./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec7_product23.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec7_product23.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1bb2b79cb955f3674656871a8781fc51d3f295e24daabeaa86e62b128ba42f2a --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:01:51,113 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:01:51,115 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:01:51,143 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:01:51,143 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:01:51,146 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:01:51,147 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:01:51,151 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:01:51,153 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:01:51,156 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:01:51,157 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:01:51,158 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:01:51,158 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:01:51,160 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:01:51,162 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:01:51,165 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:01:51,167 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:01:51,167 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:01:51,169 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:01:51,176 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:01:51,177 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:01:51,178 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:01:51,179 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:01:51,180 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:01:51,187 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:01:51,188 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:01:51,188 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:01:51,189 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:01:51,190 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:01:51,191 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:01:51,191 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:01:51,192 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:01:51,194 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:01:51,195 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:01:51,196 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:01:51,196 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:01:51,196 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:01:51,197 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:01:51,197 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:01:51,198 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:01:51,198 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:01:51,199 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:01:51,228 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:01:51,228 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:01:51,229 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:01:51,229 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:01:51,230 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:01:51,230 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:01:51,230 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:01:51,231 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:01:51,231 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:01:51,231 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:01:51,232 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:01:51,232 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:01:51,232 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:01:51,232 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:01:51,232 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:01:51,232 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:01:51,233 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:01:51,233 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:01:51,233 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:01:51,233 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:01:51,233 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:01:51,234 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:01:51,234 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:01:51,234 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:01:51,234 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:01:51,234 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:01:51,235 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:01:51,235 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:01:51,235 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:01:51,235 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:01:51,235 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:01:51,236 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:01:51,236 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:01:51,236 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1bb2b79cb955f3674656871a8781fc51d3f295e24daabeaa86e62b128ba42f2a [2022-02-20 18:01:51,436 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:01:51,450 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:01:51,451 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:01:51,452 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:01:51,467 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:01:51,468 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec7_product23.cil.c [2022-02-20 18:01:51,519 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/769bd1d6f/f40243bd131249bf9e9a01eb2809e10f/FLAG6c3dba46b [2022-02-20 18:01:51,967 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:01:51,969 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product23.cil.c [2022-02-20 18:01:51,991 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/769bd1d6f/f40243bd131249bf9e9a01eb2809e10f/FLAG6c3dba46b [2022-02-20 18:01:52,315 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/769bd1d6f/f40243bd131249bf9e9a01eb2809e10f [2022-02-20 18:01:52,316 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:01:52,317 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:01:52,318 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:01:52,319 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:01:52,326 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:01:52,327 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:52,328 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@12f42eab and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52, skipping insertion in model container [2022-02-20 18:01:52,328 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:52,333 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:01:52,390 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:01:52,694 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product23.cil.c[18387,18400] [2022-02-20 18:01:52,848 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:01:52,859 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:01:52,909 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product23.cil.c[18387,18400] [2022-02-20 18:01:52,958 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:01:52,984 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:01:52,985 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52 WrapperNode [2022-02-20 18:01:52,985 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:01:52,986 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:01:52,986 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:01:52,986 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:01:52,992 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,013 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,074 INFO L137 Inliner]: procedures = 130, calls = 215, calls flagged for inlining = 60, calls inlined = 53, statements flattened = 978 [2022-02-20 18:01:53,078 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:01:53,079 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:01:53,079 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:01:53,079 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:01:53,085 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,085 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,089 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,090 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,102 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,110 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,113 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,118 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:01:53,119 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:01:53,119 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:01:53,120 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:01:53,121 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (1/1) ... [2022-02-20 18:01:53,140 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:01:53,151 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:53,161 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:01:53,163 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:01:53,189 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:01:53,190 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:01:53,190 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:01:53,190 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:01:53,190 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:01:53,190 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:01:53,191 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__AutoResponder [2022-02-20 18:01:53,191 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__AutoResponder [2022-02-20 18:01:53,191 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:01:53,191 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:01:53,191 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:01:53,191 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:01:53,191 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:01:53,192 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:01:53,192 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:01:53,192 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:01:53,192 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:01:53,192 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:01:53,192 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:01:53,192 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:01:53,193 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:01:53,193 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:01:53,193 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:01:53,193 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:01:53,193 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:01:53,193 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:01:53,193 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:01:53,193 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:01:53,194 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:01:53,194 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:01:53,194 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:01:53,194 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:01:53,194 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:01:53,194 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:01:53,194 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:01:53,195 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:01:53,195 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:01:53,195 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:01:53,195 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:01:53,195 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:01:53,195 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:01:53,196 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:01:53,196 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:01:53,196 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:01:53,196 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:01:53,196 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:01:53,196 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:01:53,411 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:01:53,412 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:01:54,060 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:01:54,068 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:01:54,069 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:01:54,070 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:01:54 BoogieIcfgContainer [2022-02-20 18:01:54,070 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:01:54,071 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:01:54,071 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:01:54,074 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:01:54,074 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:01:52" (1/3) ... [2022-02-20 18:01:54,075 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6a81da0f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:01:54, skipping insertion in model container [2022-02-20 18:01:54,075 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:01:52" (2/3) ... [2022-02-20 18:01:54,075 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6a81da0f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:01:54, skipping