors, (62), 21 states have call predecessors, (62), 25 states have return successors, (73), 60 states have call predecessors, (73), 61 states have call successors, (73) [2022-02-20 18:02:18,743 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:18,744 INFO L93 Difference]: Finished difference Result 502 states and 807 transitions. [2022-02-20 18:02:18,744 INFO L276 IsEmpty]: Start isEmpty. Operand 502 states and 807 transitions. [2022-02-20 18:02:18,746 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:18,746 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:18,747 INFO L74 IsIncluded]: Start isIncluded. First operand has 410 states, 322 states have (on average 1.5869565217391304) internal successors, (511), 328 states have internal predecessors, (511), 62 states have call successors, (62), 21 states have call predecessors, (62), 25 states have return successors, (73), 60 states have call predecessors, (73), 61 states have call successors, (73) Second operand 502 states. [2022-02-20 18:02:18,747 INFO L87 Difference]: Start difference. First operand has 410 states, 322 states have (on average 1.5869565217391304) internal successors, (511), 328 states have internal predecessors, (511), 62 states have call successors, (62), 21 states have call predecessors, (62), 25 states have return successors, (73), 60 states have call predecessors, (73), 61 states have call successors, (73) Second operand 502 states. [2022-02-20 18:02:18,761 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:18,761 INFO L93 Difference]: Finished difference Result 502 states and 807 transitions. [2022-02-20 18:02:18,761 INFO L276 IsEmpty]: Start isEmpty. Operand 502 states and 807 transitions. [2022-02-20 18:02:18,763 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:18,763 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:18,763 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:18,763 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:18,764 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 410 states, 322 states have (on average 1.5869565217391304) internal successors, (511), 328 states have internal predecessors, (511), 62 states have call successors, (62), 21 states have call predecessors, (62), 25 states have return successors, (73), 60 states have call predecessors, (73), 61 states have call successors, (73) [2022-02-20 18:02:18,781 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 410 states to 410 states and 646 transitions. [2022-02-20 18:02:18,781 INFO L78 Accepts]: Start accepts. Automaton has 410 states and 646 transitions. Word has length 108 [2022-02-20 18:02:18,781 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:18,781 INFO L470 AbstractCegarLoop]: Abstraction has 410 states and 646 transitions. [2022-02-20 18:02:18,782 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:18,782 INFO L276 IsEmpty]: Start isEmpty. Operand 410 states and 646 transitions. [2022-02-20 18:02:18,785 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 18:02:18,785 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:18,785 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:18,785 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:02:18,785 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:18,786 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:18,786 INFO L85 PathProgramCache]: Analyzing trace with hash -365545368, now seen corresponding path program 1 times [2022-02-20 18:02:18,786 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:18,786 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1168372405] [2022-02-20 18:02:18,786 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:18,786 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:18,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:18,857 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,859 INFO L290 TraceCheckUtils]: 0: Hoare triple {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,859 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,859 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,859 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24536#true} {24536#true} #1094#return; {24536#true} is VALID [2022-02-20 18:02:18,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:18,896 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,899 INFO L290 TraceCheckUtils]: 0: Hoare triple {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,899 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,899 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,899 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24536#true} {24536#true} #1096#return; {24536#true} is VALID [2022-02-20 18:02:18,900 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:18,901 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,902 INFO L290 TraceCheckUtils]: 0: Hoare triple {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,902 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,902 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,902 INFO L290 TraceCheckUtils]: 3: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,903 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24536#true} {24536#true} #1098#return; {24536#true} is VALID [2022-02-20 18:02:18,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:18,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,905 INFO L290 TraceCheckUtils]: 0: Hoare triple {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,905 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,905 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,906 INFO L290 TraceCheckUtils]: 3: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,906 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24536#true} {24536#true} #1100#return; {24536#true} is VALID [2022-02-20 18:02:18,906 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:18,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume !(2 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,911 INFO L290 TraceCheckUtils]: 3: Hoare triple {24536#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,911 INFO L290 TraceCheckUtils]: 4: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,911 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24536#true} {24536#true} #1102#return; {24536#true} is VALID [2022-02-20 18:02:18,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:18,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,916 INFO L290 TraceCheckUtils]: 0: Hoare triple {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,917 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume !(2 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,917 INFO L290 TraceCheckUtils]: 3: Hoare triple {24536#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,917 INFO L290 TraceCheckUtils]: 4: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,917 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24536#true} {24536#true} #1104#return; {24536#true} is VALID [2022-02-20 18:02:18,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:18,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {24595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,926 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,926 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,926 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24536#true} {24537#false} #1066#return; {24537#false} is VALID [2022-02-20 18:02:18,931 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:02:18,932 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,933 INFO L290 TraceCheckUtils]: 0: Hoare triple {24596#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,934 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,934 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,934 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24536#true} {24537#false} #1068#return; {24537#false} is VALID [2022-02-20 18:02:18,934 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:02:18,935 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,936 INFO L290 TraceCheckUtils]: 0: Hoare triple {24536#true} ~handle := #in~handle;havoc ~retValue_acc~7; {24536#true} is VALID [2022-02-20 18:02:18,936 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {24536#true} is VALID [2022-02-20 18:02:18,936 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,936 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24536#true} {24537#false} #1048#return; {24537#false} is VALID [2022-02-20 18:02:18,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:02:18,937 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {24595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,943 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,943 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24536#true} {24537#false} #1072#return; {24537#false} is VALID [2022-02-20 18:02:18,943 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:18,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {24536#true} ~handle := #in~handle;havoc ~retValue_acc~24; {24536#true} is VALID [2022-02-20 18:02:18,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {24536#true} is VALID [2022-02-20 18:02:18,946 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,946 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24536#true} {24537#false} #1074#return; {24537#false} is VALID [2022-02-20 18:02:18,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:18,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:18,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {24536#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {24536#true} is VALID [2022-02-20 18:02:18,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,949 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24536#true} {24537#false} #1076#return; {24537#false} is VALID [2022-02-20 18:02:18,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {24536#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {24536#true} is VALID [2022-02-20 18:02:18,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {24536#true} is VALID [2022-02-20 18:02:18,949 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24536#true} is VALID [2022-02-20 18:02:18,949 INFO L290 TraceCheckUtils]: 3: Hoare triple {24536#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {24536#true} is VALID [2022-02-20 18:02:18,949 INFO L290 TraceCheckUtils]: 4: Hoare triple {24536#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {24536#true} is VALID [2022-02-20 18:02:18,950 INFO L290 TraceCheckUtils]: 5: Hoare triple {24536#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24536#true} is VALID [2022-02-20 18:02:18,950 INFO L272 TraceCheckUtils]: 6: Hoare triple {24536#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,950 INFO L290 TraceCheckUtils]: 7: Hoare triple {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,950 INFO L290 TraceCheckUtils]: 8: Hoare triple {24536#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,951 INFO L290 TraceCheckUtils]: 9: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,951 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24536#true} {24536#true} #1094#return; {24536#true} is VALID [2022-02-20 18:02:18,951 INFO L290 TraceCheckUtils]: 11: Hoare triple {24536#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:18,951 INFO L272 TraceCheckUtils]: 12: Hoare triple {24536#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:18,952 INFO L290 TraceCheckUtils]: 13: Hoare triple {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,952 INFO L290 TraceCheckUtils]: 14: Hoare triple {24536#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,952 INFO L290 TraceCheckUtils]: 15: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,952 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24536#true} {24536#true} #1096#return; {24536#true} is VALID [2022-02-20 18:02:18,952 INFO L290 TraceCheckUtils]: 17: Hoare triple {24536#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24536#true} is VALID [2022-02-20 18:02:18,953 INFO L272 TraceCheckUtils]: 18: Hoare triple {24536#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,953 INFO L290 TraceCheckUtils]: 19: Hoare triple {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,953 INFO L290 TraceCheckUtils]: 20: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,953 INFO L290 TraceCheckUtils]: 21: Hoare triple {24536#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,953 INFO L290 TraceCheckUtils]: 22: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,953 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24536#true} {24536#true} #1098#return; {24536#true} is VALID [2022-02-20 18:02:18,953 INFO L290 TraceCheckUtils]: 24: Hoare triple {24536#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:18,954 INFO L272 TraceCheckUtils]: 25: Hoare triple {24536#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:18,954 INFO L290 TraceCheckUtils]: 26: Hoare triple {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,954 INFO L290 TraceCheckUtils]: 27: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,954 INFO L290 TraceCheckUtils]: 28: Hoare triple {24536#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,954 INFO L290 TraceCheckUtils]: 29: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,955 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24536#true} {24536#true} #1100#return; {24536#true} is VALID [2022-02-20 18:02:18,955 INFO L290 TraceCheckUtils]: 31: Hoare triple {24536#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24536#true} is VALID [2022-02-20 18:02:18,955 INFO L272 TraceCheckUtils]: 32: Hoare triple {24536#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:18,955 INFO L290 TraceCheckUtils]: 33: Hoare triple {24593#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,956 INFO L290 TraceCheckUtils]: 34: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,956 INFO L290 TraceCheckUtils]: 35: Hoare triple {24536#true} assume !(2 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,956 INFO L290 TraceCheckUtils]: 36: Hoare triple {24536#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,956 INFO L290 TraceCheckUtils]: 37: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,956 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24536#true} {24536#true} #1102#return; {24536#true} is VALID [2022-02-20 18:02:18,956 INFO L290 TraceCheckUtils]: 39: Hoare triple {24536#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:18,957 INFO L272 TraceCheckUtils]: 40: Hoare triple {24536#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:18,957 INFO L290 TraceCheckUtils]: 41: Hoare triple {24594#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,957 INFO L290 TraceCheckUtils]: 42: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,957 INFO L290 TraceCheckUtils]: 43: Hoare triple {24536#true} assume !(2 == ~handle); {24536#true} is VALID [2022-02-20 18:02:18,957 INFO L290 TraceCheckUtils]: 44: Hoare triple {24536#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,958 INFO L290 TraceCheckUtils]: 45: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,958 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24536#true} {24536#true} #1104#return; {24536#true} is VALID [2022-02-20 18:02:18,958 INFO L290 TraceCheckUtils]: 47: Hoare triple {24536#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {24536#true} is VALID [2022-02-20 18:02:18,958 INFO L290 TraceCheckUtils]: 48: Hoare triple {24536#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:18,958 INFO L290 TraceCheckUtils]: 49: Hoare triple {24568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {24568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:18,959 INFO L290 TraceCheckUtils]: 50: Hoare triple {24568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {24568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:18,959 INFO L290 TraceCheckUtils]: 51: Hoare triple {24568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:18,960 INFO L290 TraceCheckUtils]: 52: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:18,960 INFO L290 TraceCheckUtils]: 53: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:18,960 INFO L290 TraceCheckUtils]: 54: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:18,960 INFO L290 TraceCheckUtils]: 55: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:18,961 INFO L290 TraceCheckUtils]: 56: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:18,961 INFO L290 TraceCheckUtils]: 57: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {24537#false} is VALID [2022-02-20 18:02:18,961 INFO L290 TraceCheckUtils]: 58: Hoare triple {24537#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {24537#false} is VALID [2022-02-20 18:02:18,961 INFO L272 TraceCheckUtils]: 59: Hoare triple {24537#false} call sendEmail(~bob~0, ~rjh~0); {24537#false} is VALID [2022-02-20 18:02:18,961 INFO L290 TraceCheckUtils]: 60: Hoare triple {24537#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24537#false} is VALID [2022-02-20 18:02:18,962 INFO L272 TraceCheckUtils]: 61: Hoare triple {24537#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:18,962 INFO L290 TraceCheckUtils]: 62: Hoare triple {24595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,962 INFO L290 TraceCheckUtils]: 63: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,962 INFO L290 TraceCheckUtils]: 64: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,962 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {24536#true} {24537#false} #1066#return; {24537#false} is VALID [2022-02-20 18:02:18,962 INFO L272 TraceCheckUtils]: 66: Hoare triple {24537#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24596#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:18,962 INFO L290 TraceCheckUtils]: 67: Hoare triple {24596#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,963 INFO L290 TraceCheckUtils]: 68: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,963 INFO L290 TraceCheckUtils]: 69: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,963 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {24536#true} {24537#false} #1068#return; {24537#false} is VALID [2022-02-20 18:02:18,963 INFO L290 TraceCheckUtils]: 71: Hoare triple {24537#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {24537#false} is VALID [2022-02-20 18:02:18,963 INFO L290 TraceCheckUtils]: 72: Hoare triple {24537#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {24537#false} is VALID [2022-02-20 18:02:18,963 INFO L272 TraceCheckUtils]: 73: Hoare triple {24537#false} call outgoing(~sender#1, ~email~0#1); {24537#false} is VALID [2022-02-20 18:02:18,963 INFO L290 TraceCheckUtils]: 74: Hoare triple {24537#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {24537#false} is VALID [2022-02-20 18:02:18,964 INFO L290 TraceCheckUtils]: 75: Hoare triple {24537#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {24537#false} is VALID [2022-02-20 18:02:18,964 INFO L290 TraceCheckUtils]: 76: Hoare triple {24537#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {24537#false} is VALID [2022-02-20 18:02:18,964 INFO L290 TraceCheckUtils]: 77: Hoare triple {24537#false} assume 0 == sign_~privkey~0#1; {24537#false} is VALID [2022-02-20 18:02:18,964 INFO L290 TraceCheckUtils]: 78: Hoare triple {24537#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {24537#false} is VALID [2022-02-20 18:02:18,964 INFO L272 TraceCheckUtils]: 79: Hoare triple {24537#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {24536#true} is VALID [2022-02-20 18:02:18,964 INFO L290 TraceCheckUtils]: 80: Hoare triple {24536#true} ~handle := #in~handle;havoc ~retValue_acc~7; {24536#true} is VALID [2022-02-20 18:02:18,964 INFO L290 TraceCheckUtils]: 81: Hoare triple {24536#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {24536#true} is VALID [2022-02-20 18:02:18,965 INFO L290 TraceCheckUtils]: 82: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,965 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {24536#true} {24537#false} #1048#return; {24537#false} is VALID [2022-02-20 18:02:18,965 INFO L290 TraceCheckUtils]: 84: Hoare triple {24537#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {24537#false} is VALID [2022-02-20 18:02:18,965 INFO L290 TraceCheckUtils]: 85: Hoare triple {24537#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {24537#false} is VALID [2022-02-20 18:02:18,965 INFO L272 TraceCheckUtils]: 86: Hoare triple {24537#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {24537#false} is VALID [2022-02-20 18:02:18,965 INFO L290 TraceCheckUtils]: 87: Hoare triple {24537#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {24537#false} is VALID [2022-02-20 18:02:18,965 INFO L290 TraceCheckUtils]: 88: Hoare triple {24537#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {24537#false} is VALID [2022-02-20 18:02:18,965 INFO L290 TraceCheckUtils]: 89: Hoare triple {24537#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {24537#false} is VALID [2022-02-20 18:02:18,966 INFO L272 TraceCheckUtils]: 90: Hoare triple {24537#false} call setEmailFrom(~msg#1, ~tmp~14#1); {24595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:18,966 INFO L290 TraceCheckUtils]: 91: Hoare triple {24595#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:18,966 INFO L290 TraceCheckUtils]: 92: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:18,966 INFO L290 TraceCheckUtils]: 93: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,966 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {24536#true} {24537#false} #1072#return; {24537#false} is VALID [2022-02-20 18:02:18,966 INFO L290 TraceCheckUtils]: 95: Hoare triple {24537#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {24537#false} is VALID [2022-02-20 18:02:18,966 INFO L272 TraceCheckUtils]: 96: Hoare triple {24537#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {24536#true} is VALID [2022-02-20 18:02:18,967 INFO L290 TraceCheckUtils]: 97: Hoare triple {24536#true} ~handle := #in~handle;havoc ~retValue_acc~24; {24536#true} is VALID [2022-02-20 18:02:18,967 INFO L290 TraceCheckUtils]: 98: Hoare triple {24536#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {24536#true} is VALID [2022-02-20 18:02:18,967 INFO L290 TraceCheckUtils]: 99: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,967 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {24536#true} {24537#false} #1074#return; {24537#false} is VALID [2022-02-20 18:02:18,967 INFO L290 TraceCheckUtils]: 101: Hoare triple {24537#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {24537#false} is VALID [2022-02-20 18:02:18,967 INFO L272 TraceCheckUtils]: 102: Hoare triple {24537#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {24536#true} is VALID [2022-02-20 18:02:18,967 INFO L290 TraceCheckUtils]: 103: Hoare triple {24536#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {24536#true} is VALID [2022-02-20 18:02:18,968 INFO L290 TraceCheckUtils]: 104: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:18,968 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {24536#true} {24537#false} #1076#return; {24537#false} is VALID [2022-02-20 18:02:18,968 INFO L290 TraceCheckUtils]: 106: Hoare triple {24537#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {24537#false} is VALID [2022-02-20 18:02:18,968 INFO L290 TraceCheckUtils]: 107: Hoare triple {24537#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {24537#false} is VALID [2022-02-20 18:02:18,968 INFO L290 TraceCheckUtils]: 108: Hoare triple {24537#false} assume !false; {24537#false} is VALID [2022-02-20 18:02:18,968 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:18,969 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:18,969 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1168372405] [2022-02-20 18:02:18,969 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1168372405] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:18,969 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [250712135] [2022-02-20 18:02:18,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:18,969 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:18,970 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:18,984 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:19,001 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:02:19,194 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:19,198 INFO L263 TraceCheckSpWp]: Trace formula consists of 1017 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:02:19,246 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:19,248 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:19,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {24536#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {24536#true} is VALID [2022-02-20 18:02:19,393 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {24536#true} is VALID [2022-02-20 18:02:19,393 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L290 TraceCheckUtils]: 3: Hoare triple {24536#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L290 TraceCheckUtils]: 4: Hoare triple {24536#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L290 TraceCheckUtils]: 5: Hoare triple {24536#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L272 TraceCheckUtils]: 6: Hoare triple {24536#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L290 TraceCheckUtils]: 7: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L290 TraceCheckUtils]: 8: Hoare triple {24536#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L290 TraceCheckUtils]: 9: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24536#true} {24536#true} #1094#return; {24536#true} is VALID [2022-02-20 18:02:19,394 INFO L290 TraceCheckUtils]: 11: Hoare triple {24536#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L272 TraceCheckUtils]: 12: Hoare triple {24536#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 13: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 14: Hoare triple {24536#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 15: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24536#true} {24536#true} #1096#return; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 17: Hoare triple {24536#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L272 TraceCheckUtils]: 18: Hoare triple {24536#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 19: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 20: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 21: Hoare triple {24536#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 22: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24536#true} {24536#true} #1098#return; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L290 TraceCheckUtils]: 24: Hoare triple {24536#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:19,395 INFO L272 TraceCheckUtils]: 25: Hoare triple {24536#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24536#true} is VALID [2022-02-20 18:02:19,396 INFO L290 TraceCheckUtils]: 26: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,396 INFO L290 TraceCheckUtils]: 27: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,396 INFO L290 TraceCheckUtils]: 28: Hoare triple {24536#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,407 INFO L290 TraceCheckUtils]: 29: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24536#true} {24536#true} #1100#return; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 31: Hoare triple {24536#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L272 TraceCheckUtils]: 32: Hoare triple {24536#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 33: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 34: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 35: Hoare triple {24536#true} assume !(2 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 36: Hoare triple {24536#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 37: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24536#true} {24536#true} #1102#return; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 39: Hoare triple {24536#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L272 TraceCheckUtils]: 40: Hoare triple {24536#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 41: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,408 INFO L290 TraceCheckUtils]: 42: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,409 INFO L290 TraceCheckUtils]: 43: Hoare triple {24536#true} assume !(2 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,409 INFO L290 TraceCheckUtils]: 44: Hoare triple {24536#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,409 INFO L290 TraceCheckUtils]: 45: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,409 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24536#true} {24536#true} #1104#return; {24536#true} is VALID [2022-02-20 18:02:19,409 INFO L290 TraceCheckUtils]: 47: Hoare triple {24536#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {24536#true} is VALID [2022-02-20 18:02:19,410 INFO L290 TraceCheckUtils]: 48: Hoare triple {24536#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24744#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:19,410 INFO L290 TraceCheckUtils]: 49: Hoare triple {24744#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {24744#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:19,410 INFO L290 TraceCheckUtils]: 50: Hoare triple {24744#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {24744#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:19,410 INFO L290 TraceCheckUtils]: 51: Hoare triple {24744#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:19,411 INFO L290 TraceCheckUtils]: 52: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:19,411 INFO L290 TraceCheckUtils]: 53: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:19,411 INFO L290 TraceCheckUtils]: 54: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:19,412 INFO L290 TraceCheckUtils]: 55: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:19,412 INFO L290 TraceCheckUtils]: 56: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:19,412 INFO L290 TraceCheckUtils]: 57: Hoare triple {24569#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {24537#false} is VALID [2022-02-20 18:02:19,412 INFO L290 TraceCheckUtils]: 58: Hoare triple {24537#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {24537#false} is VALID [2022-02-20 18:02:19,412 INFO L272 TraceCheckUtils]: 59: Hoare triple {24537#false} call sendEmail(~bob~0, ~rjh~0); {24537#false} is VALID [2022-02-20 18:02:19,413 INFO L290 TraceCheckUtils]: 60: Hoare triple {24537#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24537#false} is VALID [2022-02-20 18:02:19,413 INFO L272 TraceCheckUtils]: 61: Hoare triple {24537#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24537#false} is VALID [2022-02-20 18:02:19,413 INFO L290 TraceCheckUtils]: 62: Hoare triple {24537#false} ~handle := #in~handle;~value := #in~value; {24537#false} is VALID [2022-02-20 18:02:19,413 INFO L290 TraceCheckUtils]: 63: Hoare triple {24537#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24537#false} is VALID [2022-02-20 18:02:19,413 INFO L290 TraceCheckUtils]: 64: Hoare triple {24537#false} assume true; {24537#false} is VALID [2022-02-20 18:02:19,413 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {24537#false} {24537#false} #1066#return; {24537#false} is VALID [2022-02-20 18:02:19,413 INFO L272 TraceCheckUtils]: 66: Hoare triple {24537#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24537#false} is VALID [2022-02-20 18:02:19,413 INFO L290 TraceCheckUtils]: 67: Hoare triple {24537#false} ~handle := #in~handle;~value := #in~value; {24537#false} is VALID [2022-02-20 18:02:19,414 INFO L290 TraceCheckUtils]: 68: Hoare triple {24537#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24537#false} is VALID [2022-02-20 18:02:19,414 INFO L290 TraceCheckUtils]: 69: Hoare triple {24537#false} assume true; {24537#false} is VALID [2022-02-20 18:02:19,414 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {24537#false} {24537#false} #1068#return; {24537#false} is VALID [2022-02-20 18:02:19,414 INFO L290 TraceCheckUtils]: 71: Hoare triple {24537#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {24537#false} is VALID [2022-02-20 18:02:19,414 INFO L290 TraceCheckUtils]: 72: Hoare triple {24537#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {24537#false} is VALID [2022-02-20 18:02:19,414 INFO L272 TraceCheckUtils]: 73: Hoare triple {24537#false} call outgoing(~sender#1, ~email~0#1); {24537#false} is VALID [2022-02-20 18:02:19,414 INFO L290 TraceCheckUtils]: 74: Hoare triple {24537#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {24537#false} is VALID [2022-02-20 18:02:19,415 INFO L290 TraceCheckUtils]: 75: Hoare triple {24537#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {24537#false} is VALID [2022-02-20 18:02:19,415 INFO L290 TraceCheckUtils]: 76: Hoare triple {24537#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {24537#false} is VALID [2022-02-20 18:02:19,415 INFO L290 TraceCheckUtils]: 77: Hoare triple {24537#false} assume 0 == sign_~privkey~0#1; {24537#false} is VALID [2022-02-20 18:02:19,415 INFO L290 TraceCheckUtils]: 78: Hoare triple {24537#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {24537#false} is VALID [2022-02-20 18:02:19,415 INFO L272 TraceCheckUtils]: 79: Hoare triple {24537#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {24537#false} is VALID [2022-02-20 18:02:19,415 INFO L290 TraceCheckUtils]: 80: Hoare triple {24537#false} ~handle := #in~handle;havoc ~retValue_acc~7; {24537#false} is VALID [2022-02-20 18:02:19,415 INFO L290 TraceCheckUtils]: 81: Hoare triple {24537#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {24537#false} is VALID [2022-02-20 18:02:19,415 INFO L290 TraceCheckUtils]: 82: Hoare triple {24537#false} assume true; {24537#false} is VALID [2022-02-20 18:02:19,416 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {24537#false} {24537#false} #1048#return; {24537#false} is VALID [2022-02-20 18:02:19,416 INFO L290 TraceCheckUtils]: 84: Hoare triple {24537#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {24537#false} is VALID [2022-02-20 18:02:19,416 INFO L290 TraceCheckUtils]: 85: Hoare triple {24537#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {24537#false} is VALID [2022-02-20 18:02:19,416 INFO L272 TraceCheckUtils]: 86: Hoare triple {24537#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {24537#false} is VALID [2022-02-20 18:02:19,416 INFO L290 TraceCheckUtils]: 87: Hoare triple {24537#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {24537#false} is VALID [2022-02-20 18:02:19,416 INFO L290 TraceCheckUtils]: 88: Hoare triple {24537#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {24537#false} is VALID [2022-02-20 18:02:19,416 INFO L290 TraceCheckUtils]: 89: Hoare triple {24537#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {24537#false} is VALID [2022-02-20 18:02:19,417 INFO L272 TraceCheckUtils]: 90: Hoare triple {24537#false} call setEmailFrom(~msg#1, ~tmp~14#1); {24537#false} is VALID [2022-02-20 18:02:19,417 INFO L290 TraceCheckUtils]: 91: Hoare triple {24537#false} ~handle := #in~handle;~value := #in~value; {24537#false} is VALID [2022-02-20 18:02:19,417 INFO L290 TraceCheckUtils]: 92: Hoare triple {24537#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24537#false} is VALID [2022-02-20 18:02:19,417 INFO L290 TraceCheckUtils]: 93: Hoare triple {24537#false} assume true; {24537#false} is VALID [2022-02-20 18:02:19,417 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {24537#false} {24537#false} #1072#return; {24537#false} is VALID [2022-02-20 18:02:19,417 INFO L290 TraceCheckUtils]: 95: Hoare triple {24537#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {24537#false} is VALID [2022-02-20 18:02:19,417 INFO L272 TraceCheckUtils]: 96: Hoare triple {24537#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {24537#false} is VALID [2022-02-20 18:02:19,417 INFO L290 TraceCheckUtils]: 97: Hoare triple {24537#false} ~handle := #in~handle;havoc ~retValue_acc~24; {24537#false} is VALID [2022-02-20 18:02:19,418 INFO L290 TraceCheckUtils]: 98: Hoare triple {24537#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {24537#false} is VALID [2022-02-20 18:02:19,418 INFO L290 TraceCheckUtils]: 99: Hoare triple {24537#false} assume true; {24537#false} is VALID [2022-02-20 18:02:19,418 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {24537#false} {24537#false} #1074#return; {24537#false} is VALID [2022-02-20 18:02:19,418 INFO L290 TraceCheckUtils]: 101: Hoare triple {24537#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {24537#false} is VALID [2022-02-20 18:02:19,418 INFO L272 TraceCheckUtils]: 102: Hoare triple {24537#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {24537#false} is VALID [2022-02-20 18:02:19,418 INFO L290 TraceCheckUtils]: 103: Hoare triple {24537#false} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {24537#false} is VALID [2022-02-20 18:02:19,418 INFO L290 TraceCheckUtils]: 104: Hoare triple {24537#false} assume true; {24537#false} is VALID [2022-02-20 18:02:19,419 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {24537#false} {24537#false} #1076#return; {24537#false} is VALID [2022-02-20 18:02:19,419 INFO L290 TraceCheckUtils]: 106: Hoare triple {24537#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {24537#false} is VALID [2022-02-20 