insertion in model container [2022-02-20 18:01:54,075 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:01:54" (3/3) ... [2022-02-20 18:01:54,076 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec7_product23.cil.c [2022-02-20 18:01:54,080 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:01:54,080 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:01:54,112 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:01:54,116 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:01:54,117 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:01:54,138 INFO L276 IsEmpty]: Start isEmpty. Operand has 362 states, 289 states have (on average 1.5813148788927336) internal successors, (457), 292 states have internal predecessors, (457), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (50), 49 states have call predecessors, (50), 50 states have call successors, (50) [2022-02-20 18:01:54,150 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 96 [2022-02-20 18:01:54,150 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:54,151 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:54,152 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:54,156 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:54,157 INFO L85 PathProgramCache]: Analyzing trace with hash -1154662713, now seen corresponding path program 1 times [2022-02-20 18:01:54,165 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:54,166 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [995086374] [2022-02-20 18:01:54,166 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:54,167 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:54,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,462 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:54,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,475 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,476 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,476 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {365#true} #1151#return; {365#true} is VALID [2022-02-20 18:01:54,484 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:54,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {365#true} #1153#return; {365#true} is VALID [2022-02-20 18:01:54,493 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:54,497 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,517 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {417#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:54,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {417#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {418#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:54,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {418#(= |setClientId_#in~handle| 1)} assume true; {418#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:54,519 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {418#(= |setClientId_#in~handle| 1)} {375#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1155#return; {366#false} is VALID [2022-02-20 18:01:54,520 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:54,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,527 INFO L290 TraceCheckUtils]: 0: Hoare triple {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,528 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,528 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {366#false} #1157#return; {366#false} is VALID [2022-02-20 18:01:54,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:54,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,537 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {366#false} #1159#return; {366#false} is VALID [2022-02-20 18:01:54,538 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:54,541 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,545 INFO L290 TraceCheckUtils]: 0: Hoare triple {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,546 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,546 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {366#false} #1161#return; {366#false} is VALID [2022-02-20 18:01:54,554 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:01:54,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,561 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,561 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,561 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {366#false} #1119#return; {366#false} is VALID [2022-02-20 18:01:54,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:01:54,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,576 INFO L290 TraceCheckUtils]: 0: Hoare triple {420#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,577 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,577 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,577 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {366#false} #1121#return; {366#false} is VALID [2022-02-20 18:01:54,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:01:54,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,583 INFO L290 TraceCheckUtils]: 0: Hoare triple {365#true} ~handle := #in~handle;havoc ~retValue_acc~25; {365#true} is VALID [2022-02-20 18:01:54,583 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {365#true} is VALID [2022-02-20 18:01:54,584 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,584 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {366#false} #1101#return; {366#false} is VALID [2022-02-20 18:01:54,584 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:01:54,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,594 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,594 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,594 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {366#false} #1133#return; {366#false} is VALID [2022-02-20 18:01:54,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:01:54,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {365#true} ~handle := #in~handle;havoc ~retValue_acc~12; {365#true} is VALID [2022-02-20 18:01:54,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {365#true} is VALID [2022-02-20 18:01:54,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {365#true} {366#false} #1135#return; {366#false} is VALID [2022-02-20 18:01:54,606 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:01:54,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:54,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {365#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {365#true} is VALID [2022-02-20 18:01:54,613 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,613 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {365#true} {366#false} #1137#return; {366#false} is VALID [2022-02-20 18:01:54,621 INFO L290 TraceCheckUtils]: 0: Hoare triple {365#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {365#true} is VALID [2022-02-20 18:01:54,622 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {365#true} is VALID [2022-02-20 18:01:54,622 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {365#true} is VALID [2022-02-20 18:01:54,623 INFO L290 TraceCheckUtils]: 3: Hoare triple {365#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {365#true} is VALID [2022-02-20 18:01:54,624 INFO L290 TraceCheckUtils]: 4: Hoare triple {365#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {365#true} is VALID [2022-02-20 18:01:54,626 INFO L290 TraceCheckUtils]: 5: Hoare triple {365#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {365#true} is VALID [2022-02-20 18:01:54,628 INFO L272 TraceCheckUtils]: 6: Hoare triple {365#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:54,629 INFO L290 TraceCheckUtils]: 7: Hoare triple {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,629 INFO L290 TraceCheckUtils]: 8: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,629 INFO L290 TraceCheckUtils]: 9: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,630 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {365#true} {365#true} #1151#return; {365#true} is VALID [2022-02-20 18:01:54,630 INFO L290 TraceCheckUtils]: 11: Hoare triple {365#true} assume { :end_inline_setup_bob__wrappee__Base } true; {365#true} is VALID [2022-02-20 18:01:54,631 INFO L272 TraceCheckUtils]: 12: Hoare triple {365#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:54,655 INFO L290 TraceCheckUtils]: 13: Hoare triple {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,655 INFO L290 TraceCheckUtils]: 14: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,655 INFO L290 TraceCheckUtils]: 15: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,655 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {365#true} {365#true} #1153#return; {365#true} is VALID [2022-02-20 18:01:54,658 INFO L290 TraceCheckUtils]: 17: Hoare triple {365#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {375#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:54,659 INFO L272 TraceCheckUtils]: 18: Hoare triple {375#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:54,660 INFO L290 TraceCheckUtils]: 19: Hoare triple {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {417#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:54,660 INFO L290 TraceCheckUtils]: 20: Hoare triple {417#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {418#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:54,661 INFO L290 TraceCheckUtils]: 21: Hoare triple {418#(= |setClientId_#in~handle| 1)} assume true; {418#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:54,662 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {418#(= |setClientId_#in~handle| 1)} {375#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1155#return; {366#false} is VALID [2022-02-20 18:01:54,662 INFO L290 TraceCheckUtils]: 23: Hoare triple {366#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {366#false} is VALID [2022-02-20 18:01:54,663 INFO L272 TraceCheckUtils]: 24: Hoare triple {366#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:54,663 INFO L290 TraceCheckUtils]: 25: Hoare triple {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,664 INFO L290 TraceCheckUtils]: 26: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,664 INFO L290 TraceCheckUtils]: 27: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,664 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {365#true} {366#false} #1157#return; {366#false} is VALID [2022-02-20 18:01:54,665 INFO L290 TraceCheckUtils]: 29: Hoare triple {366#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {366#false} is VALID [2022-02-20 18:01:54,665 INFO L272 TraceCheckUtils]: 30: Hoare triple {366#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:54,666 INFO L290 TraceCheckUtils]: 31: Hoare triple {415#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,666 INFO L290 TraceCheckUtils]: 32: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,666 INFO L290 TraceCheckUtils]: 33: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,666 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {365#true} {366#false} #1159#return; {366#false} is VALID [2022-02-20 18:01:54,667 INFO L290 TraceCheckUtils]: 35: Hoare triple {366#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {366#false} is VALID [2022-02-20 18:01:54,668 INFO L272 TraceCheckUtils]: 36: Hoare triple {366#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:54,668 INFO L290 TraceCheckUtils]: 37: Hoare triple {416#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,668 INFO L290 TraceCheckUtils]: 38: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,669 INFO L290 TraceCheckUtils]: 39: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,670 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {365#true} {366#false} #1161#return; {366#false} is VALID [2022-02-20 18:01:54,670 INFO L290 TraceCheckUtils]: 41: Hoare triple {366#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {366#false} is VALID [2022-02-20 18:01:54,671 INFO L290 TraceCheckUtils]: 42: Hoare triple {366#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {366#false} is VALID [2022-02-20 18:01:54,671 INFO L290 TraceCheckUtils]: 43: Hoare triple {366#false} assume false; {366#false} is VALID [2022-02-20 18:01:54,671 INFO L290 TraceCheckUtils]: 44: Hoare triple {366#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {366#false} is VALID [2022-02-20 18:01:54,672 INFO L272 TraceCheckUtils]: 45: Hoare triple {366#false} call sendEmail(~bob~0, ~rjh~0); {366#false} is VALID [2022-02-20 18:01:54,672 INFO L290 TraceCheckUtils]: 46: Hoare triple {366#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {366#false} is VALID [2022-02-20 18:01:54,672 INFO L272 TraceCheckUtils]: 47: Hoare triple {366#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:54,672 INFO L290 TraceCheckUtils]: 48: Hoare triple {419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,673 INFO L290 TraceCheckUtils]: 49: Hoare triple {365#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,673 INFO L290 TraceCheckUtils]: 50: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,673 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {365#true} {366#false} #1119#return; {366#false} is VALID [2022-02-20 18:01:54,674 INFO L272 TraceCheckUtils]: 52: Hoare triple {366#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {420#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:54,676 INFO L290 TraceCheckUtils]: 53: Hoare triple {420#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,677 INFO L290 TraceCheckUtils]: 54: Hoare triple {365#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,677 