18:02:19,419 INFO L290 TraceCheckUtils]: 107: Hoare triple {24537#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {24537#false} is VALID [2022-02-20 18:02:19,419 INFO L290 TraceCheckUtils]: 108: Hoare triple {24537#false} assume !false; {24537#false} is VALID [2022-02-20 18:02:19,419 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:19,419 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:02:19,668 INFO L290 TraceCheckUtils]: 108: Hoare triple {24537#false} assume !false; {24537#false} is VALID [2022-02-20 18:02:19,669 INFO L290 TraceCheckUtils]: 107: Hoare triple {24537#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {24537#false} is VALID [2022-02-20 18:02:19,669 INFO L290 TraceCheckUtils]: 106: Hoare triple {24537#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {24537#false} is VALID [2022-02-20 18:02:19,669 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {24536#true} {24537#false} #1076#return; {24537#false} is VALID [2022-02-20 18:02:19,669 INFO L290 TraceCheckUtils]: 104: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,669 INFO L290 TraceCheckUtils]: 103: Hoare triple {24536#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {24536#true} is VALID [2022-02-20 18:02:19,669 INFO L272 TraceCheckUtils]: 102: Hoare triple {24537#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {24536#true} is VALID [2022-02-20 18:02:19,670 INFO L290 TraceCheckUtils]: 101: Hoare triple {24537#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {24537#false} is VALID [2022-02-20 18:02:19,670 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {24536#true} {24537#false} #1074#return; {24537#false} is VALID [2022-02-20 18:02:19,670 INFO L290 TraceCheckUtils]: 99: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,670 INFO L290 TraceCheckUtils]: 98: Hoare triple {24536#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {24536#true} is VALID [2022-02-20 18:02:19,670 INFO L290 TraceCheckUtils]: 97: Hoare triple {24536#true} ~handle := #in~handle;havoc ~retValue_acc~24; {24536#true} is VALID [2022-02-20 18:02:19,670 INFO L272 TraceCheckUtils]: 96: Hoare triple {24537#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {24536#true} is VALID [2022-02-20 18:02:19,670 INFO L290 TraceCheckUtils]: 95: Hoare triple {24537#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {24537#false} is VALID [2022-02-20 18:02:19,670 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {24536#true} {24537#false} #1072#return; {24537#false} is VALID [2022-02-20 18:02:19,671 INFO L290 TraceCheckUtils]: 93: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,671 INFO L290 TraceCheckUtils]: 92: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,671 INFO L290 TraceCheckUtils]: 91: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,671 INFO L272 TraceCheckUtils]: 90: Hoare triple {24537#false} call setEmailFrom(~msg#1, ~tmp~14#1); {24536#true} is VALID [2022-02-20 18:02:19,671 INFO L290 TraceCheckUtils]: 89: Hoare triple {24537#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {24537#false} is VALID [2022-02-20 18:02:19,671 INFO L290 TraceCheckUtils]: 88: Hoare triple {24537#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {24537#false} is VALID [2022-02-20 18:02:19,671 INFO L290 TraceCheckUtils]: 87: Hoare triple {24537#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {24537#false} is VALID [2022-02-20 18:02:19,671 INFO L272 TraceCheckUtils]: 86: Hoare triple {24537#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {24537#false} is VALID [2022-02-20 18:02:19,671 INFO L290 TraceCheckUtils]: 85: Hoare triple {24537#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {24537#false} is VALID [2022-02-20 18:02:19,672 INFO L290 TraceCheckUtils]: 84: Hoare triple {24537#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {24537#false} is VALID [2022-02-20 18:02:19,672 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {24536#true} {24537#false} #1048#return; {24537#false} is VALID [2022-02-20 18:02:19,672 INFO L290 TraceCheckUtils]: 82: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,672 INFO L290 TraceCheckUtils]: 81: Hoare triple {24536#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {24536#true} is VALID [2022-02-20 18:02:19,672 INFO L290 TraceCheckUtils]: 80: Hoare triple {24536#true} ~handle := #in~handle;havoc ~retValue_acc~7; {24536#true} is VALID [2022-02-20 18:02:19,672 INFO L272 TraceCheckUtils]: 79: Hoare triple {24537#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {24536#true} is VALID [2022-02-20 18:02:19,672 INFO L290 TraceCheckUtils]: 78: Hoare triple {24537#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {24537#false} is VALID [2022-02-20 18:02:19,672 INFO L290 TraceCheckUtils]: 77: Hoare triple {24537#false} assume 0 == sign_~privkey~0#1; {24537#false} is VALID [2022-02-20 18:02:19,675 INFO L290 TraceCheckUtils]: 76: Hoare triple {24537#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {24537#false} is VALID [2022-02-20 18:02:19,677 INFO L290 TraceCheckUtils]: 75: Hoare triple {24537#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {24537#false} is VALID [2022-02-20 18:02:19,678 INFO L290 TraceCheckUtils]: 74: Hoare triple {24537#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {24537#false} is VALID [2022-02-20 18:02:19,678 INFO L272 TraceCheckUtils]: 73: Hoare triple {24537#false} call outgoing(~sender#1, ~email~0#1); {24537#false} is VALID [2022-02-20 18:02:19,678 INFO L290 TraceCheckUtils]: 72: Hoare triple {24537#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {24537#false} is VALID [2022-02-20 18:02:19,678 INFO L290 TraceCheckUtils]: 71: Hoare triple {24537#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {24537#false} is VALID [2022-02-20 18:02:19,679 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {24536#true} {24537#false} #1068#return; {24537#false} is VALID [2022-02-20 18:02:19,679 INFO L290 TraceCheckUtils]: 69: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,679 INFO L290 TraceCheckUtils]: 68: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,679 INFO L290 TraceCheckUtils]: 67: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,680 INFO L272 TraceCheckUtils]: 66: Hoare triple {24537#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24536#true} is VALID [2022-02-20 18:02:19,680 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {24536#true} {24537#false} #1066#return; {24537#false} is VALID [2022-02-20 18:02:19,680 INFO L290 TraceCheckUtils]: 64: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,680 INFO L290 TraceCheckUtils]: 63: Hoare triple {24536#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,680 INFO L290 TraceCheckUtils]: 62: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,680 INFO L272 TraceCheckUtils]: 61: Hoare triple {24537#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24536#true} is VALID [2022-02-20 18:02:19,680 INFO L290 TraceCheckUtils]: 60: Hoare triple {24537#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24537#false} is VALID [2022-02-20 18:02:19,680 INFO L272 TraceCheckUtils]: 59: Hoare triple {24537#false} call sendEmail(~bob~0, ~rjh~0); {24537#false} is VALID [2022-02-20 18:02:19,680 INFO L290 TraceCheckUtils]: 58: Hoare triple {24537#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {24537#false} is VALID [2022-02-20 18:02:19,681 INFO L290 TraceCheckUtils]: 57: Hoare triple {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {24537#false} is VALID [2022-02-20 18:02:19,681 INFO L290 TraceCheckUtils]: 56: Hoare triple {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:19,681 INFO L290 TraceCheckUtils]: 55: Hoare triple {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:19,682 INFO L290 TraceCheckUtils]: 54: Hoare triple {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:19,682 INFO L290 TraceCheckUtils]: 53: Hoare triple {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:19,682 INFO L290 TraceCheckUtils]: 52: Hoare triple {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:19,683 INFO L290 TraceCheckUtils]: 51: Hoare triple {25097#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25078#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:19,683 INFO L290 TraceCheckUtils]: 50: Hoare triple {25097#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {25097#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:19,683 INFO L290 TraceCheckUtils]: 49: Hoare triple {25097#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {25097#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:19,684 INFO L290 TraceCheckUtils]: 48: Hoare triple {24536#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25097#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:19,684 INFO L290 TraceCheckUtils]: 47: Hoare triple {24536#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {24536#true} is VALID [2022-02-20 18:02:19,684 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24536#true} {24536#true} #1104#return; {24536#true} is VALID [2022-02-20 18:02:19,684 INFO L290 TraceCheckUtils]: 45: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,684 INFO L290 TraceCheckUtils]: 44: Hoare triple {24536#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,684 INFO L290 TraceCheckUtils]: 43: Hoare triple {24536#true} assume !(2 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,684 INFO L290 TraceCheckUtils]: 42: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,684 INFO L290 TraceCheckUtils]: 41: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,684 INFO L272 TraceCheckUtils]: 40: Hoare triple {24536#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24536#true} is VALID [2022-02-20 18:02:19,685 INFO L290 TraceCheckUtils]: 39: Hoare triple {24536#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:19,685 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24536#true} {24536#true} #1102#return; {24536#true} is VALID [2022-02-20 18:02:19,685 INFO L290 TraceCheckUtils]: 37: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,685 INFO L290 TraceCheckUtils]: 36: Hoare triple {24536#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,685 INFO L290 TraceCheckUtils]: 35: Hoare triple {24536#true} assume !(2 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,685 INFO L290 TraceCheckUtils]: 34: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,685 INFO L290 TraceCheckUtils]: 33: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,685 INFO L272 TraceCheckUtils]: 32: Hoare triple {24536#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L290 TraceCheckUtils]: 31: Hoare triple {24536#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24536#true} {24536#true} #1100#return; {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L290 TraceCheckUtils]: 29: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L290 TraceCheckUtils]: 28: Hoare triple {24536#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L290 TraceCheckUtils]: 27: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L290 TraceCheckUtils]: 26: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L272 TraceCheckUtils]: 25: Hoare triple {24536#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L290 TraceCheckUtils]: 24: Hoare triple {24536#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:19,686 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24536#true} {24536#true} #1098#return; {24536#true} is VALID [2022-02-20 18:02:19,687 INFO L290 TraceCheckUtils]: 22: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,687 INFO L290 TraceCheckUtils]: 21: Hoare triple {24536#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,687 INFO L290 TraceCheckUtils]: 20: Hoare triple {24536#true} assume !(1 == ~handle); {24536#true} is VALID [2022-02-20 18:02:19,687 INFO L290 TraceCheckUtils]: 19: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,687 INFO L272 TraceCheckUtils]: 18: Hoare triple {24536#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24536#true} is VALID [2022-02-20 18:02:19,687 INFO L290 TraceCheckUtils]: 17: Hoare triple {24536#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24536#true} is VALID [2022-02-20 18:02:19,687 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24536#true} {24536#true} #1096#return; {24536#true} is VALID [2022-02-20 18:02:19,688 INFO L290 TraceCheckUtils]: 15: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,688 INFO L290 TraceCheckUtils]: 14: Hoare triple {24536#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,688 INFO L290 TraceCheckUtils]: 13: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,688 INFO L272 TraceCheckUtils]: 12: Hoare triple {24536#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24536#true} is VALID [2022-02-20 18:02:19,688 INFO L290 TraceCheckUtils]: 11: Hoare triple {24536#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24536#true} is VALID [2022-02-20 18:02:19,688 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24536#true} {24536#true} #1094#return; {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L290 TraceCheckUtils]: 9: Hoare triple {24536#true} assume true; {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L290 TraceCheckUtils]: 8: Hoare triple {24536#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L290 TraceCheckUtils]: 7: Hoare triple {24536#true} ~handle := #in~handle;~value := #in~value; {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L272 TraceCheckUtils]: 6: Hoare triple {24536#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L290 TraceCheckUtils]: 5: Hoare triple {24536#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L290 TraceCheckUtils]: 4: Hoare triple {24536#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L290 TraceCheckUtils]: 3: Hoare triple {24536#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L290 TraceCheckUtils]: 2: Hoare triple {24536#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24536#true} is VALID [2022-02-20 18:02:19,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {24536#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {24536#true} is VALID [2022-02-20 18:02:19,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {24536#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {24536#true} is VALID [2022-02-20 18:02:19,690 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:19,690 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [250712135] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:02:19,690 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:02:19,690 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 4, 4] total 11 [2022-02-20 18:02:19,691 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1819673029] [2022-02-20 18:02:19,691 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:02:19,691 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 109 [2022-02-20 18:02:19,986 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:19,986 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:02:20,063 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 149 edges. 149 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:20,063 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:02:20,063 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:20,064 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:02:20,064 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=29, Invalid=81, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:02:20,065 INFO L87 Difference]: Start difference. First operand 410 states and 646 transitions. Second operand has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:02:26,636 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:26,636 INFO L93 Difference]: Finished difference Result 1070 states and 1780 transitions. [2022-02-20 18:02:26,636 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:02:26,637 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 109 [2022-02-20 18:02:26,637 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:26,637 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:02:26,648 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1415 transitions. [2022-02-20 18:02:26,649 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:02:26,661 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1415 transitions. [2022-02-20 18:02:26,661 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1415 transitions. [2022-02-20 18:02:27,451 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1415 edges. 1415 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:27,491 INFO L225 Difference]: With dead ends: 1070 [2022-02-20 18:02:27,491 INFO L226 Difference]: Without dead ends: 919 [2022-02-20 18:02:27,492 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 254 GetRequests, 239 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 35 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=66, Invalid=206, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:27,492 INFO L933 BasicCegarLoop]: 676 mSDtfsCounter, 1503 mSDsluCounter, 1553 mSDsCounter, 0 mSdLazyCounter, 2750 mSolverCounterSat, 552 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1557 SdHoareTripleChecker+Valid, 2229 SdHoareTripleChecker+Invalid, 3302 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 552 IncrementalHoareTripleChecker+Valid, 2750 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:27,493 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1557 Valid, 2229 Invalid, 3302 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [552 Valid, 2750 Invalid, 0 Unknown, 0 Unchecked, 2.8s Time] [2022-02-20 18:02:27,494 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 919 states. [2022-02-20 18:02:27,809 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 919 to 803. [2022-02-20 18:02:27,809 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:27,811 INFO L82 GeneralOperation]: Start isEquivalent. First operand 919 states. Second operand has 803 states, 636 states have (on average 1.6415094339622642) internal successors, (1044), 642 states have internal predecessors, (1044), 141 states have call successors, (141), 21 states have call predecessors, (141), 25 states have return successors, (162), 139 states have call predecessors, (162), 140 states have call successors, (162) [2022-02-20 18:02:27,812 INFO L74 IsIncluded]: Start isIncluded. First operand 919 states. Second operand has 803 states, 636 states have (on average 1.6415094339622642) internal successors, (1044), 642 states have internal predecessors, (1044), 141 states have call successors, (141), 21 states have call predecessors, (141), 25 states have return successors, (162), 139 states have call predecessors, (162), 140 states have call successors, (162) [2022-02-20 18:02:27,813 INFO L87 Difference]: Start difference. First operand 919 states. Second operand has 803 states, 636 states have (on average 1.6415094339622642) internal successors, (1044), 642 states have internal predecessors, (1044), 141 states have call successors, (141), 21 states have call predecessors, (141), 25 states have return successors, (162), 139 states have call predecessors, (162), 140 states have call successors, (162) [2022-02-20 18:02:27,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:27,849 INFO L93 Difference]: Finished difference Result 919 states and 1559 transitions. [2022-02-20 18:02:27,850 INFO L276 IsEmpty]: Start isEmpty. Operand 919 states and 1559 transitions. [2022-02-20 18:02:27,852 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:27,853 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:27,854 INFO L74 IsIncluded]: Start isIncluded. First operand has 803 states, 636 states have (on average 1.6415094339622642) internal successors, (1044), 642 states have internal predecessors, (1044), 141 states have call successors, (141), 21 states have call predecessors, (141), 25 states have return successors, (162), 139 states have call predecessors, (162), 140 states have call successors, (162) Second operand 919 states. [2022-02-20 18:02:27,855 INFO L87 Difference]: Start difference. First operand has 803 states, 636 states have (on average 1.6415094339622642) internal successors, (1044), 642 states have internal predecessors, (1044), 141 states have call successors, (141), 21 states have call predecessors, (141), 25 states have return successors, (162), 139 states have call predecessors, (162), 140 states have call successors, (162) Second operand 919 states. [2022-02-20 18:02:27,889 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:27,890 INFO L93 Difference]: Finished difference Result 919 states and 1559 transitions. [2022-02-20 18:02:27,890 INFO L276 IsEmpty]: Start isEmpty. Operand 919 states and 1559 transitions. [2022-02-20 18:02:27,893 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:27,893 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:27,893 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:27,893 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:27,895 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 803 states, 636 states have (on average 1.6415094339622642) internal successors, (1044), 642 states have internal predecessors, (1044), 141 states have call successors, (141), 21 states have call predecessors, (141), 25 states have return successors, (162), 139 states have call predecessors, (162), 140 states have call successors, (162) [2022-02-20 18:02:27,928 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 803 states to 803 states and 1347 transitions. [2022-02-20 18:02:27,928 INFO L78 Accepts]: Start accepts. Automaton has 803 states and 1347 transitions. Word has length 109 [2022-02-20 18:02:27,929 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:27,929 INFO L470 AbstractCegarLoop]: Abstraction has 803 states and 1347 transitions. [2022-02-20 18:02:27,929 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:02:27,929 INFO L276 IsEmpty]: Start isEmpty. Operand 803 states and 1347 transitions. [2022-02-20 18:02:27,931 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 116 [2022-02-20 18:02:27,931 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:27,932 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:27,950 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:28,153 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:28,153 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:28,153 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:28,154 INFO L85 PathProgramCache]: Analyzing trace with hash -1387538683, now seen corresponding path program 1 times [2022-02-20 18:02:28,154 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:28,154 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [797368276] [2022-02-20 18:02:28,154 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:28,154 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:28,181 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:28,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,230 INFO L290 TraceCheckUtils]: 0: Hoare triple {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,230 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,230 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29752#true} {29752#true} #1094#return; {29752#true} is VALID [2022-02-20 18:02:28,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:28,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,238 INFO L290 TraceCheckUtils]: 0: Hoare triple {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,238 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,238 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,238 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29752#true} {29752#true} #1096#return; {29752#true} is VALID [2022-02-20 18:02:28,239 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:28,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,241 INFO L290 TraceCheckUtils]: 0: Hoare triple {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,241 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume !(1 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,241 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,242 INFO L290 TraceCheckUtils]: 3: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,242 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29752#true} {29752#true} #1098#return; {29752#true} is VALID [2022-02-20 18:02:28,242 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:28,243 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,255 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume !(1 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,255 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,255 INFO L290 TraceCheckUtils]: 3: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,255 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {29752#true} {29752#true} #1100#return; {29752#true} is VALID [2022-02-20 18:02:28,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:28,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume !(1 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume !(2 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,260 INFO L290 TraceCheckUtils]: 3: Hoare triple {29752#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,260 INFO L290 TraceCheckUtils]: 4: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,260 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29752#true} {29752#true} #1102#return; {29752#true} is VALID [2022-02-20 18:02:28,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:28,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,264 INFO L290 TraceCheckUtils]: 0: Hoare triple {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,264 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume !(1 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,264 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume !(2 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,264 INFO L290 TraceCheckUtils]: 3: Hoare triple {29752#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,264 INFO L290 TraceCheckUtils]: 4: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,265 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {29752#true} {29752#true} #1104#return; {29752#true} is VALID [2022-02-20 18:02:28,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:02:28,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {29810#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,288 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,288 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,288 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29752#true} {29753#false} #1066#return; {29753#false} is VALID [2022-02-20 18:02:28,293 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:02:28,294 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {29811#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,296 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29752#true} {29753#false} #1068#return; {29753#false} is VALID [2022-02-20 18:02:28,296 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:02:28,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {29752#true} ~handle := #in~handle;havoc ~retValue_acc~7; {29752#true} is VALID [2022-02-20 18:02:28,298 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {29752#true} is VALID [2022-02-20 18:02:28,298 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,298 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29752#true} {29753#false} #1048#return; {29753#false} is VALID [2022-02-20 18:02:28,299 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:28,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {29810#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,301 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,301 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29752#true} {29753#false} #1072#return; {29753#false} is VALID [2022-02-20 18:02:28,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:28,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,304 INFO L290 TraceCheckUtils]: 0: Hoare triple {29752#true} ~handle := #in~handle;havoc ~retValue_acc~24; {29752#true} is VALID [2022-02-20 18:02:28,304 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {29752#true} is VALID [2022-02-20 18:02:28,304 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,304 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {29752#true} {29753#false} #1074#return; {29753#false} is VALID [2022-02-20 18:02:28,304 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:02:28,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {29752#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {29752#true} is VALID [2022-02-20 18:02:28,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,307 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {29752#true} {29753#false} #1076#return; {29753#false} is VALID [2022-02-20 18:02:28,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {29752#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {29752#true} is VALID [2022-02-20 18:02:28,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {29752#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {29752#true} is VALID [2022-02-20 18:02:28,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {29752#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {29752#true} is VALID [2022-02-20 18:02:28,308 INFO L290 TraceCheckUtils]: 3: Hoare triple {29752#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {29752#true} is VALID [2022-02-20 18:02:28,308 INFO L290 TraceCheckUtils]: 4: Hoare triple {29752#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {29752#true} is VALID [2022-02-20 18:02:28,308 INFO L290 TraceCheckUtils]: 5: Hoare triple {29752#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {29752#true} is VALID [2022-02-20 18:02:28,309 INFO L272 TraceCheckUtils]: 6: Hoare triple {29752#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:28,309 INFO L290 TraceCheckUtils]: 7: Hoare triple {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,309 INFO L290 TraceCheckUtils]: 8: Hoare triple {29752#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,309 INFO L290 TraceCheckUtils]: 9: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,310 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {29752#true} {29752#true} #1094#return; {29752#true} is VALID [2022-02-20 18:02:28,310 INFO L290 TraceCheckUtils]: 11: Hoare triple {29752#true} assume { :end_inline_setup_bob__wrappee__Base } true; {29752#true} is VALID [2022-02-20 18:02:28,310 INFO L272 TraceCheckUtils]: 12: Hoare triple {29752#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:28,311 INFO L290 TraceCheckUtils]: 13: Hoare triple {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,311 INFO L290 TraceCheckUtils]: 14: Hoare triple {29752#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,311 INFO L290 TraceCheckUtils]: 15: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,311 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {29752#true} {29752#true} #1096#return; {29752#true} is VALID [2022-02-20 18:02:28,311 INFO L290 TraceCheckUtils]: 17: Hoare triple {29752#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {29752#true} is VALID [2022-02-20 18:02:28,321 INFO L272 TraceCheckUtils]: 18: Hoare triple {29752#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:28,321 INFO L290 TraceCheckUtils]: 19: Hoare triple {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,322 INFO L290 TraceCheckUtils]: 20: Hoare triple {29752#true} assume !(1 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,322 INFO L290 TraceCheckUtils]: 21: Hoare triple {29752#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,322 INFO L290 TraceCheckUtils]: 22: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,322 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {29752#true} {29752#true} #1098#return; {29752#true} is VALID [2022-02-20 18:02:28,322 INFO L290 TraceCheckUtils]: 24: Hoare triple {29752#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {29752#true} is VALID [2022-02-20 18:02:28,323 INFO L272 TraceCheckUtils]: 25: Hoare triple {29752#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:28,323 INFO L290 TraceCheckUtils]: 26: Hoare triple {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,323 INFO L290 TraceCheckUtils]: 27: Hoare triple {29752#true} assume !(1 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,323 INFO L290 TraceCheckUtils]: 28: Hoare triple {29752#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,323 INFO L290 TraceCheckUtils]: 29: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,324 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {29752#true} {29752#true} #1100#return; {29752#true} is VALID [2022-02-20 18:02:28,324 INFO L290 TraceCheckUtils]: 31: Hoare triple {29752#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {29752#true} is VALID [2022-02-20 18:02:28,324 INFO L272 TraceCheckUtils]: 32: Hoare triple {29752#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:28,325 INFO L290 TraceCheckUtils]: 33: Hoare triple {29808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,325 INFO L290 TraceCheckUtils]: 34: Hoare triple {29752#true} assume !(1 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,325 INFO L290 TraceCheckUtils]: 35: Hoare triple {29752#true} assume !(2 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,325 INFO L290 TraceCheckUtils]: 36: Hoare triple {29752#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,325 INFO L290 TraceCheckUtils]: 37: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,325 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {29752#true} {29752#true} #1102#return; {29752#true} is VALID [2022-02-20 18:02:28,325 INFO L290 TraceCheckUtils]: 39: Hoare triple {29752#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {29752#true} is VALID [2022-02-20 18:02:28,326 INFO L272 TraceCheckUtils]: 40: Hoare triple {29752#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:28,326 INFO L290 TraceCheckUtils]: 41: Hoare triple {29809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,326 INFO L290 TraceCheckUtils]: 42: Hoare triple {29752#true} assume !(1 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,327 INFO L290 TraceCheckUtils]: 43: Hoare triple {29752#true} assume !(2 == ~handle); {29752#true} is VALID [2022-02-20 18:02:28,327 INFO L290 TraceCheckUtils]: 44: Hoare triple {29752#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,327 INFO L290 TraceCheckUtils]: 45: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,327 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {29752#true} {29752#true} #1104#return; {29752#true} is VALID [2022-02-20 18:02:28,327 INFO L290 TraceCheckUtils]: 47: Hoare triple {29752#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {29752#true} is VALID [2022-02-20 18:02:28,327 INFO L290 TraceCheckUtils]: 48: Hoare triple {29752#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:02:28,328 INFO L290 TraceCheckUtils]: 49: Hoare triple {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:02:28,328 INFO L290 TraceCheckUtils]: 50: Hoare triple {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:02:28,328 INFO L290 TraceCheckUtils]: 51: Hoare triple {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:02:28,329 INFO L290 TraceCheckUtils]: 52: Hoare triple {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:02:28,329 INFO L290 TraceCheckUtils]: 53: Hoare triple {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 18:02:28,329 INFO L290 TraceCheckUtils]: 54: Hoare triple {29784#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {29753#false} is VALID [2022-02-20 18:02:28,330 INFO L290 TraceCheckUtils]: 55: Hoare triple {29753#false} assume !(0 == test_~op3~0#1); {29753#false} is VALID [2022-02-20 18:02:28,330 INFO L290 TraceCheckUtils]: 56: Hoare triple {29753#false} assume !(0 == test_~op4~0#1); {29753#false} is VALID [2022-02-20 18:02:28,330 INFO L290 TraceCheckUtils]: 57: Hoare triple {29753#false} assume !(0 == test_~op5~0#1); {29753#false} is VALID [2022-02-20 18:02:28,330 INFO L290 TraceCheckUtils]: 58: Hoare triple {29753#false} assume !(0 == test_~op6~0#1); {29753#false} is VALID [2022-02-20 18:02:28,330 INFO L290 TraceCheckUtils]: 59: Hoare triple {29753#false} assume !(0 == test_~op7~0#1); {29753#false} is VALID [2022-02-20 18:02:28,330 INFO L290 TraceCheckUtils]: 60: Hoare triple {29753#false} assume !(0 == test_~op8~0#1); {29753#false} is VALID [2022-02-20 18:02:28,331 INFO L290 TraceCheckUtils]: 61: Hoare triple {29753#false} assume !(0 == test_~op9~0#1); {29753#false} is VALID [2022-02-20 18:02:28,331 INFO L290 TraceCheckUtils]: 62: Hoare triple {29753#false} assume !(0 == test_~op10~0#1); {29753#false} is VALID [2022-02-20 18:02:28,331 INFO L290 TraceCheckUtils]: 63: Hoare triple {29753#false} assume !