INFO L290 TraceCheckUtils]: 55: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,677 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {365#true} {366#false} #1121#return; {366#false} is VALID [2022-02-20 18:01:54,678 INFO L290 TraceCheckUtils]: 57: Hoare triple {366#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {366#false} is VALID [2022-02-20 18:01:54,678 INFO L290 TraceCheckUtils]: 58: Hoare triple {366#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {366#false} is VALID [2022-02-20 18:01:54,678 INFO L272 TraceCheckUtils]: 59: Hoare triple {366#false} call outgoing(~sender#1, ~email~0#1); {366#false} is VALID [2022-02-20 18:01:54,678 INFO L290 TraceCheckUtils]: 60: Hoare triple {366#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {366#false} is VALID [2022-02-20 18:01:54,679 INFO L290 TraceCheckUtils]: 61: Hoare triple {366#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {366#false} is VALID [2022-02-20 18:01:54,679 INFO L290 TraceCheckUtils]: 62: Hoare triple {366#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {366#false} is VALID [2022-02-20 18:01:54,679 INFO L290 TraceCheckUtils]: 63: Hoare triple {366#false} assume 0 == sign_~privkey~0#1; {366#false} is VALID [2022-02-20 18:01:54,681 INFO L290 TraceCheckUtils]: 64: Hoare triple {366#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {366#false} is VALID [2022-02-20 18:01:54,682 INFO L272 TraceCheckUtils]: 65: Hoare triple {366#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {365#true} is VALID [2022-02-20 18:01:54,682 INFO L290 TraceCheckUtils]: 66: Hoare triple {365#true} ~handle := #in~handle;havoc ~retValue_acc~25; {365#true} is VALID [2022-02-20 18:01:54,683 INFO L290 TraceCheckUtils]: 67: Hoare triple {365#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {365#true} is VALID [2022-02-20 18:01:54,684 INFO L290 TraceCheckUtils]: 68: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,699 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {365#true} {366#false} #1101#return; {366#false} is VALID [2022-02-20 18:01:54,699 INFO L290 TraceCheckUtils]: 70: Hoare triple {366#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {366#false} is VALID [2022-02-20 18:01:54,700 INFO L290 TraceCheckUtils]: 71: Hoare triple {366#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {366#false} is VALID [2022-02-20 18:01:54,700 INFO L272 TraceCheckUtils]: 72: Hoare triple {366#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {366#false} is VALID [2022-02-20 18:01:54,700 INFO L290 TraceCheckUtils]: 73: Hoare triple {366#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {366#false} is VALID [2022-02-20 18:01:54,700 INFO L290 TraceCheckUtils]: 74: Hoare triple {366#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {366#false} is VALID [2022-02-20 18:01:54,700 INFO L290 TraceCheckUtils]: 75: Hoare triple {366#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {366#false} is VALID [2022-02-20 18:01:54,700 INFO L272 TraceCheckUtils]: 76: Hoare triple {366#false} call setEmailFrom(~msg#1, ~tmp~1#1); {419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:54,700 INFO L290 TraceCheckUtils]: 77: Hoare triple {419#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:54,700 INFO L290 TraceCheckUtils]: 78: Hoare triple {365#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:54,701 INFO L290 TraceCheckUtils]: 79: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,701 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {365#true} {366#false} #1133#return; {366#false} is VALID [2022-02-20 18:01:54,701 INFO L290 TraceCheckUtils]: 81: Hoare triple {366#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {366#false} is VALID [2022-02-20 18:01:54,701 INFO L272 TraceCheckUtils]: 82: Hoare triple {366#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {365#true} is VALID [2022-02-20 18:01:54,701 INFO L290 TraceCheckUtils]: 83: Hoare triple {365#true} ~handle := #in~handle;havoc ~retValue_acc~12; {365#true} is VALID [2022-02-20 18:01:54,701 INFO L290 TraceCheckUtils]: 84: Hoare triple {365#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {365#true} is VALID [2022-02-20 18:01:54,701 INFO L290 TraceCheckUtils]: 85: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,701 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {365#true} {366#false} #1135#return; {366#false} is VALID [2022-02-20 18:01:54,702 INFO L290 TraceCheckUtils]: 87: Hoare triple {366#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {366#false} is VALID [2022-02-20 18:01:54,702 INFO L272 TraceCheckUtils]: 88: Hoare triple {366#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {365#true} is VALID [2022-02-20 18:01:54,702 INFO L290 TraceCheckUtils]: 89: Hoare triple {365#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {365#true} is VALID [2022-02-20 18:01:54,702 INFO L290 TraceCheckUtils]: 90: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:54,702 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {365#true} {366#false} #1137#return; {366#false} is VALID [2022-02-20 18:01:54,702 INFO L290 TraceCheckUtils]: 92: Hoare triple {366#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {366#false} is VALID [2022-02-20 18:01:54,702 INFO L290 TraceCheckUtils]: 93: Hoare triple {366#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {366#false} is VALID [2022-02-20 18:01:54,702 INFO L290 TraceCheckUtils]: 94: Hoare triple {366#false} assume !false; {366#false} is VALID [2022-02-20 18:01:54,703 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:01:54,703 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:54,704 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [995086374] [2022-02-20 18:01:54,704 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [995086374] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:54,704 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1852723702] [2022-02-20 18:01:54,704 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:54,705 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:54,705 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:54,710 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:54,716 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:01:55,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:55,022 INFO L263 TraceCheckSpWp]: Trace formula consists of 1037 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:01:55,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:55,118 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:55,343 INFO L290 TraceCheckUtils]: 0: Hoare triple {365#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {365#true} is VALID [2022-02-20 18:01:55,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {365#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {365#true} is VALID [2022-02-20 18:01:55,344 INFO L290 TraceCheckUtils]: 2: Hoare triple {365#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {365#true} is VALID [2022-02-20 18:01:55,344 INFO L290 TraceCheckUtils]: 3: Hoare triple {365#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {365#true} is VALID [2022-02-20 18:01:55,344 INFO L290 TraceCheckUtils]: 4: Hoare triple {365#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {365#true} is VALID [2022-02-20 18:01:55,345 INFO L290 TraceCheckUtils]: 5: Hoare triple {365#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {365#true} is VALID [2022-02-20 18:01:55,345 INFO L272 TraceCheckUtils]: 6: Hoare triple {365#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {365#true} is VALID [2022-02-20 18:01:55,345 INFO L290 TraceCheckUtils]: 7: Hoare triple {365#true} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:55,345 INFO L290 TraceCheckUtils]: 8: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:55,345 INFO L290 TraceCheckUtils]: 9: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:55,345 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {365#true} {365#true} #1151#return; {365#true} is VALID [2022-02-20 18:01:55,346 INFO L290 TraceCheckUtils]: 11: Hoare triple {365#true} assume { :end_inline_setup_bob__wrappee__Base } true; {365#true} is VALID [2022-02-20 18:01:55,346 INFO L272 TraceCheckUtils]: 12: Hoare triple {365#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {365#true} is VALID [2022-02-20 18:01:55,346 INFO L290 TraceCheckUtils]: 13: Hoare triple {365#true} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:55,346 INFO L290 TraceCheckUtils]: 14: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:55,346 INFO L290 TraceCheckUtils]: 15: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:55,346 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {365#true} {365#true} #1153#return; {365#true} is VALID [2022-02-20 18:01:55,347 INFO L290 TraceCheckUtils]: 17: Hoare triple {365#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {365#true} is VALID [2022-02-20 18:01:55,347 INFO L272 TraceCheckUtils]: 18: Hoare triple {365#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {365#true} is VALID [2022-02-20 18:01:55,347 INFO L290 TraceCheckUtils]: 19: Hoare triple {365#true} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:55,348 INFO L290 TraceCheckUtils]: 20: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:55,348 INFO L290 TraceCheckUtils]: 21: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:55,348 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {365#true} {365#true} #1155#return; {365#true} is VALID [2022-02-20 18:01:55,348 INFO L290 TraceCheckUtils]: 23: Hoare triple {365#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {365#true} is VALID [2022-02-20 18:01:55,348 INFO L272 TraceCheckUtils]: 24: Hoare triple {365#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {365#true} is VALID [2022-02-20 18:01:55,349 INFO L290 TraceCheckUtils]: 25: Hoare triple {365#true} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:55,349 INFO L290 TraceCheckUtils]: 26: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:55,349 INFO L290 TraceCheckUtils]: 27: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:55,349 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {365#true} {365#true} #1157#return; {365#true} is VALID [2022-02-20 18:01:55,349 INFO L290 TraceCheckUtils]: 29: Hoare triple {365#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {365#true} is VALID [2022-02-20 18:01:55,351 INFO L272 TraceCheckUtils]: 30: Hoare triple {365#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {365#true} is VALID [2022-02-20 18:01:55,351 INFO L290 TraceCheckUtils]: 31: Hoare triple {365#true} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:55,352 INFO L290 TraceCheckUtils]: 32: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:55,352 INFO L290 TraceCheckUtils]: 33: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:55,352 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {365#true} {365#true} #1159#return; {365#true} is VALID [2022-02-20 18:01:55,352 INFO L290 TraceCheckUtils]: 35: Hoare triple {365#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {365#true} is VALID [2022-02-20 18:01:55,352 INFO L272 TraceCheckUtils]: 36: Hoare triple {365#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {365#true} is VALID [2022-02-20 18:01:55,353 INFO L290 TraceCheckUtils]: 37: Hoare triple {365#true} ~handle := #in~handle;~value := #in~value; {365#true} is VALID [2022-02-20 18:01:55,353 INFO L290 TraceCheckUtils]: 38: Hoare triple {365#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {365#true} is VALID [2022-02-20 18:01:55,353 INFO L290 TraceCheckUtils]: 39: Hoare triple {365#true} assume true; {365#true} is VALID [2022-02-20 18:01:55,353 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {365#true} {365#true} #1161#return; {365#true} is VALID [2022-02-20 18:01:55,353 INFO L290 TraceCheckUtils]: 41: Hoare triple {365#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {365#true} is VALID [2022-02-20 18:01:55,353 INFO L290 TraceCheckUtils]: 42: Hoare triple {365#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {365#true} is VALID [2022-02-20 18:01:55,354 INFO L290 TraceCheckUtils]: 43: Hoare triple {365#true} assume false; {366#false} is VALID [2022-02-20 18:01:55,355 INFO L290 TraceCheckUtils]: 44: Hoare triple {366#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {366#false} is VALID [2022-02-20 18:01:55,355 INFO L272 TraceCheckUtils]: 45: Hoare triple {366#false} call sendEmail(~bob~0, ~rjh~0); {366#false} is VALID [2022-02-20 18:01:55,355 INFO L290 TraceCheckUtils]: 46: Hoare triple {366#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {366#false} is VALID [2022-02-20 18:01:55,355 INFO L272 TraceCheckUtils]: 47: Hoare triple {366#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {366#false} is VALID [2022-02-20 18:01:55,355 INFO L290 TraceCheckUtils]: 48: Hoare triple {366#false} ~handle := #in~handle;~value := #in~value; {366#false} is VALID [2022-02-20 18:01:55,355 INFO L290 TraceCheckUtils]: 49: Hoare triple {366#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {366#false} is VALID [2022-02-20 18:01:55,356 INFO L290 TraceCheckUtils]: 50: Hoare triple {366#false} assume true; {366#false} is VALID [2022-02-20 18:01:55,356 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {366#false} {366#false} #1119#return; {366#false} is VALID [2022-02-20 18:01:55,356 INFO L272 TraceCheckUtils]: 52: Hoare triple {366#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {366#false} is VALID [2022-02-20 18:01:55,356 INFO L290 TraceCheckUtils]: 53: Hoare triple {366#false} ~handle := #in~handle;~value := #in~value; {366#false} is VALID [2022-02-20 18:01:55,356 INFO L290 TraceCheckUtils]: 54: Hoare triple {366#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {366#false} is VALID [2022-02-20 18:01:55,359 INFO L290 TraceCheckUtils]: 55: Hoare triple {366#false} assume true; {366#false} is VALID [2022-02-20 18:01:55,359 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {366#false} {366#false} #1121#return; {366#false} is VALID [2022-02-20 18:01:55,360 INFO L290 TraceCheckUtils]: 57: Hoare triple {366#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {366#false} is VALID [2022-02-20 18:01:55,360 INFO L290 TraceCheckUtils]: 58: Hoare triple {366#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {366#false} is VALID [2022-02-20 18:01:55,360 INFO L272 TraceCheckUtils]: 59: Hoare triple {366#false} call outgoing(~sender#1, ~email~0#1); {366#false} is VALID [2022-02-20 18:01:55,360 INFO L290 TraceCheckUtils]: 60: Hoare triple {366#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {366#false} is VALID [2022-02-20 18:01:55,361 INFO L290 TraceCheckUtils]: 61: Hoare triple {366#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {366#false} is VALID [2022-02-20 18:01:55,361 INFO L290 TraceCheckUtils]: 62: Hoare triple {366#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {366#false} is VALID [2022-02-20 18:01:55,361 INFO L290 TraceCheckUtils]: 63: Hoare triple {366#false} assume 0 == sign_~privkey~0#1; {366#false} is VALID [2022-02-20 18:01:55,361 INFO L290 TraceCheckUtils]: 64: Hoare triple {366#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {366#false} is VALID [2022-02-20 18:01:55,361 INFO L272 TraceCheckUtils]: 65: Hoare triple {366#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {366#false} is VALID [2022-02-20 18:01:55,361 INFO L290 TraceCheckUtils]: 66: Hoare triple {366#false} ~handle := #in~handle;havoc ~retValue_acc~25; {366#false} is VALID [2022-02-20 18:01:55,362 INFO L290 TraceCheckUtils]: 67: Hoare triple {366#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {366#false} is VALID [2022-02-20 18:01:55,362 INFO L290 TraceCheckUtils]: 68: Hoare triple {366#false} assume true; {366#false} is VALID [2022-02-20 18:01:55,362 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {366#false} {366#false} #1101#return; {366#false} is VALID [2022-02-20 18:01:55,362 INFO L290 TraceCheckUtils]: 70: Hoare triple {366#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {366#false} is VALID [2022-02-20 18:01:55,362 INFO L290 TraceCheckUtils]: 71: Hoare triple {366#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {366#false} is VALID [2022-02-20 18:01:55,362 INFO L272 TraceCheckUtils]: 72: Hoare triple {366#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {366#false} is VALID [2022-02-20 18:01:55,363 INFO L290 TraceCheckUtils]: 73: Hoare triple {366#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {366#false} is VALID [2022-02-20 18:01:55,363 INFO L290 TraceCheckUtils]: 74: Hoare triple {366#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {366#false} is VALID [2022-02-20 18:01:55,363 INFO L290 TraceCheckUtils]: 75: Hoare triple {366#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {366#false} is VALID [2022-02-20 18:01:55,363 INFO L272 TraceCheckUtils]: 76: Hoare triple {366#false} call setEmailFrom(~msg#1, ~tmp~1#1); {366#false} is VALID [2022-02-20 18:01:55,363 INFO L290 TraceCheckUtils]: 77: Hoare triple {366#false} ~handle := #in~handle;~value := #in~value; {366#false} is VALID [2022-02-20 18:01:55,363 INFO L290 TraceCheckUtils]: 78: Hoare triple {366#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {366#false} is VALID [2022-02-20 18:01:55,364 INFO L290 TraceCheckUtils]: 79: Hoare triple {366#false} assume true; {366#false} is VALID [2022-02-20 18:01:55,364 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {366#false} {366#false} #1133#return; {366#false} is VALID [2022-02-20 18:01:55,364 INFO L290 TraceCheckUtils]: 81: Hoare triple {366#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {366#false} is VALID [2022-02-20 18:01:55,364 INFO L272 TraceCheckUtils]: 82: Hoare triple {366#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {366#false} is VALID [2022-02-20 18:01:55,364 INFO L290 TraceCheckUtils]: 83: Hoare triple {366#false} ~handle := #in~handle;havoc ~retValue_acc~12; {366#false} is VALID [2022-02-20 18:01:55,364 INFO L290 TraceCheckUtils]: 84: Hoare triple {366#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {366#false} is VALID [2022-02-20 18:01:55,365 INFO L290 TraceCheckUtils]: 85: Hoare triple {366#false} assume true; {366#false} is VALID [2022-02-20 18:01:55,365 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {366#false} {366#false} #1135#return; {366#false} is VALID [2022-02-20 18:01:55,365 INFO L290 TraceCheckUtils]: 87: Hoare triple {366#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {366#false} is VALID [2022-02-20 18:01:55,365 INFO L272 TraceCheckUtils]: 88: Hoare triple {366#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {366#false} is VALID [2022-02-20 18:01:55,366 INFO L290 TraceCheckUtils]: 89: Hoare triple {366#false} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {366#false} is VALID [2022-02-20 18:01:55,366 INFO L290 TraceCheckUtils]: 90: Hoare triple {366#false} assume true; {366#false} is VALID [2022-02-20 18:01:55,366 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {366#false} {366#false} #1137#return; {366#false} is VALID [2022-02-20 18:01:55,374 INFO L290 TraceCheckUtils]: 92: Hoare triple {366#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {366#false} is VALID [2022-02-20 18:01:55,374 INFO L290 TraceCheckUtils]: 93: Hoare triple {366#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {366#false} is VALID [2022-02-20 18:01:55,375 INFO L290 TraceCheckUtils]: 94: Hoare triple {366#false} assume !false; {366#false} is VALID [2022-02-20 18:01:55,376 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:01:55,376 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:55,376 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1852723702] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:55,376 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:55,377 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:01:55,378 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1487285966] [2022-02-20 18:01:55,379 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:55,383 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 95 [2022-02-20 18:01:55,385 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:55,388 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:55,449 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 80 edges. 80 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:55,450 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:01:55,450 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:55,467 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:01:55,468 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:55,472 INFO L87 Difference]: Start difference. First operand has 362 states, 289 states have (on average 1.5813148788927336) internal successors, (457), 292 states have internal predecessors, (457), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (50), 49 states have call predecessors, (50), 50 states have call successors, (50) Second operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:55,914 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:55,916 INFO L93 Difference]: Finished difference Result 531 states and 804 transitions. [2022-02-20 18:01:55,918 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:01:55,919 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 95 [2022-02-20 18:01:55,919 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:55,921 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:55,947 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 804 transitions. [2022-02-20 18:01:55,953 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:55,977 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 804 transitions. [2022-02-20 18:01:55,977 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 804 transitions. [2022-02-20 18:01:56,538 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 804 edges. 804 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:56,563 INFO L225 Difference]: With dead ends: 531 [2022-02-20 18:01:56,564 INFO L226 Difference]: Without dead ends: 355 [2022-02-20 18:01:56,569 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 122 GetRequests, 115 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:01:56,571 INFO L933 BasicCegarLoop]: 553 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 553 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:56,572 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 553 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:56,587 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 355 states. [2022-02-20 18:01:56,637 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 355 to 355. [2022-02-20 18:01:56,638 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:56,642 INFO L82 GeneralOperation]: Start isEquivalent. First operand 355 states. Second operand has 355 states, 283 states have (on average 1.5759717314487633) internal successors, (446), 285 states have internal predecessors, (446), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:01:56,646 INFO L74 IsIncluded]: Start isIncluded. First operand 355 states. Second operand has 355 states, 283 states have (on average 1.5759717314487633) internal successors, (446), 285 states have internal predecessors, (446), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:01:56,648 INFO L87 Difference]: Start difference. First operand 355 states. Second operand has 355 states, 283 states have (on average 1.5759717314487633) internal successors, (446), 285 states have internal predecessors, (446), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:01:56,672 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:56,673 INFO L93 Difference]: Finished difference Result 355 states and 545 transitions. [2022-02-20 18:01:56,673 INFO L276 IsEmpty]: Start isEmpty. Operand 355 states and 545 transitions. [2022-02-20 18:01:56,677 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:56,677 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:56,678 INFO L74 IsIncluded]: Start isIncluded. First operand has 355 states, 283 states have (on average 1.5759717314487633) internal successors, (446), 285 states have internal predecessors, (446), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) Second operand 355 states. [2022-02-20 18:01:56,681 INFO L87 Difference]: Start difference. First operand has 355 states, 283 states have (on average 1.5759717314487633) internal successors, (446), 285 states have internal predecessors, (446), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) Second operand 355 states. [2022-02-20 18:01:56,700 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:56,700 INFO L93 Difference]: Finished difference Result 355 states and 545 transitions. [2022-02-20 18:01:56,700 INFO L276 IsEmpty]: Start isEmpty. Operand 355 states and 545 transitions. [2022-02-20 18:01:56,701 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:56,701 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:56,701 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:56,702 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:56,703 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 355 states, 283 states have (on average 1.5759717314487633) internal successors, (446), 285 states have internal predecessors, (446), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:01:56,716 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 355 states to 355 states and 545 transitions. [2022-02-20 18:01:56,718 INFO L78 Accepts]: Start accepts. Automaton has 355 states and 545 transitions. Word has length 95 [2022-02-20 18:01:56,718 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:56,719 INFO L470 AbstractCegarLoop]: Abstraction has 355 states and 545 transitions. [2022-02-20 18:01:56,720 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:56,720 INFO L276 IsEmpty]: Start isEmpty. Operand 355 states and 545 transitions. [2022-02-20 18:01:56,724 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-02-20 18:01:56,724 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:56,725 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:56,747 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:56,945 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:01:56,945 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:56,945 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:56,946 INFO L85 PathProgramCache]: Analyzing trace with hash 1401512389, now seen corresponding path program 1 times [2022-02-20 18:01:56,946 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:56,946 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [347031169] [2022-02-20 18:01:56,946 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:56,946 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:56,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:57,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,053 INFO L290 TraceCheckUtils]: 0: Hoare triple {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,053 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,054 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2628#true} #1151#return; {2628#true} is VALID [2022-02-20 18:01:57,063 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:57,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,069 INFO L290 TraceCheckUtils]: 0: Hoare triple {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,069 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,069 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,069 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2628#true} #1153#return; {2628#true} is VALID [2022-02-20 18:01:57,070 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:57,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,087 INFO L290 TraceCheckUtils]: 0: Hoare triple {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2680#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:57,088 INFO L290 TraceCheckUtils]: 1: Hoare triple {2680#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2681#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:57,088 INFO L290 TraceCheckUtils]: 2: Hoare triple {2681#(= |setClientId_#in~handle| 1)} assume true; {2681#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:57,089 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2681#(= |setClientId_#in~handle| 1)} {2638#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1155#return; {2629#false} is VALID [2022-02-20 18:01:57,089 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:57,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,094 INFO L290 TraceCheckUtils]: 0: Hoare triple {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,094 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,094 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,094 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2629#false} #1157#return; {2629#false} is VALID [2022-02-20 18:01:57,095 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:57,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,100 INFO L290 TraceCheckUtils]: 0: Hoare triple {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,101 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,101 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2629#false} #1159#return; {2629#false} is VALID [2022-02-20 18:01:57,107 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:57,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,116 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,116 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2629#false} #1161#return; {2629#false} is VALID [2022-02-20 18:01:57,123 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:01:57,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {2682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,128 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,128 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2629#false} #1119#return; {2629#false} is VALID [2022-02-20 18:01:57,136 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:01:57,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {2683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,141 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,141 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2629#false} #1121#return; {2629#false} is VALID [2022-02-20 18:01:57,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:01:57,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,145 INFO L290 TraceCheckUtils]: 0: Hoare triple {2628#true} ~handle := #in~handle;havoc ~retValue_acc~25; {2628#true} is VALID [2022-02-20 18:01:57,145 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {2628#true} is VALID [2022-02-20 18:01:57,145 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,145 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2629#false} #1101#return; {2629#false} is VALID [2022-02-20 18:01:57,145 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:01:57,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {2682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,151 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2629#false} #1133#return; {2629#false} is VALID [2022-02-20 18:01:57,151 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:01:57,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,154 INFO L290 TraceCheckUtils]: 0: Hoare triple {2628#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2628#true} is VALID [2022-02-20 18:01:57,154 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {2628#true} is VALID [2022-02-20 18:01:57,155 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,155 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2628#true} {2629#false} #1135#return; {2629#false} is VALID [2022-02-20 18:01:57,155 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:01:57,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {2628#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {2628#true} is VALID [2022-02-20 18:01:57,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,158 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2628#true} {2629#false} #1137#return; {2629#false} is VALID [2022-02-20 18:01:57,159 INFO L290 TraceCheckUtils]: 0: Hoare triple {2628#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {2628#true} is VALID [2022-02-20 18:01:57,159 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {2628#true} is VALID [2022-02-20 18:01:57,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2628#true} is VALID [2022-02-20 18:01:57,159 INFO L290 TraceCheckUtils]: 3: Hoare triple {2628#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {2628#true} is VALID [2022-02-20 18:01:57,159 INFO L290 TraceCheckUtils]: 4: Hoare triple {2628#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {2628#true} is VALID [2022-02-20 18:01:57,159 INFO L290 TraceCheckUtils]: 5: Hoare triple {2628#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2628#true} is VALID [2022-02-20 18:01:57,161 INFO L272 TraceCheckUtils]: 6: Hoare triple {2628#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:57,162 INFO L290 TraceCheckUtils]: 7: Hoare triple {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,162 INFO L290 TraceCheckUtils]: 8: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,162 INFO L290 TraceCheckUtils]: 9: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,162 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2628#true} {2628#true} #1151#return; {2628#true} is VALID [2022-02-20 18:01:57,162 INFO L290 TraceCheckUtils]: 11: Hoare triple {2628#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2628#true} is VALID [2022-02-20 18:01:57,163 INFO L272 TraceCheckUtils]: 12: Hoare triple {2628#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:57,164 INFO L290 TraceCheckUtils]: 13: Hoare triple {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,164 INFO L290 TraceCheckUtils]: 14: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,164 INFO L290 TraceCheckUtils]: 15: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,164 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2628#true} {2628#true} #1153#return; {2628#true} is VALID [2022-02-20 18:01:57,165 INFO L290 TraceCheckUtils]: 17: Hoare triple {2628#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2638#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:57,165 INFO L272 TraceCheckUtils]: 18: Hoare triple {2638#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:57,166 INFO L290 TraceCheckUtils]: 19: Hoare triple {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2680#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:57,167 INFO L290 TraceCheckUtils]: 20: Hoare triple {2680#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2681#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:57,167 INFO L290 TraceCheckUtils]: 21: Hoare triple {2681#(= |setClientId_#in~handle| 1)} assume true; {2681#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:57,168 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2681#(= |setClientId_#in~handle| 1)} {2638#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1155#return; {2629#false} is VALID [2022-02-20 18:01:57,168 INFO L290 TraceCheckUtils]: 23: Hoare triple {2629#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2629#false} is VALID [2022-02-20 18:01:57,168 INFO L272 TraceCheckUtils]: 24: Hoare triple {2629#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:57,168 INFO L290 TraceCheckUtils]: 25: Hoare triple {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,168 INFO L290 TraceCheckUtils]: 26: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,168 INFO L290 TraceCheckUtils]: 27: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,169 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2628#true} {2629#false} #1157#return; {2629#false} is VALID [2022-02-20 18:01:57,169 INFO L290 TraceCheckUtils]: 29: Hoare triple {2629#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2629#false} is VALID [2022-02-20 18:01:57,169 INFO L272 TraceCheckUtils]: 30: Hoare triple {2629#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:57,169 INFO L290 TraceCheckUtils]: 31: Hoare triple {2678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,169 INFO L290 TraceCheckUtils]: 32: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,169 INFO L290 TraceCheckUtils]: 33: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,170 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2628#true} {2629#false} #1159#return; {2629#false} is VALID [2022-02-20 18:01:57,170 INFO L290 TraceCheckUtils]: 35: Hoare triple {2629#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2629#false} is VALID [2022-02-20 18:01:57,170 INFO L272 TraceCheckUtils]: 36: Hoare triple {2629#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:57,170 INFO L290 TraceCheckUtils]: 37: Hoare triple {2679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,170 INFO L290 TraceCheckUtils]: 38: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,170 INFO L290 TraceCheckUtils]: 39: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,170 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2628#true} {2629#false} #1161#return; {2629#false} is VALID [2022-02-20 18:01:57,170 INFO L290 TraceCheckUtils]: 41: Hoare triple {2629#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {2629#false} is VALID [2022-02-20 18:01:57,171 INFO L290 TraceCheckUtils]: 42: Hoare triple {2629#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2629#false} is VALID [2022-02-20 18:01:57,171 INFO L290 TraceCheckUtils]: 43: Hoare triple {2629#false} assume !false; {2629#false} is VALID [2022-02-20 18:01:57,171 INFO L290 TraceCheckUtils]: 44: Hoare triple {2629#false} assume !(test_~splverifierCounter~0#1 < 4); {2629#false} is VALID [2022-02-20 18:01:57,171 INFO L290 TraceCheckUtils]: 45: Hoare triple {2629#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {2629#false} is VALID [2022-02-20 18:01:57,171 INFO L272 TraceCheckUtils]: 46: Hoare triple {2629#false} call sendEmail(~bob~0, ~rjh~0); {2629#false} is VALID [2022-02-20 18:01:57,171 INFO L290 TraceCheckUtils]: 47: Hoare triple {2629#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2629#false} is VALID [2022-02-20 18:01:57,172 INFO L272 TraceCheckUtils]: 48: Hoare triple {2629#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:57,172 INFO L290 TraceCheckUtils]: 49: Hoare triple {2682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,172 INFO L290 TraceCheckUtils]: 50: Hoare triple {2628#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,172 INFO L290 TraceCheckUtils]: 51: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,172 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2628#true} {2629#false} #1119#return; {2629#false} is VALID [2022-02-20 18:01:57,172 INFO L272 TraceCheckUtils]: 53: Hoare triple {2629#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:57,172 INFO L290 TraceCheckUtils]: 54: Hoare triple {2683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,173 INFO L290 TraceCheckUtils]: 55: Hoare triple {2628#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,173 INFO L290 TraceCheckUtils]: 56: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,173 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2628#true} {2629#false} #1121#return; {2629#false} is VALID [2022-02-20 18:01:57,173 INFO L290 TraceCheckUtils]: 58: Hoare triple {2629#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {2629#false} is VALID [2022-02-20 18:01:57,173 INFO L290 TraceCheckUtils]: 59: Hoare triple {2629#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {2629#false} is VALID [2022-02-20 18:01:57,173 INFO L272 TraceCheckUtils]: 60: Hoare triple {2629#false} call outgoing(~sender#1, ~email~0#1); {2629#false} is VALID [2022-02-20 18:01:57,173 INFO L290 TraceCheckUtils]: 61: Hoare triple {2629#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {2629#false} is VALID [2022-02-20 18:01:57,173 INFO L290 TraceCheckUtils]: 62: Hoare triple {2629#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {2629#false} is VALID [2022-02-20 18:01:57,174 INFO L290 TraceCheckUtils]: 63: Hoare triple {2629#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {2629#false} is VALID [2022-02-20 18:01:57,174 INFO L290 TraceCheckUtils]: 64: Hoare triple {2629#false} assume 0 == sign_~privkey~0#1; {2629#false} is VALID [2022-02-20 18:01:57,174 INFO L290 TraceCheckUtils]: 65: Hoare triple {2629#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {2629#false} is VALID [2022-02-20 18:01:57,174 INFO L272 TraceCheckUtils]: 66: Hoare triple {2629#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2628#true} is