(0 == test_~op11~0#1); {29753#false} is VALID [2022-02-20 18:02:28,331 INFO L290 TraceCheckUtils]: 64: Hoare triple {29753#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {29753#false} is VALID [2022-02-20 18:02:28,331 INFO L272 TraceCheckUtils]: 65: Hoare triple {29753#false} call sendEmail(~bob~0, ~rjh~0); {29753#false} is VALID [2022-02-20 18:02:28,331 INFO L290 TraceCheckUtils]: 66: Hoare triple {29753#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {29753#false} is VALID [2022-02-20 18:02:28,331 INFO L272 TraceCheckUtils]: 67: Hoare triple {29753#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {29810#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:28,332 INFO L290 TraceCheckUtils]: 68: Hoare triple {29810#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,332 INFO L290 TraceCheckUtils]: 69: Hoare triple {29752#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,332 INFO L290 TraceCheckUtils]: 70: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,332 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {29752#true} {29753#false} #1066#return; {29753#false} is VALID [2022-02-20 18:02:28,332 INFO L272 TraceCheckUtils]: 72: Hoare triple {29753#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {29811#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:28,332 INFO L290 TraceCheckUtils]: 73: Hoare triple {29811#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,332 INFO L290 TraceCheckUtils]: 74: Hoare triple {29752#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,333 INFO L290 TraceCheckUtils]: 75: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,333 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {29752#true} {29753#false} #1068#return; {29753#false} is VALID [2022-02-20 18:02:28,333 INFO L290 TraceCheckUtils]: 77: Hoare triple {29753#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {29753#false} is VALID [2022-02-20 18:02:28,333 INFO L290 TraceCheckUtils]: 78: Hoare triple {29753#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {29753#false} is VALID [2022-02-20 18:02:28,333 INFO L272 TraceCheckUtils]: 79: Hoare triple {29753#false} call outgoing(~sender#1, ~email~0#1); {29753#false} is VALID [2022-02-20 18:02:28,333 INFO L290 TraceCheckUtils]: 80: Hoare triple {29753#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {29753#false} is VALID [2022-02-20 18:02:28,333 INFO L290 TraceCheckUtils]: 81: Hoare triple {29753#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {29753#false} is VALID [2022-02-20 18:02:28,334 INFO L290 TraceCheckUtils]: 82: Hoare triple {29753#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {29753#false} is VALID [2022-02-20 18:02:28,334 INFO L290 TraceCheckUtils]: 83: Hoare triple {29753#false} assume 0 == sign_~privkey~0#1; {29753#false} is VALID [2022-02-20 18:02:28,334 INFO L290 TraceCheckUtils]: 84: Hoare triple {29753#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {29753#false} is VALID [2022-02-20 18:02:28,334 INFO L272 TraceCheckUtils]: 85: Hoare triple {29753#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {29752#true} is VALID [2022-02-20 18:02:28,334 INFO L290 TraceCheckUtils]: 86: Hoare triple {29752#true} ~handle := #in~handle;havoc ~retValue_acc~7; {29752#true} is VALID [2022-02-20 18:02:28,334 INFO L290 TraceCheckUtils]: 87: Hoare triple {29752#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {29752#true} is VALID [2022-02-20 18:02:28,341 INFO L290 TraceCheckUtils]: 88: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,341 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {29752#true} {29753#false} #1048#return; {29753#false} is VALID [2022-02-20 18:02:28,341 INFO L290 TraceCheckUtils]: 90: Hoare triple {29753#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {29753#false} is VALID [2022-02-20 18:02:28,341 INFO L290 TraceCheckUtils]: 91: Hoare triple {29753#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {29753#false} is VALID [2022-02-20 18:02:28,341 INFO L272 TraceCheckUtils]: 92: Hoare triple {29753#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {29753#false} is VALID [2022-02-20 18:02:28,341 INFO L290 TraceCheckUtils]: 93: Hoare triple {29753#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {29753#false} is VALID [2022-02-20 18:02:28,342 INFO L290 TraceCheckUtils]: 94: Hoare triple {29753#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {29753#false} is VALID [2022-02-20 18:02:28,342 INFO L290 TraceCheckUtils]: 95: Hoare triple {29753#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {29753#false} is VALID [2022-02-20 18:02:28,342 INFO L272 TraceCheckUtils]: 96: Hoare triple {29753#false} call setEmailFrom(~msg#1, ~tmp~14#1); {29810#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:28,342 INFO L290 TraceCheckUtils]: 97: Hoare triple {29810#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {29752#true} is VALID [2022-02-20 18:02:28,342 INFO L290 TraceCheckUtils]: 98: Hoare triple {29752#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {29752#true} is VALID [2022-02-20 18:02:28,342 INFO L290 TraceCheckUtils]: 99: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,342 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {29752#true} {29753#false} #1072#return; {29753#false} is VALID [2022-02-20 18:02:28,343 INFO L290 TraceCheckUtils]: 101: Hoare triple {29753#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {29753#false} is VALID [2022-02-20 18:02:28,343 INFO L272 TraceCheckUtils]: 102: Hoare triple {29753#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {29752#true} is VALID [2022-02-20 18:02:28,343 INFO L290 TraceCheckUtils]: 103: Hoare triple {29752#true} ~handle := #in~handle;havoc ~retValue_acc~24; {29752#true} is VALID [2022-02-20 18:02:28,343 INFO L290 TraceCheckUtils]: 104: Hoare triple {29752#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {29752#true} is VALID [2022-02-20 18:02:28,343 INFO L290 TraceCheckUtils]: 105: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,343 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {29752#true} {29753#false} #1074#return; {29753#false} is VALID [2022-02-20 18:02:28,343 INFO L290 TraceCheckUtils]: 107: Hoare triple {29753#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {29753#false} is VALID [2022-02-20 18:02:28,344 INFO L272 TraceCheckUtils]: 108: Hoare triple {29753#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {29752#true} is VALID [2022-02-20 18:02:28,344 INFO L290 TraceCheckUtils]: 109: Hoare triple {29752#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {29752#true} is VALID [2022-02-20 18:02:28,344 INFO L290 TraceCheckUtils]: 110: Hoare triple {29752#true} assume true; {29752#true} is VALID [2022-02-20 18:02:28,344 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {29752#true} {29753#false} #1076#return; {29753#false} is VALID [2022-02-20 18:02:28,344 INFO L290 TraceCheckUtils]: 112: Hoare triple {29753#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {29753#false} is VALID [2022-02-20 18:02:28,344 INFO L290 TraceCheckUtils]: 113: Hoare triple {29753#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {29753#false} is VALID [2022-02-20 18:02:28,344 INFO L290 TraceCheckUtils]: 114: Hoare triple {29753#false} assume !false; {29753#false} is VALID [2022-02-20 18:02:28,345 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:28,345 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:28,345 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [797368276] [2022-02-20 18:02:28,345 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [797368276] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:28,346 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:28,346 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:02:28,346 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1657095442] [2022-02-20 18:02:28,346 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:28,347 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.714285714285714) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 115 [2022-02-20 18:02:28,347 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:28,347 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 10.714285714285714) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:28,419 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:28,419 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:02:28,419 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:28,420 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:02:28,420 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:02:28,420 INFO L87 Difference]: Start difference. First operand 803 states and 1347 transitions. Second operand has 7 states, 7 states have (on average 10.714285714285714) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:33,483 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:33,484 INFO L93 Difference]: Finished difference Result 2028 states and 3485 transitions. [2022-02-20 18:02:33,484 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:02:33,484 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.714285714285714) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 115 [2022-02-20 18:02:33,484 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:33,484 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.714285714285714) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:33,493 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1335 transitions. [2022-02-20 18:02:33,493 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.714285714285714) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:33,502 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1335 transitions. [2022-02-20 18:02:33,502 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1335 transitions. [2022-02-20 18:02:34,559 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1335 edges. 1335 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:34,658 INFO L225 Difference]: With dead ends: 2028 [2022-02-20 18:02:34,659 INFO L226 Difference]: Without dead ends: 1293 [2022-02-20 18:02:34,661 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 37 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=48, Invalid=108, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:34,662 INFO L933 BasicCegarLoop]: 612 mSDtfsCounter, 1246 mSDsluCounter, 761 mSDsCounter, 0 mSdLazyCounter, 948 mSolverCounterSat, 443 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1264 SdHoareTripleChecker+Valid, 1373 SdHoareTripleChecker+Invalid, 1391 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 443 IncrementalHoareTripleChecker+Valid, 948 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:34,662 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1264 Valid, 1373 Invalid, 1391 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [443 Valid, 948 Invalid, 0 Unknown, 0 Unchecked, 1.7s Time] [2022-02-20 18:02:34,664 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1293 states. [2022-02-20 18:02:35,284 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1293 to 1193. [2022-02-20 18:02:35,285 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:35,287 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1293 states. Second operand has 1193 states, 947 states have (on average 1.6515311510031678) internal successors, (1564), 953 states have internal predecessors, (1564), 220 states have call successors, (220), 21 states have call predecessors, (220), 25 states have return successors, (251), 218 states have call predecessors, (251), 219 states have call successors, (251) [2022-02-20 18:02:35,288 INFO L74 IsIncluded]: Start isIncluded. First operand 1293 states. Second operand has 1193 states, 947 states have (on average 1.6515311510031678) internal successors, (1564), 953 states have internal predecessors, (1564), 220 states have call successors, (220), 21 states have call predecessors, (220), 25 states have return successors, (251), 218 states have call predecessors, (251), 219 states have call successors, (251) [2022-02-20 18:02:35,289 INFO L87 Difference]: Start difference. First operand 1293 states. Second operand has 1193 states, 947 states have (on average 1.6515311510031678) internal successors, (1564), 953 states have internal predecessors, (1564), 220 states have call successors, (220), 21 states have call predecessors, (220), 25 states have return successors, (251), 218 states have call predecessors, (251), 219 states have call successors, (251) [2022-02-20 18:02:35,352 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:35,352 INFO L93 Difference]: Finished difference Result 1293 states and 2238 transitions. [2022-02-20 18:02:35,352 INFO L276 IsEmpty]: Start isEmpty. Operand 1293 states and 2238 transitions. [2022-02-20 18:02:35,356 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:35,356 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:35,358 INFO L74 IsIncluded]: Start isIncluded. First operand has 1193 states, 947 states have (on average 1.6515311510031678) internal successors, (1564), 953 states have internal predecessors, (1564), 220 states have call successors, (220), 21 states have call predecessors, (220), 25 states have return successors, (251), 218 states have call predecessors, (251), 219 states have call successors, (251) Second operand 1293 states. [2022-02-20 18:02:35,359 INFO L87 Difference]: Start difference. First operand has 1193 states, 947 states have (on average 1.6515311510031678) internal successors, (1564), 953 states have internal predecessors, (1564), 220 states have call successors, (220), 21 states have call predecessors, (220), 25 states have return successors, (251), 218 states have call predecessors, (251), 219 states have call successors, (251) Second operand 1293 states. [2022-02-20 18:02:35,420 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:35,421 INFO L93 Difference]: Finished difference Result 1293 states and 2238 transitions. [2022-02-20 18:02:35,421 INFO L276 IsEmpty]: Start isEmpty. Operand 1293 states and 2238 transitions. [2022-02-20 18:02:35,425 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:35,425 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:35,425 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:35,425 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:35,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1193 states, 947 states have (on average 1.6515311510031678) internal successors, (1564), 953 states have internal predecessors, (1564), 220 states have call successors, (220), 21 states have call predecessors, (220), 25 states have return successors, (251), 218 states have call predecessors, (251), 219 states have call successors, (251) [2022-02-20 18:02:35,495 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1193 states to 1193 states and 2035 transitions. [2022-02-20 18:02:35,495 INFO L78 Accepts]: Start accepts. Automaton has 1193 states and 2035 transitions. Word has length 115 [2022-02-20 18:02:35,495 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:35,495 INFO L470 AbstractCegarLoop]: Abstraction has 1193 states and 2035 transitions. [2022-02-20 18:02:35,496 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.714285714285714) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:35,496 INFO L276 IsEmpty]: Start isEmpty. Operand 1193 states and 2035 transitions. [2022-02-20 18:02:35,500 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2022-02-20 18:02:35,500 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:35,500 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:35,501 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 18:02:35,501 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:35,501 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:35,501 INFO L85 PathProgramCache]: Analyzing trace with hash 1259187153, now seen corresponding path program 1 times [2022-02-20 18:02:35,501 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:35,501 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [897458539] [2022-02-20 18:02:35,501 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:35,502 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:35,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:35,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,552 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,552 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {37013#true} {37013#true} #1094#return; {37013#true} is VALID [2022-02-20 18:02:35,556 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:35,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,559 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,559 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,559 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {37013#true} {37013#true} #1096#return; {37013#true} is VALID [2022-02-20 18:02:35,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:35,561 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,563 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume !(1 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,563 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,563 INFO L290 TraceCheckUtils]: 3: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,563 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {37013#true} {37013#true} #1098#return; {37013#true} is VALID [2022-02-20 18:02:35,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:35,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,565 INFO L290 TraceCheckUtils]: 0: Hoare triple {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,566 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume !(1 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,566 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,566 INFO L290 TraceCheckUtils]: 3: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,566 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {37013#true} {37013#true} #1100#return; {37013#true} is VALID [2022-02-20 18:02:35,566 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:35,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume !(1 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,569 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume !(2 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,569 INFO L290 TraceCheckUtils]: 3: Hoare triple {37013#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,569 INFO L290 TraceCheckUtils]: 4: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,569 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {37013#true} {37013#true} #1102#return; {37013#true} is VALID [2022-02-20 18:02:35,569 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:35,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,573 INFO L290 TraceCheckUtils]: 0: Hoare triple {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,573 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume !(1 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,573 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume !(2 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,574 INFO L290 TraceCheckUtils]: 3: Hoare triple {37013#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,574 INFO L290 TraceCheckUtils]: 4: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,574 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {37013#true} {37013#true} #1104#return; {37013#true} is VALID [2022-02-20 18:02:35,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:02:35,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {37071#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,581 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,581 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,581 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {37013#true} {37014#false} #1066#return; {37014#false} is VALID [2022-02-20 18:02:35,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:02:35,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,588 INFO L290 TraceCheckUtils]: 0: Hoare triple {37072#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,588 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,589 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,589 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {37013#true} {37014#false} #1068#return; {37014#false} is VALID [2022-02-20 18:02:35,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:02:35,589 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,591 INFO L290 TraceCheckUtils]: 0: Hoare triple {37013#true} ~handle := #in~handle;havoc ~retValue_acc~7; {37013#true} is VALID [2022-02-20 18:02:35,591 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {37013#true} is VALID [2022-02-20 18:02:35,591 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,591 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {37013#true} {37014#false} #1048#return; {37014#false} is VALID [2022-02-20 18:02:35,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:02:35,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {37071#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,594 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,594 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,594 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {37013#true} {37014#false} #1072#return; {37014#false} is VALID [2022-02-20 18:02:35,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:02:35,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,596 INFO L290 TraceCheckUtils]: 0: Hoare triple {37013#true} ~handle := #in~handle;havoc ~retValue_acc~24; {37013#true} is VALID [2022-02-20 18:02:35,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {37013#true} is VALID [2022-02-20 18:02:35,596 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,596 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {37013#true} {37014#false} #1074#return; {37014#false} is VALID [2022-02-20 18:02:35,596 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:02:35,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {37013#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {37013#true} is VALID [2022-02-20 18:02:35,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,600 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {37013#true} {37014#false} #1076#return; {37014#false} is VALID [2022-02-20 18:02:35,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {37013#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {37013#true} is VALID [2022-02-20 18:02:35,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {37013#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {37013#true} is VALID [2022-02-20 18:02:35,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {37013#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {37013#true} is VALID [2022-02-20 18:02:35,601 INFO L290 TraceCheckUtils]: 3: Hoare triple {37013#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {37013#true} is VALID [2022-02-20 18:02:35,601 INFO L290 TraceCheckUtils]: 4: Hoare triple {37013#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {37013#true} is VALID [2022-02-20 18:02:35,601 INFO L290 TraceCheckUtils]: 5: Hoare triple {37013#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {37013#true} is VALID [2022-02-20 18:02:35,602 INFO L272 TraceCheckUtils]: 6: Hoare triple {37013#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,602 INFO L290 TraceCheckUtils]: 7: Hoare triple {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,602 INFO L290 TraceCheckUtils]: 8: Hoare triple {37013#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,602 INFO L290 TraceCheckUtils]: 9: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,602 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {37013#true} {37013#true} #1094#return; {37013#true} is VALID [2022-02-20 18:02:35,602 INFO L290 TraceCheckUtils]: 11: Hoare triple {37013#true} assume { :end_inline_setup_bob__wrappee__Base } true; {37013#true} is VALID [2022-02-20 18:02:35,603 INFO L272 TraceCheckUtils]: 12: Hoare triple {37013#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,603 INFO L290 TraceCheckUtils]: 13: Hoare triple {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,603 INFO L290 TraceCheckUtils]: 14: Hoare triple {37013#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,603 INFO L290 TraceCheckUtils]: 15: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,603 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {37013#true} {37013#true} #1096#return; {37013#true} is VALID [2022-02-20 18:02:35,603 INFO L290 TraceCheckUtils]: 17: Hoare triple {37013#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {37013#true} is VALID [2022-02-20 18:02:35,604 INFO L272 TraceCheckUtils]: 18: Hoare triple {37013#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,604 INFO L290 TraceCheckUtils]: 19: Hoare triple {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,604 INFO L290 TraceCheckUtils]: 20: Hoare triple {37013#true} assume !(1 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,604 INFO L290 TraceCheckUtils]: 21: Hoare triple {37013#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,604 INFO L290 TraceCheckUtils]: 22: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,604 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {37013#true} {37013#true} #1098#return; {37013#true} is VALID [2022-02-20 18:02:35,604 INFO L290 TraceCheckUtils]: 24: Hoare triple {37013#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {37013#true} is VALID [2022-02-20 18:02:35,605 INFO L272 TraceCheckUtils]: 25: Hoare triple {37013#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,605 INFO L290 TraceCheckUtils]: 26: Hoare triple {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,605 INFO L290 TraceCheckUtils]: 27: Hoare triple {37013#true} assume !(1 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,605 INFO L290 TraceCheckUtils]: 28: Hoare triple {37013#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,605 INFO L290 TraceCheckUtils]: 29: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,606 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {37013#true} {37013#true} #1100#return; {37013#true} is VALID [2022-02-20 18:02:35,606 INFO L290 TraceCheckUtils]: 31: Hoare triple {37013#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {37013#true} is VALID [2022-02-20 18:02:35,606 INFO L272 TraceCheckUtils]: 32: Hoare triple {37013#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,606 INFO L290 TraceCheckUtils]: 33: Hoare triple {37069#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,606 INFO L290 TraceCheckUtils]: 34: Hoare triple {37013#true} assume !(1 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,607 INFO L290 TraceCheckUtils]: 35: Hoare triple {37013#true} assume !(2 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,607 INFO L290 TraceCheckUtils]: 36: Hoare triple {37013#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,607 INFO L290 TraceCheckUtils]: 37: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,607 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {37013#true} {37013#true} #1102#return; {37013#true} is VALID [2022-02-20 18:02:35,607 INFO L290 TraceCheckUtils]: 39: Hoare triple {37013#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {37013#true} is VALID [2022-02-20 18:02:35,608 INFO L272 TraceCheckUtils]: 40: Hoare triple {37013#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 41: Hoare triple {37070#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 42: Hoare triple {37013#true} assume !(1 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 43: Hoare triple {37013#true} assume !(2 == ~handle); {37013#true} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 44: Hoare triple {37013#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 45: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,608 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {37013#true} {37013#true} #1104#return; {37013#true} is VALID [2022-02-20 18:02:35,608 INFO L290 TraceCheckUtils]: 47: Hoare triple {37013#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {37013#true} is VALID [2022-02-20 18:02:35,609 INFO L290 TraceCheckUtils]: 48: Hoare triple {37013#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:02:35,609 INFO L290 TraceCheckUtils]: 49: Hoare triple {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !false; {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:02:35,609 INFO L290 TraceCheckUtils]: 50: Hoare triple {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:02:35,609 INFO L290 TraceCheckUtils]: 51: Hoare triple {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:02:35,610 INFO L290 TraceCheckUtils]: 52: Hoare triple {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:02:35,610 INFO L290 TraceCheckUtils]: 53: Hoare triple {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:02:35,610 INFO L290 TraceCheckUtils]: 54: Hoare triple {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:02:35,611 INFO L290 TraceCheckUtils]: 55: Hoare triple {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 18:02:35,611 INFO L290 TraceCheckUtils]: 56: Hoare triple {37045#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 == test_~op3~0#1); {37014#false} is VALID [2022-02-20 18:02:35,611 INFO L290 TraceCheckUtils]: 57: Hoare triple {37014#false} assume !(0 == test_~op4~0#1); {37014#false} is VALID [2022-02-20 18:02:35,611 INFO L290 TraceCheckUtils]: 58: Hoare triple {37014#false} assume !(0 == test_~op5~0#1); {37014#false} is VALID [2022-02-20 18:02:35,611 INFO L290 TraceCheckUtils]: 59: Hoare triple {37014#false} assume !(0 == test_~op6~0#1); {37014#false} is VALID [2022-02-20 18:02:35,611 INFO L290 TraceCheckUtils]: 60: Hoare triple {37014#false} assume !(0 == test_~op7~0#1); {37014#false} is VALID [2022-02-20 18:02:35,611 INFO L290 TraceCheckUtils]: 61: Hoare triple {37014#false} assume !(0 == test_~op8~0#1); {37014#false} is VALID [2022-02-20 18:02:35,611 INFO L290 TraceCheckUtils]: 62: Hoare triple {37014#false} assume !(0 == test_~op9~0#1); {37014#false} is VALID [2022-02-20 18:02:35,612 INFO L290 TraceCheckUtils]: 63: Hoare triple {37014#false} assume !(0 == test_~op10~0#1); {37014#false} is VALID [2022-02-20 18:02:35,612 INFO L290 TraceCheckUtils]: 64: Hoare triple {37014#false} assume !(0 == test_~op11~0#1); {37014#false} is VALID [2022-02-20 18:02:35,612 INFO L290 TraceCheckUtils]: 65: Hoare triple {37014#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {37014#false} is VALID [2022-02-20 18:02:35,612 INFO L272 TraceCheckUtils]: 66: Hoare triple {37014#false} call sendEmail(~bob~0, ~rjh~0); {37014#false} is VALID [2022-02-20 18:02:35,612 INFO L290 TraceCheckUtils]: 67: Hoare triple {37014#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {37014#false} is VALID [2022-02-20 18:02:35,612 INFO L272 TraceCheckUtils]: 68: Hoare triple {37014#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {37071#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:35,612 INFO L290 TraceCheckUtils]: 69: Hoare triple {37071#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,612 INFO L290 TraceCheckUtils]: 70: Hoare triple {37013#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,613 INFO L290 TraceCheckUtils]: 71: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,613 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {37013#true} {37014#false} #1066#return; {37014#false} is VALID [2022-02-20 18:02:35,613 INFO L272 TraceCheckUtils]: 73: Hoare triple {37014#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {37072#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:35,613 INFO L290 TraceCheckUtils]: 74: Hoare triple {37072#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,613 INFO L290 TraceCheckUtils]: 75: Hoare triple {37013#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,613 INFO L290 TraceCheckUtils]: 76: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,613 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {37013#true} {37014#false} #1068#return; {37014#false} is VALID [2022-02-20 18:02:35,613 INFO L290 TraceCheckUtils]: 78: Hoare triple {37014#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {37014#false} is VALID [2022-02-20 18:02:35,613 INFO L290 TraceCheckUtils]: 79: Hoare triple {37014#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {37014#false} is VALID [2022-02-20 18:02:35,614 INFO L272 TraceCheckUtils]: 80: Hoare triple {37014#false} call outgoing(~sender#1, ~email~0#1); {37014#false} is VALID [2022-02-20 18:02:35,614 INFO L290 TraceCheckUtils]: 81: Hoare triple {37014#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {37014#false} is VALID [2022-02-20 18:02:35,614 INFO L290 TraceCheckUtils]: 82: Hoare triple {37014#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {37014#false} is VALID [2022-02-20 18:02:35,614 INFO L290 TraceCheckUtils]: 83: Hoare triple {37014#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {37014#false} is VALID [2022-02-20 18:02:35,614 INFO L290 TraceCheckUtils]: 84: Hoare triple {37014#false} assume 0 == sign_~privkey~0#1; {37014#false} is VALID [2022-02-20 18:02:35,614 INFO L290 TraceCheckUtils]: 85: Hoare triple {37014#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {37014#false} is VALID [2022-02-20 18:02:35,614 INFO L272 TraceCheckUtils]: 86: Hoare triple {37014#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {37013#true} is VALID [2022-02-20 18:02:35,614 INFO L290 TraceCheckUtils]: 87: Hoare triple {37013#true} ~handle := #in~handle;havoc ~retValue_acc~7; {37013#true} is VALID [2022-02-20 18:02:35,614 INFO L290 TraceCheckUtils]: 88: Hoare triple {37013#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {37013#true} is VALID [2022-02-20 18:02:35,615 INFO L290 TraceCheckUtils]: 89: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,615 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {37013#true} {37014#false} #1048#return; {37014#false} is VALID [2022-02-20 18:02:35,615 INFO L290 TraceCheckUtils]: 91: Hoare triple {37014#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {37014#false} is VALID [2022-02-20 18:02:35,615 INFO L290 TraceCheckUtils]: 92: Hoare triple {37014#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {37014#false} is VALID [2022-02-20 18:02:35,615 INFO L272 TraceCheckUtils]: 93: Hoare triple {37014#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {37014#false} is VALID [2022-02-20 18:02:35,615 INFO L290 TraceCheckUtils]: 94: Hoare triple {37014#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {37014#false} is VALID [2022-02-20 18:02:35,615 INFO L290 TraceCheckUtils]: 95: Hoare triple {37014#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {37014#false} is VALID [2022-02-20 18:02:35,615 INFO L290 TraceCheckUtils]: 96: Hoare triple {37014#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {37014#false} is VALID [2022-02-20 18:02:35,615 INFO L272 TraceCheckUtils]: 97: Hoare triple {37014#false} call setEmailFrom(~msg#1, ~tmp~14#1); {37071#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 98: Hoare triple {37071#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {37013#true} is VALID [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 99: Hoare triple {37013#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {37013#true} is VALID [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 100: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,616 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {37013#true} {37014#false} #1072#return; {37014#false} is VALID [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 102: Hoare triple {37014#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {37014#false} is VALID [2022-02-20 18:02:35,616 INFO L272 TraceCheckUtils]: 103: Hoare triple {37014#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {37013#true} is VALID [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 104: Hoare triple {37013#true} ~handle := #in~handle;havoc ~retValue_acc~24; {37013#true} is VALID [2022-02-20 18:02:35,616 INFO L290 TraceCheckUtils]: 105: Hoare triple {37013#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {37013#true} is VALID [2022-02-20 18:02:35,617 INFO L290 TraceCheckUtils]: 106: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,617 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {37013#true} {37014#false} #1074#return; {37014#false} is VALID [2022-02-20 18:02:35,617 INFO L290 TraceCheckUtils]: 108: Hoare triple {37014#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {37014#false} is VALID [2022-02-20 18:02:35,617 INFO L272 TraceCheckUtils]: 109: Hoare triple {37014#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {37013#true} is VALID [2022-02-20 18:02:35,617 INFO L290 TraceCheckUtils]: 110: Hoare triple {37013#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {37013#true} is VALID [2022-02-20 18:02:35,617 INFO L290 TraceCheckUtils]: 111: Hoare triple {37013#true} assume true; {37013#true} is VALID [2022-02-20 18:02:35,617 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {37013#true} {37014#false} #1076#return; {37014#false} is VALID [2022-02-20 18:02:35,617 INFO L290 TraceCheckUtils]: 113: Hoare triple {37014#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {37014#false} is VALID [2022-02-20 18:02:35,617 INFO L290 TraceCheckUtils]: 114: Hoare triple {37014#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {37014#false} is VALID [2022-02-20 18:02:35,618 INFO L290 TraceCheckUtils]: 115: Hoare triple {37014#false} assume !false; {37014#false} is VALID [2022-02-20 18:02:35,618 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:35,618 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:35,618 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [897458539] [2022-02-20 18:02:35,618 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [897458539] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:35,618 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:35,618 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:02:35,619 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [153625034] [2022-02-20 18:02:35,619 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:35,619 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.857142857142858) internal successors, (76), 3 states have internal predecessors, (76), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 116 [2022-02-20 18:02:35,619 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:35,620 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 10.857142857142858) internal successors, (76), 3 states have internal predecessors, (76), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:35,687 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:35,687 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:02:35,687 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:35,688 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:02:35,688 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:02:35,688 INFO L87 Difference]: Start difference. First operand 1193 states and 2035 transitions. Second operand has 7 states, 7 states have (on average 10.857142857142858) internal successors, (76), 3 states have internal predecessors, (76), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:40,966 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:40,966 INFO L93 Difference]: Finished difference Result 2977 states and 5159 transitions. [2022-02-20 18:02:40,966 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:02:40,966 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.857142857142858) internal successors, (76), 3 states have internal predecessors, (76), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 116 [2022-02-20 18:02:40,967 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:40,967 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.857142857142858) internal successors, (76), 3 states have internal predecessors, (76), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:40,976 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1331 transitions. [2022-02-20 18:02:40,976 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.857142857142858) internal successors, (76), 3 states have internal predecessors, (76), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:40,986 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 1331 transitions. [2022-02-20 18:02:40,986 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 1331 transitions. [2022-02-20 18:02:42,007 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1331 edges. 1331 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:42,179 INFO L225 Difference]: With dead ends: 2977 [2022-02-20 18:02:42,179 INFO L226 Difference]: Without dead ends: 1905 [2022-02-20 18:02:42,197 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 37 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=48, Invalid=108, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:42,201 INFO L933 BasicCegarLoop]: 604 mSDtfsCounter, 1245 mSDsluCounter, 756 mSDsCounter, 0 mSdLazyCounter, 916 mSolverCounterSat, 442 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1263 SdHoareTripleChecker+Valid, 1360 SdHoareTripleChecker+Invalid, 1358 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 442 IncrementalHoareTripleChecker+Valid, 916 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:42,215 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1263 Valid, 1360 Invalid, 1358 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [442 Valid, 916 Invalid, 0 Unknown, 0 Unchecked, 1.6s Time] [2022-02-20 18:02:42,217 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1905 states. [2022-02-20 18:02:43,388 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1905 to 1805. [2022-02-20 18:02:43,388 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:43,391 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1905 states. Second operand has 1805 states, 1440 states have (on average 1.6576388888888889) internal successors, (2387), 1446 states have internal predecessors, (2387), 339 states have call successors, (339), 21 states have call predecessors, (339), 25 states have return successors, (370), 337 states have call predecessors, (370), 338 states have call successors, (370) [2022-02-20 18:02:43,393 INFO L74 IsIncluded]: Start isIncluded. First operand 1905 states. Second operand has 1805 states, 1440 states have (on average 1.6576388888888889) internal successors, (2387), 1446 states have internal predecessors, (2387), 339 states have call successors, (339), 21 states have call predecessors, (339), 25 states have return successors, (370), 337 states have call predecessors, (370), 338 states have call successors, (370) [2022-02-20 18:02:43,408 INFO L87 Difference]: Start difference. First operand 1905 states. Second operand has 1805 states, 1440 states have (on average 1.6576388888888889) internal successors, (2387), 1446 states have internal predecessors, (2387), 339 states have call successors, (339), 21 states have call predecessors, (339), 25 states have return successors, (370), 337 states have call predecessors, (370), 338 states have call successors, (370) [2022-02-20 18:02:43,665 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:43,666 INFO L93 Difference]: Finished difference Result 1905 states and 3315 transitions. [2022-02-20 18:02:43,666 INFO L276 IsEmpty]: Start isEmpty. Operand 1905 states and 3315 transitions. [2022-02-20 18:02:43,687 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:43,687 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:43,690 INFO L74 IsIncluded]: Start isIncluded. First operand has 1805 states, 1440 states have (on average 1.6576388888888889) internal successors, (2387), 1446 states have internal predecessors, (2387), 339 states have call successors, (339), 21 states have call predecessors, (339), 25 states have return successors, (370), 337 states have call predecessors, (370), 338 states have call successors, (370) Second operand 1905 states. [2022-02-20 18:02:43,692 INFO L87 Difference]: Start difference. First operand has 1805 states, 1440 states have (on average 1.6576388888888889) internal successors, (2387), 1446 states have internal predecessors, (2387), 339 states have call successors, (339), 21 states have call predecessors, (339), 25 states have return successors, (370), 337 states have call predecessors, (370), 338 states have call successors, (370) Second operand 1905 states. [2022-02-20 18:02:43,965 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:43,965 INFO L93 Difference]: Finished difference Result 1905 states and 3315 transitions. [2022-02-20 18:02:43,965 INFO L276 IsEmpty]: Start isEmpty. Operand 1905 states and 3315 transitions. [2022-02-20 18:02:43,971 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:43,987 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:43,987 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:43,987 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:43,990 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1805 states, 1440 states have (on average 1.6576388888888889) internal successors, (2387), 1446 states have internal predecessors, (2387), 339 states have call successors, (339), 21 states have call predecessors, (339), 25 states have return successors, (370), 337 states have call predecessors, (370), 338 states have call successors, (370) [2022-02-20 18:02:44,317 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1805 states to 1805 states and 3096 transitions. [2022-02-20 18:02:44,319 INFO L78 Accepts]: Start accepts. Automaton has 1805 states and 3096 transitions. Word has length 116 [2022-02-20 18:02:44,320 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:44,320 INFO L470 AbstractCegarLoop]: Abstraction has 1805 states and 3096 transitions. [2022-02-20 18:02:44,335 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.857142857142858) internal successors, (76), 3 states have internal predecessors, (76), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:44,335 INFO L276 IsEmpty]: Start isEmpty. Operand 1805 states and 3096 transitions. [2022-02-20 18:02:44,343 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 118 [2022-02-20 18:02:44,343 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:44,343 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:44,343 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-20 18:02:44,343 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:44,344 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:44,344 INFO L85 PathProgramCache]: Analyzing trace with hash 245755623, now seen corresponding path program 1 times [2022-02-20 18:02:44,344 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:44,344 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1024049376] [2022-02-20 18:02:44,344 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:44,344 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:44,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,419 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:44,420 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,422 INFO L290 TraceCheckUtils]: 0: Hoare triple {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,422 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,422 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,422 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {47765#true} {47765#true} #1094#return; {47765#true} is VALID [2022-02-20 18:02:44,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:44,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,431 INFO L290 TraceCheckUtils]: 0: Hoare triple {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,431 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,431 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,431 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {47765#true} {47765#true} #1096#return; {47765#true} is VALID [2022-02-20 18:02:44,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:44,433 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,435 INFO L290 TraceCheckUtils]: 0: Hoare triple {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,435 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume !(1 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,435 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,435 INFO L290 TraceCheckUtils]: 3: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,435 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {47765#true} {47765#true} #1098#return; {47765#true} is VALID [2022-02-20 18:02:44,435 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:44,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,442 INFO L290 TraceCheckUtils]: 0: Hoare triple {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,442 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume !(1 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,443 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,443 INFO L290 TraceCheckUtils]: 3: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,443 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {47765#true} {47765#true} #1100#return; {47765#true} is VALID [2022-02-20 18:02:44,443 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:44,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,446 INFO L290 TraceCheckUtils]: 0: Hoare triple {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,446 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume !(1 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,446 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume !(2 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,446 INFO L290 TraceCheckUtils]: 3: Hoare triple {47765#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,446 INFO L290 TraceCheckUtils]: 4: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,447 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {47765#true} {47765#true} #1102#return; {47765#true} is VALID [2022-02-20 18:02:44,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:44,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,465 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume !(1 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,465 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume !(2 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,465 INFO L290 TraceCheckUtils]: 3: Hoare triple {47765#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,465 INFO L290 TraceCheckUtils]: 4: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,466 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {47765#true} {47765#true} #1104#return; {47765#true} is VALID [2022-02-20 18:02:44,470 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:02:44,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,472 INFO L290 TraceCheckUtils]: 0: Hoare triple {47823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,473 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,473 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,473 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {47765#true} {47766#false} #1066#return; {47766#false} is VALID [2022-02-20 18:02:44,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:02:44,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {47824#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,480 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,480 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,480 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {47765#true} {47766#false} #1068#return; {47766#false} is VALID [2022-02-20 18:02:44,480 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:02:44,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,482 INFO L290 TraceCheckUtils]: 0: Hoare triple {47765#true} ~handle := #in~handle;havoc ~retValue_acc~7; {47765#true} is VALID [2022-02-20 18:02:44,482 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {47765#true} is VALID [2022-02-20 18:02:44,483 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,483 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {47765#true} {47766#false} #1048#return; {47766#false} is VALID [2022-02-20 18:02:44,483 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:02:44,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {47823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,485 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,485 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {47765#true} {47766#false} #1072#return; {47766#false} is VALID [2022-02-20 18:02:44,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:02:44,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {47765#true} ~handle := #in~handle;havoc ~retValue_acc~24; {47765#true} is VALID [2022-02-20 18:02:44,487 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {47765#true} is VALID [2022-02-20 18:02:44,487 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,487 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {47765#true} {47766#false} #1074#return; {47766#false} is VALID [2022-02-20 18:02:44,487 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:02:44,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,492 INFO L290 TraceCheckUtils]: 0: Hoare triple {47765#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {47765#true} is VALID [2022-02-20 18:02:44,493 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,493 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {47765#true} {47766#false} #1076#return; {47766#false} is VALID [2022-02-20 18:02:44,493 INFO L290 TraceCheckUtils]: 0: Hoare triple {47765#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(10, 17);call #Ultimate.allocInit(12, 18);call #Ultimate.allocInit(10, 19);call #Ultimate.allocInit(18, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(16, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(44, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(11, 28);call #Ultimate.allocInit(19, 29);call #Ultimate.allocInit(4, 30);call write~init~int(37, 30, 0, 1);call write~init~int(100, 30, 1, 1);call write~init~int(10, 30, 2, 1);call write~init~int(0, 30, 3, 1);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(34, 33);call #Ultimate.allocInit(30, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {47765#true} is VALID [2022-02-20 18:02:44,493 INFO L290 TraceCheckUtils]: 1: Hoare triple {47765#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet65#1, main_#t~ret66#1, main_~retValue_acc~37#1, main_~tmp~11#1;assume -2147483648 <= main_#t~nondet65#1 && main_#t~nondet65#1 <= 2147483647;main_~retValue_acc~37#1 := main_#t~nondet65#1;havoc main_#t~nondet65#1;havoc main_~tmp~11#1;assume { :begin_inline_select_helpers } true; {47765#true} is VALID [2022-02-20 18:02:44,493 INFO L290 TraceCheckUtils]: 2: Hoare triple {47765#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {47765#true} is VALID [2022-02-20 18:02:44,493 INFO L290 TraceCheckUtils]: 3: Hoare triple {47765#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~36#1;havoc valid_product_~retValue_acc~36#1;valid_product_~retValue_acc~36#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~36#1; {47765#true} is VALID [2022-02-20 18:02:44,493 INFO L290 TraceCheckUtils]: 4: Hoare triple {47765#true} main_#t~ret66#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret66#1 && main_#t~ret66#1 <= 2147483647;main_~tmp~11#1 := main_#t~ret66#1;havoc main_#t~ret66#1; {47765#true} is VALID [2022-02-20 18:02:44,494 INFO L290 TraceCheckUtils]: 5: Hoare triple {47765#true} assume 0 != main_~tmp~11#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet62#1, setup_#t~nondet63#1, setup_#t~nondet64#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {47765#true} is VALID [2022-02-20 18:02:44,494 INFO L272 TraceCheckUtils]: 6: Hoare triple {47765#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:44,494 INFO L290 TraceCheckUtils]: 7: Hoare triple {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,494 INFO L290 TraceCheckUtils]: 8: Hoare triple {47765#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,494 INFO L290 TraceCheckUtils]: 9: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,495 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {47765#true} {47765#true} #1094#return; {47765#true} is VALID [2022-02-20 18:02:44,495 INFO L290 TraceCheckUtils]: 11: Hoare triple {47765#true} assume { :end_inline_setup_bob__wrappee__Base } true; {47765#true} is VALID [2022-02-20 18:02:44,495 INFO L272 TraceCheckUtils]: 12: Hoare triple {47765#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:44,496 INFO L290 TraceCheckUtils]: 13: Hoare triple {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,496 INFO L290 TraceCheckUtils]: 14: Hoare triple {47765#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,511 INFO L290 TraceCheckUtils]: 15: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,511 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {47765#true} {47765#true} #1096#return; {47765#true} is VALID [2022-02-20 18:02:44,511 INFO L290 TraceCheckUtils]: 17: Hoare triple {47765#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 26, 0;havoc setup_#t~nondet62#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {47765#true} is VALID [2022-02-20 18:02:44,512 INFO L272 TraceCheckUtils]: 18: Hoare triple {47765#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:44,512 INFO L290 TraceCheckUtils]: 19: Hoare triple {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,512 INFO L290 TraceCheckUtils]: 20: Hoare triple {47765#true} assume !