VALID [2022-02-20 18:01:57,174 INFO L290 TraceCheckUtils]: 67: Hoare triple {2628#true} ~handle := #in~handle;havoc ~retValue_acc~25; {2628#true} is VALID [2022-02-20 18:01:57,174 INFO L290 TraceCheckUtils]: 68: Hoare triple {2628#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {2628#true} is VALID [2022-02-20 18:01:57,175 INFO L290 TraceCheckUtils]: 69: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,175 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {2628#true} {2629#false} #1101#return; {2629#false} is VALID [2022-02-20 18:01:57,175 INFO L290 TraceCheckUtils]: 71: Hoare triple {2629#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {2629#false} is VALID [2022-02-20 18:01:57,175 INFO L290 TraceCheckUtils]: 72: Hoare triple {2629#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {2629#false} is VALID [2022-02-20 18:01:57,175 INFO L272 TraceCheckUtils]: 73: Hoare triple {2629#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2629#false} is VALID [2022-02-20 18:01:57,175 INFO L290 TraceCheckUtils]: 74: Hoare triple {2629#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {2629#false} is VALID [2022-02-20 18:01:57,176 INFO L290 TraceCheckUtils]: 75: Hoare triple {2629#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {2629#false} is VALID [2022-02-20 18:01:57,176 INFO L290 TraceCheckUtils]: 76: Hoare triple {2629#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {2629#false} is VALID [2022-02-20 18:01:57,176 INFO L272 TraceCheckUtils]: 77: Hoare triple {2629#false} call setEmailFrom(~msg#1, ~tmp~1#1); {2682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:57,176 INFO L290 TraceCheckUtils]: 78: Hoare triple {2682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,176 INFO L290 TraceCheckUtils]: 79: Hoare triple {2628#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,176 INFO L290 TraceCheckUtils]: 80: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,176 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2628#true} {2629#false} #1133#return; {2629#false} is VALID [2022-02-20 18:01:57,177 INFO L290 TraceCheckUtils]: 82: Hoare triple {2629#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {2629#false} is VALID [2022-02-20 18:01:57,177 INFO L272 TraceCheckUtils]: 83: Hoare triple {2629#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {2628#true} is VALID [2022-02-20 18:01:57,177 INFO L290 TraceCheckUtils]: 84: Hoare triple {2628#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2628#true} is VALID [2022-02-20 18:01:57,177 INFO L290 TraceCheckUtils]: 85: Hoare triple {2628#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {2628#true} is VALID [2022-02-20 18:01:57,177 INFO L290 TraceCheckUtils]: 86: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,177 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {2628#true} {2629#false} #1135#return; {2629#false} is VALID [2022-02-20 18:01:57,178 INFO L290 TraceCheckUtils]: 88: Hoare triple {2629#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {2629#false} is VALID [2022-02-20 18:01:57,178 INFO L272 TraceCheckUtils]: 89: Hoare triple {2629#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {2628#true} is VALID [2022-02-20 18:01:57,178 INFO L290 TraceCheckUtils]: 90: Hoare triple {2628#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {2628#true} is VALID [2022-02-20 18:01:57,178 INFO L290 TraceCheckUtils]: 91: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,178 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {2628#true} {2629#false} #1137#return; {2629#false} is VALID [2022-02-20 18:01:57,178 INFO L290 TraceCheckUtils]: 93: Hoare triple {2629#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {2629#false} is VALID [2022-02-20 18:01:57,179 INFO L290 TraceCheckUtils]: 94: Hoare triple {2629#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {2629#false} is VALID [2022-02-20 18:01:57,179 INFO L290 TraceCheckUtils]: 95: Hoare triple {2629#false} assume !false; {2629#false} is VALID [2022-02-20 18:01:57,179 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:01:57,179 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:57,180 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [347031169] [2022-02-20 18:01:57,180 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [347031169] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:57,180 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [704412447] [2022-02-20 18:01:57,180 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:57,180 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:57,181 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:57,196 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:57,198 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:01:57,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,419 INFO L263 TraceCheckSpWp]: Trace formula consists of 1038 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:01:57,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:57,465 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:57,700 INFO L290 TraceCheckUtils]: 0: Hoare triple {2628#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {2628#true} is VALID [2022-02-20 18:01:57,701 INFO L290 TraceCheckUtils]: 1: Hoare triple {2628#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {2628#true} is VALID [2022-02-20 18:01:57,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {2628#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2628#true} is VALID [2022-02-20 18:01:57,701 INFO L290 TraceCheckUtils]: 3: Hoare triple {2628#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {2628#true} is VALID [2022-02-20 18:01:57,701 INFO L290 TraceCheckUtils]: 4: Hoare triple {2628#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {2628#true} is VALID [2022-02-20 18:01:57,701 INFO L290 TraceCheckUtils]: 5: Hoare triple {2628#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2628#true} is VALID [2022-02-20 18:01:57,701 INFO L272 TraceCheckUtils]: 6: Hoare triple {2628#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2628#true} is VALID [2022-02-20 18:01:57,701 INFO L290 TraceCheckUtils]: 7: Hoare triple {2628#true} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,702 INFO L290 TraceCheckUtils]: 8: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,702 INFO L290 TraceCheckUtils]: 9: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,702 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2628#true} {2628#true} #1151#return; {2628#true} is VALID [2022-02-20 18:01:57,703 INFO L290 TraceCheckUtils]: 11: Hoare triple {2628#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2628#true} is VALID [2022-02-20 18:01:57,703 INFO L272 TraceCheckUtils]: 12: Hoare triple {2628#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2628#true} is VALID [2022-02-20 18:01:57,703 INFO L290 TraceCheckUtils]: 13: Hoare triple {2628#true} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,703 INFO L290 TraceCheckUtils]: 14: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,703 INFO L290 TraceCheckUtils]: 15: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,703 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2628#true} {2628#true} #1153#return; {2628#true} is VALID [2022-02-20 18:01:57,703 INFO L290 TraceCheckUtils]: 17: Hoare triple {2628#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2628#true} is VALID [2022-02-20 18:01:57,703 INFO L272 TraceCheckUtils]: 18: Hoare triple {2628#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2628#true} is VALID [2022-02-20 18:01:57,704 INFO L290 TraceCheckUtils]: 19: Hoare triple {2628#true} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,704 INFO L290 TraceCheckUtils]: 20: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,704 INFO L290 TraceCheckUtils]: 21: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,704 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2628#true} {2628#true} #1155#return; {2628#true} is VALID [2022-02-20 18:01:57,704 INFO L290 TraceCheckUtils]: 23: Hoare triple {2628#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2628#true} is VALID [2022-02-20 18:01:57,704 INFO L272 TraceCheckUtils]: 24: Hoare triple {2628#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2628#true} is VALID [2022-02-20 18:01:57,704 INFO L290 TraceCheckUtils]: 25: Hoare triple {2628#true} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,704 INFO L290 TraceCheckUtils]: 26: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,705 INFO L290 TraceCheckUtils]: 27: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,705 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2628#true} {2628#true} #1157#return; {2628#true} is VALID [2022-02-20 18:01:57,705 INFO L290 TraceCheckUtils]: 29: Hoare triple {2628#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2628#true} is VALID [2022-02-20 18:01:57,705 INFO L272 TraceCheckUtils]: 30: Hoare triple {2628#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2628#true} is VALID [2022-02-20 18:01:57,705 INFO L290 TraceCheckUtils]: 31: Hoare triple {2628#true} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,705 INFO L290 TraceCheckUtils]: 32: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,705 INFO L290 TraceCheckUtils]: 33: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,706 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2628#true} {2628#true} #1159#return; {2628#true} is VALID [2022-02-20 18:01:57,706 INFO L290 TraceCheckUtils]: 35: Hoare triple {2628#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2628#true} is VALID [2022-02-20 18:01:57,706 INFO L272 TraceCheckUtils]: 36: Hoare triple {2628#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2628#true} is VALID [2022-02-20 18:01:57,706 INFO L290 TraceCheckUtils]: 37: Hoare triple {2628#true} ~handle := #in~handle;~value := #in~value; {2628#true} is VALID [2022-02-20 18:01:57,706 INFO L290 TraceCheckUtils]: 38: Hoare triple {2628#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2628#true} is VALID [2022-02-20 18:01:57,706 INFO L290 TraceCheckUtils]: 39: Hoare triple {2628#true} assume true; {2628#true} is VALID [2022-02-20 18:01:57,706 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2628#true} {2628#true} #1161#return; {2628#true} is VALID [2022-02-20 18:01:57,706 INFO L290 TraceCheckUtils]: 41: Hoare triple {2628#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {2628#true} is VALID [2022-02-20 18:01:57,707 INFO L290 TraceCheckUtils]: 42: Hoare triple {2628#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2813#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:57,707 INFO L290 TraceCheckUtils]: 43: Hoare triple {2813#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2813#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:01:57,708 INFO L290 TraceCheckUtils]: 44: Hoare triple {2813#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L290 TraceCheckUtils]: 45: Hoare triple {2629#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L272 TraceCheckUtils]: 46: Hoare triple {2629#false} call sendEmail(~bob~0, ~rjh~0); {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L290 TraceCheckUtils]: 47: Hoare triple {2629#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L272 TraceCheckUtils]: 48: Hoare triple {2629#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L290 TraceCheckUtils]: 49: Hoare triple {2629#false} ~handle := #in~handle;~value := #in~value; {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L290 TraceCheckUtils]: 50: Hoare triple {2629#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L290 TraceCheckUtils]: 51: Hoare triple {2629#false} assume true; {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2629#false} {2629#false} #1119#return; {2629#false} is VALID [2022-02-20 18:01:57,708 INFO L272 TraceCheckUtils]: 53: Hoare triple {2629#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 54: Hoare triple {2629#false} ~handle := #in~handle;~value := #in~value; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 55: Hoare triple {2629#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 56: Hoare triple {2629#false} assume true; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2629#false} {2629#false} #1121#return; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 58: Hoare triple {2629#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 59: Hoare triple {2629#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L272 TraceCheckUtils]: 60: Hoare triple {2629#false} call outgoing(~sender#1, ~email~0#1); {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 61: Hoare triple {2629#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 62: Hoare triple {2629#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 63: Hoare triple {2629#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 64: Hoare triple {2629#false} assume 0 == sign_~privkey~0#1; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 65: Hoare triple {2629#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L272 TraceCheckUtils]: 66: Hoare triple {2629#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 67: Hoare triple {2629#false} ~handle := #in~handle;havoc ~retValue_acc~25; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 68: Hoare triple {2629#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 69: Hoare triple {2629#false} assume true; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {2629#false} {2629#false} #1101#return; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 71: Hoare triple {2629#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L290 TraceCheckUtils]: 72: Hoare triple {2629#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {2629#false} is VALID [2022-02-20 18:01:57,709 INFO L272 TraceCheckUtils]: 73: Hoare triple {2629#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 74: Hoare triple {2629#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 75: Hoare triple {2629#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 76: Hoare triple {2629#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L272 TraceCheckUtils]: 77: Hoare triple {2629#false} call setEmailFrom(~msg#1, ~tmp~1#1); {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 78: Hoare triple {2629#false} ~handle := #in~handle;~value := #in~value; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 79: Hoare triple {2629#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 80: Hoare triple {2629#false} assume true; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2629#false} {2629#false} #1133#return; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 82: Hoare triple {2629#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L272 TraceCheckUtils]: 83: Hoare triple {2629#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 84: Hoare triple {2629#false} ~handle := #in~handle;havoc ~retValue_acc~12; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 85: Hoare triple {2629#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 86: Hoare triple {2629#false} assume true; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {2629#false} {2629#false} #1135#return; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 88: Hoare triple {2629#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L272 TraceCheckUtils]: 89: Hoare triple {2629#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 90: Hoare triple {2629#false} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 91: Hoare triple {2629#false} assume true; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {2629#false} {2629#false} #1137#return; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 93: Hoare triple {2629#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {2629#false} is VALID [2022-02-20 18:01:57,710 INFO L290 TraceCheckUtils]: 94: Hoare triple {2629#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {2629#false} is VALID [2022-02-20 18:01:57,711 INFO L290 TraceCheckUtils]: 95: Hoare triple {2629#false} assume !false; {2629#false} is VALID [2022-02-20 18:01:57,711 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:01:57,711 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:57,711 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [704412447] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:57,711 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:57,711 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:01:57,711 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [865072845] [2022-02-20 18:01:57,711 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:57,712 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 96 [2022-02-20 18:01:57,713 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:57,713 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:57,782 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:57,782 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:01:57,782 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:57,783 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:01:57,783 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:57,783 INFO L87 Difference]: Start difference. First operand 355 states and 545 transitions. Second operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:58,316 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:58,317 INFO L93 Difference]: Finished difference Result 521 states and 782 transitions. [2022-02-20 18:01:58,317 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:01:58,317 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 96 [2022-02-20 18:01:58,317 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:01:58,318 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:58,327 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 782 transitions. [2022-02-20 18:01:58,328 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:58,337 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 782 transitions. [2022-02-20 18:01:58,338 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 782 transitions. [2022-02-20 18:01:58,898 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 782 edges. 782 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:58,914 INFO L225 Difference]: With dead ends: 521 [2022-02-20 18:01:58,914 INFO L226 Difference]: Without dead ends: 358 [2022-02-20 18:01:58,924 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 123 GetRequests, 115 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:58,925 INFO L933 BasicCegarLoop]: 543 mSDtfsCounter, 1 mSDsluCounter, 541 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1084 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:01:58,925 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1084 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:01:58,926 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 358 states. [2022-02-20 18:01:58,939 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 358 to 357. [2022-02-20 18:01:58,939 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:01:58,940 INFO L82 GeneralOperation]: Start isEquivalent. First operand 358 states. Second operand has 357 states, 285 states have (on average 1.5719298245614035) internal successors, (448), 287 states have internal predecessors, (448), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:01:58,941 INFO L74 IsIncluded]: Start isIncluded. First operand 358 states. Second operand has 357 states, 285 states have (on average 1.5719298245614035) internal successors, (448), 287 states have internal predecessors, (448), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:01:58,944 INFO L87 Difference]: Start difference. First operand 358 states. Second operand has 357 states, 285 states have (on average 1.5719298245614035) internal successors, (448), 287 states have internal predecessors, (448), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:01:58,954 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:58,955 INFO L93 Difference]: Finished difference Result 358 states and 548 transitions. [2022-02-20 18:01:58,955 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 548 transitions. [2022-02-20 18:01:58,956 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:58,956 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:58,957 INFO L74 IsIncluded]: Start isIncluded. First operand has 357 states, 285 states have (on average 1.5719298245614035) internal successors, (448), 287 states have internal predecessors, (448), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) Second operand 358 states. [2022-02-20 18:01:58,958 INFO L87 Difference]: Start difference. First operand has 357 states, 285 states have (on average 1.5719298245614035) internal successors, (448), 287 states have internal predecessors, (448), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) Second operand 358 states. [2022-02-20 18:01:58,968 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:01:58,969 INFO L93 Difference]: Finished difference Result 358 states and 548 transitions. [2022-02-20 18:01:58,969 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 548 transitions. [2022-02-20 18:01:58,970 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:01:58,985 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:01:58,985 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:01:58,985 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:01:58,986 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 357 states, 285 states have (on average 1.5719298245614035) internal successors, (448), 287 states have internal predecessors, (448), 50 states have call successors, (50), 21 states have call predecessors, (50), 21 states have return successors, (49), 48 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 18:01:58,997 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 357 states to 357 states and 547 transitions. [2022-02-20 18:01:58,997 INFO L78 Accepts]: Start accepts. Automaton has 357 states and 547 transitions. Word has length 96 [2022-02-20 18:01:58,998 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:01:58,998 INFO L470 AbstractCegarLoop]: Abstraction has 357 states and 547 transitions. [2022-02-20 18:01:58,998 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:58,998 INFO L276 IsEmpty]: Start isEmpty. Operand 357 states and 547 transitions. [2022-02-20 18:01:58,999 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2022-02-20 18:01:58,999 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:01:58,999 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:01:59,023 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:01:59,211 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:01:59,212 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:01:59,212 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:01:59,212 INFO L85 PathProgramCache]: Analyzing trace with hash 1957743570, now seen corresponding path program 1 times [2022-02-20 18:01:59,212 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:01:59,212 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [605764597] [2022-02-20 18:01:59,212 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:59,213 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:01:59,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:01:59,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,277 INFO L290 TraceCheckUtils]: 0: Hoare triple {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,277 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,277 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,277 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4888#true} #1151#return; {4888#true} is VALID [2022-02-20 18:01:59,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:01:59,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,288 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,288 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,289 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4888#true} #1153#return; {4888#true} is VALID [2022-02-20 18:01:59,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:01:59,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,313 INFO L290 TraceCheckUtils]: 0: Hoare triple {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4940#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:59,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {4940#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4941#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:59,314 INFO L290 TraceCheckUtils]: 2: Hoare triple {4941#(= |setClientId_#in~handle| 1)} assume true; {4941#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:59,314 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4941#(= |setClientId_#in~handle| 1)} {4898#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1155#return; {4889#false} is VALID [2022-02-20 18:01:59,314 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:01:59,316 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,320 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4889#false} #1157#return; {4889#false} is VALID [2022-02-20 18:01:59,320 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:01:59,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,325 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4889#false} #1159#return; {4889#false} is VALID [2022-02-20 18:01:59,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:01:59,327 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,329 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4889#false} #1161#return; {4889#false} is VALID [2022-02-20 18:01:59,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:01:59,337 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,343 INFO L290 TraceCheckUtils]: 0: Hoare triple {4942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,343 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,343 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,343 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4889#false} #1119#return; {4889#false} is VALID [2022-02-20 18:01:59,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:01:59,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,353 INFO L290 TraceCheckUtils]: 0: Hoare triple {4943#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,353 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,353 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4889#false} #1121#return; {4889#false} is VALID [2022-02-20 18:01:59,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:01:59,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,367 INFO L290 TraceCheckUtils]: 0: Hoare triple {4888#true} ~handle := #in~handle;havoc ~retValue_acc~25; {4888#true} is VALID [2022-02-20 18:01:59,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {4888#true} is VALID [2022-02-20 18:01:59,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,368 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4889#false} #1101#return; {4889#false} is VALID [2022-02-20 18:01:59,368 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:01:59,369 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,371 