(1 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,512 INFO L290 TraceCheckUtils]: 21: Hoare triple {47765#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,512 INFO L290 TraceCheckUtils]: 22: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,513 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {47765#true} {47765#true} #1098#return; {47765#true} is VALID [2022-02-20 18:02:44,513 INFO L290 TraceCheckUtils]: 24: Hoare triple {47765#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {47765#true} is VALID [2022-02-20 18:02:44,513 INFO L272 TraceCheckUtils]: 25: Hoare triple {47765#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:44,513 INFO L290 TraceCheckUtils]: 26: Hoare triple {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,513 INFO L290 TraceCheckUtils]: 27: Hoare triple {47765#true} assume !(1 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,514 INFO L290 TraceCheckUtils]: 28: Hoare triple {47765#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,514 INFO L290 TraceCheckUtils]: 29: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,514 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {47765#true} {47765#true} #1100#return; {47765#true} is VALID [2022-02-20 18:02:44,514 INFO L290 TraceCheckUtils]: 31: Hoare triple {47765#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 27, 0;havoc setup_#t~nondet63#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {47765#true} is VALID [2022-02-20 18:02:44,514 INFO L272 TraceCheckUtils]: 32: Hoare triple {47765#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:44,515 INFO L290 TraceCheckUtils]: 33: Hoare triple {47821#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,515 INFO L290 TraceCheckUtils]: 34: Hoare triple {47765#true} assume !(1 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,515 INFO L290 TraceCheckUtils]: 35: Hoare triple {47765#true} assume !(2 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,515 INFO L290 TraceCheckUtils]: 36: Hoare triple {47765#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,515 INFO L290 TraceCheckUtils]: 37: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,515 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {47765#true} {47765#true} #1102#return; {47765#true} is VALID [2022-02-20 18:02:44,515 INFO L290 TraceCheckUtils]: 39: Hoare triple {47765#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {47765#true} is VALID [2022-02-20 18:02:44,516 INFO L272 TraceCheckUtils]: 40: Hoare triple {47765#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:44,516 INFO L290 TraceCheckUtils]: 41: Hoare triple {47822#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,516 INFO L290 TraceCheckUtils]: 42: Hoare triple {47765#true} assume !(1 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,516 INFO L290 TraceCheckUtils]: 43: Hoare triple {47765#true} assume !(2 == ~handle); {47765#true} is VALID [2022-02-20 18:02:44,516 INFO L290 TraceCheckUtils]: 44: Hoare triple {47765#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,516 INFO L290 TraceCheckUtils]: 45: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,517 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {47765#true} {47765#true} #1104#return; {47765#true} is VALID [2022-02-20 18:02:44,517 INFO L290 TraceCheckUtils]: 47: Hoare triple {47765#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 28, 0;havoc setup_#t~nondet64#1; {47765#true} is VALID [2022-02-20 18:02:44,517 INFO L290 TraceCheckUtils]: 48: Hoare triple {47765#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~9#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~9#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,517 INFO L290 TraceCheckUtils]: 49: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !false; {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,518 INFO L290 TraceCheckUtils]: 50: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,518 INFO L290 TraceCheckUtils]: 51: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,518 INFO L290 TraceCheckUtils]: 52: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,518 INFO L290 TraceCheckUtils]: 53: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,519 INFO L290 TraceCheckUtils]: 54: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,519 INFO L290 TraceCheckUtils]: 55: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,519 INFO L290 TraceCheckUtils]: 56: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,519 INFO L290 TraceCheckUtils]: 57: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 18:02:44,520 INFO L290 TraceCheckUtils]: 58: Hoare triple {47797#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 == test_~op4~0#1); {47766#false} is VALID [2022-02-20 18:02:44,520 INFO L290 TraceCheckUtils]: 59: Hoare triple {47766#false} assume !(0 == test_~op5~0#1); {47766#false} is VALID [2022-02-20 18:02:44,520 INFO L290 TraceCheckUtils]: 60: Hoare triple {47766#false} assume !(0 == test_~op6~0#1); {47766#false} is VALID [2022-02-20 18:02:44,520 INFO L290 TraceCheckUtils]: 61: Hoare triple {47766#false} assume !(0 == test_~op7~0#1); {47766#false} is VALID [2022-02-20 18:02:44,520 INFO L290 TraceCheckUtils]: 62: Hoare triple {47766#false} assume !(0 == test_~op8~0#1); {47766#false} is VALID [2022-02-20 18:02:44,520 INFO L290 TraceCheckUtils]: 63: Hoare triple {47766#false} assume !(0 == test_~op9~0#1); {47766#false} is VALID [2022-02-20 18:02:44,520 INFO L290 TraceCheckUtils]: 64: Hoare triple {47766#false} assume !(0 == test_~op10~0#1); {47766#false} is VALID [2022-02-20 18:02:44,521 INFO L290 TraceCheckUtils]: 65: Hoare triple {47766#false} assume !(0 == test_~op11~0#1); {47766#false} is VALID [2022-02-20 18:02:44,521 INFO L290 TraceCheckUtils]: 66: Hoare triple {47766#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret57#1, bobToRjh_#t~ret58#1, bobToRjh_#t~ret59#1, bobToRjh_#t~ret60#1, bobToRjh_~tmp~10#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~2#1;havoc bobToRjh_~tmp~10#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~2#1;call bobToRjh_#t~ret57#1 := puts(24, 0);assume -2147483648 <= bobToRjh_#t~ret57#1 && bobToRjh_#t~ret57#1 <= 2147483647;havoc bobToRjh_#t~ret57#1; {47766#false} is VALID [2022-02-20 18:02:44,521 INFO L272 TraceCheckUtils]: 67: Hoare triple {47766#false} call sendEmail(~bob~0, ~rjh~0); {47766#false} is VALID [2022-02-20 18:02:44,521 INFO L290 TraceCheckUtils]: 68: Hoare triple {47766#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~17#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~34#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~34#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {47766#false} is VALID [2022-02-20 18:02:44,521 INFO L272 TraceCheckUtils]: 69: Hoare triple {47766#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {47823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:44,521 INFO L290 TraceCheckUtils]: 70: Hoare triple {47823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,521 INFO L290 TraceCheckUtils]: 71: Hoare triple {47765#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,521 INFO L290 TraceCheckUtils]: 72: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,521 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {47765#true} {47766#false} #1066#return; {47766#false} is VALID [2022-02-20 18:02:44,522 INFO L272 TraceCheckUtils]: 74: Hoare triple {47766#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {47824#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:44,522 INFO L290 TraceCheckUtils]: 75: Hoare triple {47824#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,522 INFO L290 TraceCheckUtils]: 76: Hoare triple {47765#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,522 INFO L290 TraceCheckUtils]: 77: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,522 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {47765#true} {47766#false} #1068#return; {47766#false} is VALID [2022-02-20 18:02:44,522 INFO L290 TraceCheckUtils]: 79: Hoare triple {47766#false} createEmail_~retValue_acc~34#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~34#1; {47766#false} is VALID [2022-02-20 18:02:44,522 INFO L290 TraceCheckUtils]: 80: Hoare triple {47766#false} #t~ret89#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret89#1 && #t~ret89#1 <= 2147483647;~tmp~17#1 := #t~ret89#1;havoc #t~ret89#1;~email~0#1 := ~tmp~17#1; {47766#false} is VALID [2022-02-20 18:02:44,522 INFO L272 TraceCheckUtils]: 81: Hoare triple {47766#false} call outgoing(~sender#1, ~email~0#1); {47766#false} is VALID [2022-02-20 18:02:44,522 INFO L290 TraceCheckUtils]: 82: Hoare triple {47766#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret91#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~13#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~13#1; {47766#false} is VALID [2022-02-20 18:02:44,523 INFO L290 TraceCheckUtils]: 83: Hoare triple {47766#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~13#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~13#1; {47766#false} is VALID [2022-02-20 18:02:44,523 INFO L290 TraceCheckUtils]: 84: Hoare triple {47766#false} sign_#t~ret91#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret91#1 && sign_#t~ret91#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret91#1;havoc sign_#t~ret91#1;sign_~privkey~0#1 := sign_~tmp~18#1; {47766#false} is VALID [2022-02-20 18:02:44,523 INFO L290 TraceCheckUtils]: 85: Hoare triple {47766#false} assume 0 == sign_~privkey~0#1; {47766#false} is VALID [2022-02-20 18:02:44,523 INFO L290 TraceCheckUtils]: 86: Hoare triple {47766#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1, outgoing__wrappee__AddressBook_#t~ret82#1, outgoing__wrappee__AddressBook_#t~ret83#1, outgoing__wrappee__AddressBook_#t~ret84#1, outgoing__wrappee__AddressBook_#t~ret85#1, outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~15#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~5#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~15#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~5#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {47766#false} is VALID [2022-02-20 18:02:44,523 INFO L272 TraceCheckUtils]: 87: Hoare triple {47766#false} call outgoing__wrappee__AddressBook_#t~ret81#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {47765#true} is VALID [2022-02-20 18:02:44,523 INFO L290 TraceCheckUtils]: 88: Hoare triple {47765#true} ~handle := #in~handle;havoc ~retValue_acc~7; {47765#true} is VALID [2022-02-20 18:02:44,523 INFO L290 TraceCheckUtils]: 89: Hoare triple {47765#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~7; {47765#true} is VALID [2022-02-20 18:02:44,523 INFO L290 TraceCheckUtils]: 90: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,524 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {47765#true} {47766#false} #1048#return; {47766#false} is VALID [2022-02-20 18:02:44,524 INFO L290 TraceCheckUtils]: 92: Hoare triple {47766#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret81#1 && outgoing__wrappee__AddressBook_#t~ret81#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~15#1 := outgoing__wrappee__AddressBook_#t~ret81#1;havoc outgoing__wrappee__AddressBook_#t~ret81#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~15#1; {47766#false} is VALID [2022-02-20 18:02:44,524 INFO L290 TraceCheckUtils]: 93: Hoare triple {47766#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {47766#false} is VALID [2022-02-20 18:02:44,524 INFO L272 TraceCheckUtils]: 94: Hoare triple {47766#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {47766#false} is VALID [2022-02-20 18:02:44,524 INFO L290 TraceCheckUtils]: 95: Hoare triple {47766#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~20#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~20#1; {47766#false} is VALID [2022-02-20 18:02:44,524 INFO L290 TraceCheckUtils]: 96: Hoare triple {47766#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~20#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~20#1; {47766#false} is VALID [2022-02-20 18:02:44,524 INFO L290 TraceCheckUtils]: 97: Hoare triple {47766#false} #t~ret80#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret80#1 && #t~ret80#1 <= 2147483647;~tmp~14#1 := #t~ret80#1;havoc #t~ret80#1; {47766#false} is VALID [2022-02-20 18:02:44,524 INFO L272 TraceCheckUtils]: 98: Hoare triple {47766#false} call setEmailFrom(~msg#1, ~tmp~14#1); {47823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:44,524 INFO L290 TraceCheckUtils]: 99: Hoare triple {47823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {47765#true} is VALID [2022-02-20 18:02:44,525 INFO L290 TraceCheckUtils]: 100: Hoare triple {47765#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {47765#true} is VALID [2022-02-20 18:02:44,525 INFO L290 TraceCheckUtils]: 101: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,525 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {47765#true} {47766#false} #1072#return; {47766#false} is VALID [2022-02-20 18:02:44,525 INFO L290 TraceCheckUtils]: 103: Hoare triple {47766#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret78#1, mail_#t~ret79#1, mail_~client#1, mail_~msg#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~13#1;call mail_#t~ret78#1 := puts(32, 0);assume -2147483648 <= mail_#t~ret78#1 && mail_#t~ret78#1 <= 2147483647;havoc mail_#t~ret78#1; {47766#false} is VALID [2022-02-20 18:02:44,525 INFO L272 TraceCheckUtils]: 104: Hoare triple {47766#false} call mail_#t~ret79#1 := getEmailTo(mail_~msg#1); {47765#true} is VALID [2022-02-20 18:02:44,525 INFO L290 TraceCheckUtils]: 105: Hoare triple {47765#true} ~handle := #in~handle;havoc ~retValue_acc~24; {47765#true} is VALID [2022-02-20 18:02:44,525 INFO L290 TraceCheckUtils]: 106: Hoare triple {47765#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {47765#true} is VALID [2022-02-20 18:02:44,525 INFO L290 TraceCheckUtils]: 107: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,525 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {47765#true} {47766#false} #1074#return; {47766#false} is VALID [2022-02-20 18:02:44,526 INFO L290 TraceCheckUtils]: 109: Hoare triple {47766#false} assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;mail_~tmp~13#1 := mail_#t~ret79#1;havoc mail_#t~ret79#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~13#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret92#1, verify_#t~ret93#1, verify_#t~ret94#1, verify_#t~ret95#1, verify_#t~ret96#1, verify_#t~ret97#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~19#1, verify_~tmp___0~6#1, verify_~pubkey~0#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~0#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~0#1; {47766#false} is VALID [2022-02-20 18:02:44,526 INFO L272 TraceCheckUtils]: 110: Hoare triple {47766#false} call __utac_acc__EncryptVerify_spec__1_#t~ret4#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {47765#true} is VALID [2022-02-20 18:02:44,526 INFO L290 TraceCheckUtils]: 111: Hoare triple {47765#true} ~msg := #in~msg;havoc ~retValue_acc~32;~retValue_acc~32 := 1;#res := ~retValue_acc~32; {47765#true} is VALID [2022-02-20 18:02:44,526 INFO L290 TraceCheckUtils]: 112: Hoare triple {47765#true} assume true; {47765#true} is VALID [2022-02-20 18:02:44,526 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {47765#true} {47766#false} #1076#return; {47766#false} is VALID [2022-02-20 18:02:44,526 INFO L290 TraceCheckUtils]: 114: Hoare triple {47766#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret4#1 && __utac_acc__EncryptVerify_spec__1_#t~ret4#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~0#1 := __utac_acc__EncryptVerify_spec__1_#t~ret4#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret4#1; {47766#false} is VALID [2022-02-20 18:02:44,526 INFO L290 TraceCheckUtils]: 115: Hoare triple {47766#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~0#1);assume { :begin_inline___automaton_fail } true; {47766#false} is VALID [2022-02-20 18:02:44,526 INFO L290 TraceCheckUtils]: 116: Hoare triple {47766#false} assume !false; {47766#false} is VALID [2022-02-20 18:02:44,527 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:44,527 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:44,527 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1024049376] [2022-02-20 18:02:44,527 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1024049376] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:44,527 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:44,527 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:02:44,527 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [9424972] [2022-02-20 18:02:44,528 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:44,528 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 11.0) internal successors, (77), 3 states have internal predecessors, (77), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 117 [2022-02-20 18:02:44,529 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:44,529 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 11.0) internal successors, (77), 3 states have internal predecessors, (77), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:44,624 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:44,624 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:02:44,624 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:44,625 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:02:44,625 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:02:44,625 INFO L87 Difference]: Start difference. First operand 1805 states and 3096 transitions. Second operand has 7 states, 7 states have (on average 11.0) internal successors, (77), 3 states have internal predecessors, (77), 2 states have call successors, (15), 6 states have call predecessors, (15), 1 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12)