INFO L290 TraceCheckUtils]: 0: Hoare triple {4942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,371 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,371 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,373 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4889#false} #1133#return; {4889#false} is VALID [2022-02-20 18:01:59,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:01:59,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {4888#true} ~handle := #in~handle;havoc ~retValue_acc~12; {4888#true} is VALID [2022-02-20 18:01:59,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {4888#true} is VALID [2022-02-20 18:01:59,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,376 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4888#true} {4889#false} #1135#return; {4889#false} is VALID [2022-02-20 18:01:59,376 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:01:59,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {4888#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {4888#true} is VALID [2022-02-20 18:01:59,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,379 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4888#true} {4889#false} #1137#return; {4889#false} is VALID [2022-02-20 18:01:59,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {4888#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {4888#true} is VALID [2022-02-20 18:01:59,380 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {4888#true} is VALID [2022-02-20 18:01:59,380 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4888#true} is VALID [2022-02-20 18:01:59,380 INFO L290 TraceCheckUtils]: 3: Hoare triple {4888#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {4888#true} is VALID [2022-02-20 18:01:59,380 INFO L290 TraceCheckUtils]: 4: Hoare triple {4888#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {4888#true} is VALID [2022-02-20 18:01:59,380 INFO L290 TraceCheckUtils]: 5: Hoare triple {4888#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4888#true} is VALID [2022-02-20 18:01:59,381 INFO L272 TraceCheckUtils]: 6: Hoare triple {4888#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:59,381 INFO L290 TraceCheckUtils]: 7: Hoare triple {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,381 INFO L290 TraceCheckUtils]: 8: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,381 INFO L290 TraceCheckUtils]: 9: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,381 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4888#true} {4888#true} #1151#return; {4888#true} is VALID [2022-02-20 18:01:59,381 INFO L290 TraceCheckUtils]: 11: Hoare triple {4888#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4888#true} is VALID [2022-02-20 18:01:59,382 INFO L272 TraceCheckUtils]: 12: Hoare triple {4888#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:59,382 INFO L290 TraceCheckUtils]: 13: Hoare triple {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,382 INFO L290 TraceCheckUtils]: 14: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,382 INFO L290 TraceCheckUtils]: 15: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,382 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4888#true} {4888#true} #1153#return; {4888#true} is VALID [2022-02-20 18:01:59,383 INFO L290 TraceCheckUtils]: 17: Hoare triple {4888#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4898#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:01:59,383 INFO L272 TraceCheckUtils]: 18: Hoare triple {4898#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:59,384 INFO L290 TraceCheckUtils]: 19: Hoare triple {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4940#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:01:59,384 INFO L290 TraceCheckUtils]: 20: Hoare triple {4940#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4941#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:59,384 INFO L290 TraceCheckUtils]: 21: Hoare triple {4941#(= |setClientId_#in~handle| 1)} assume true; {4941#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:01:59,385 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4941#(= |setClientId_#in~handle| 1)} {4898#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1155#return; {4889#false} is VALID [2022-02-20 18:01:59,385 INFO L290 TraceCheckUtils]: 23: Hoare triple {4889#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4889#false} is VALID [2022-02-20 18:01:59,385 INFO L272 TraceCheckUtils]: 24: Hoare triple {4889#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:59,385 INFO L290 TraceCheckUtils]: 25: Hoare triple {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,385 INFO L290 TraceCheckUtils]: 26: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,385 INFO L290 TraceCheckUtils]: 27: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,385 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4888#true} {4889#false} #1157#return; {4889#false} is VALID [2022-02-20 18:01:59,385 INFO L290 TraceCheckUtils]: 29: Hoare triple {4889#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4889#false} is VALID [2022-02-20 18:01:59,385 INFO L272 TraceCheckUtils]: 30: Hoare triple {4889#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:01:59,386 INFO L290 TraceCheckUtils]: 31: Hoare triple {4938#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,386 INFO L290 TraceCheckUtils]: 32: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,386 INFO L290 TraceCheckUtils]: 33: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,386 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4888#true} {4889#false} #1159#return; {4889#false} is VALID [2022-02-20 18:01:59,386 INFO L290 TraceCheckUtils]: 35: Hoare triple {4889#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4889#false} is VALID [2022-02-20 18:01:59,386 INFO L272 TraceCheckUtils]: 36: Hoare triple {4889#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:01:59,386 INFO L290 TraceCheckUtils]: 37: Hoare triple {4939#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,386 INFO L290 TraceCheckUtils]: 38: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,386 INFO L290 TraceCheckUtils]: 39: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,386 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4888#true} {4889#false} #1161#return; {4889#false} is VALID [2022-02-20 18:01:59,387 INFO L290 TraceCheckUtils]: 41: Hoare triple {4889#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {4889#false} is VALID [2022-02-20 18:01:59,387 INFO L290 TraceCheckUtils]: 42: Hoare triple {4889#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4889#false} is VALID [2022-02-20 18:01:59,387 INFO L290 TraceCheckUtils]: 43: Hoare triple {4889#false} assume !false; {4889#false} is VALID [2022-02-20 18:01:59,387 INFO L290 TraceCheckUtils]: 44: Hoare triple {4889#false} assume test_~splverifierCounter~0#1 < 4; {4889#false} is VALID [2022-02-20 18:01:59,387 INFO L290 TraceCheckUtils]: 45: Hoare triple {4889#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4889#false} is VALID [2022-02-20 18:01:59,387 INFO L290 TraceCheckUtils]: 46: Hoare triple {4889#false} assume !(0 == test_~op1~0#1); {4889#false} is VALID [2022-02-20 18:01:59,387 INFO L290 TraceCheckUtils]: 47: Hoare triple {4889#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {4889#false} is VALID [2022-02-20 18:01:59,387 INFO L290 TraceCheckUtils]: 48: Hoare triple {4889#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L290 TraceCheckUtils]: 49: Hoare triple {4889#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L290 TraceCheckUtils]: 50: Hoare triple {4889#false} assume { :end_inline_setClientAutoResponse } true; {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L290 TraceCheckUtils]: 51: Hoare triple {4889#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L290 TraceCheckUtils]: 52: Hoare triple {4889#false} assume !false; {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L290 TraceCheckUtils]: 53: Hoare triple {4889#false} assume !(test_~splverifierCounter~0#1 < 4); {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L290 TraceCheckUtils]: 54: Hoare triple {4889#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L272 TraceCheckUtils]: 55: Hoare triple {4889#false} call sendEmail(~bob~0, ~rjh~0); {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L290 TraceCheckUtils]: 56: Hoare triple {4889#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4889#false} is VALID [2022-02-20 18:01:59,388 INFO L272 TraceCheckUtils]: 57: Hoare triple {4889#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:59,389 INFO L290 TraceCheckUtils]: 58: Hoare triple {4942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,389 INFO L290 TraceCheckUtils]: 59: Hoare triple {4888#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,389 INFO L290 TraceCheckUtils]: 60: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,389 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {4888#true} {4889#false} #1119#return; {4889#false} is VALID [2022-02-20 18:01:59,389 INFO L272 TraceCheckUtils]: 62: Hoare triple {4889#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4943#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:01:59,389 INFO L290 TraceCheckUtils]: 63: Hoare triple {4943#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,389 INFO L290 TraceCheckUtils]: 64: Hoare triple {4888#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,389 INFO L290 TraceCheckUtils]: 65: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,389 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {4888#true} {4889#false} #1121#return; {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L290 TraceCheckUtils]: 67: Hoare triple {4889#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L290 TraceCheckUtils]: 68: Hoare triple {4889#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L272 TraceCheckUtils]: 69: Hoare triple {4889#false} call outgoing(~sender#1, ~email~0#1); {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L290 TraceCheckUtils]: 70: Hoare triple {4889#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L290 TraceCheckUtils]: 71: Hoare triple {4889#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L290 TraceCheckUtils]: 72: Hoare triple {4889#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L290 TraceCheckUtils]: 73: Hoare triple {4889#false} assume 0 == sign_~privkey~0#1; {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L290 TraceCheckUtils]: 74: Hoare triple {4889#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {4889#false} is VALID [2022-02-20 18:01:59,390 INFO L272 TraceCheckUtils]: 75: Hoare triple {4889#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {4888#true} is VALID [2022-02-20 18:01:59,390 INFO L290 TraceCheckUtils]: 76: Hoare triple {4888#true} ~handle := #in~handle;havoc ~retValue_acc~25; {4888#true} is VALID [2022-02-20 18:01:59,391 INFO L290 TraceCheckUtils]: 77: Hoare triple {4888#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {4888#true} is VALID [2022-02-20 18:01:59,391 INFO L290 TraceCheckUtils]: 78: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,391 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {4888#true} {4889#false} #1101#return; {4889#false} is VALID [2022-02-20 18:01:59,391 INFO L290 TraceCheckUtils]: 80: Hoare triple {4889#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {4889#false} is VALID [2022-02-20 18:01:59,391 INFO L290 TraceCheckUtils]: 81: Hoare triple {4889#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {4889#false} is VALID [2022-02-20 18:01:59,391 INFO L272 TraceCheckUtils]: 82: Hoare triple {4889#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {4889#false} is VALID [2022-02-20 18:01:59,391 INFO L290 TraceCheckUtils]: 83: Hoare triple {4889#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {4889#false} is VALID [2022-02-20 18:01:59,391 INFO L290 TraceCheckUtils]: 84: Hoare triple {4889#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {4889#false} is VALID [2022-02-20 18:01:59,391 INFO L290 TraceCheckUtils]: 85: Hoare triple {4889#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {4889#false} is VALID [2022-02-20 18:01:59,392 INFO L272 TraceCheckUtils]: 86: Hoare triple {4889#false} call setEmailFrom(~msg#1, ~tmp~1#1); {4942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:01:59,392 INFO L290 TraceCheckUtils]: 87: Hoare triple {4942#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,392 INFO L290 TraceCheckUtils]: 88: Hoare triple {4888#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,392 INFO L290 TraceCheckUtils]: 89: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,392 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {4888#true} {4889#false} #1133#return; {4889#false} is VALID [2022-02-20 18:01:59,392 INFO L290 TraceCheckUtils]: 91: Hoare triple {4889#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {4889#false} is VALID [2022-02-20 18:01:59,392 INFO L272 TraceCheckUtils]: 92: Hoare triple {4889#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {4888#true} is VALID [2022-02-20 18:01:59,392 INFO L290 TraceCheckUtils]: 93: Hoare triple {4888#true} ~handle := #in~handle;havoc ~retValue_acc~12; {4888#true} is VALID [2022-02-20 18:01:59,392 INFO L290 TraceCheckUtils]: 94: Hoare triple {4888#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {4888#true} is VALID [2022-02-20 18:01:59,393 INFO L290 TraceCheckUtils]: 95: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,393 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {4888#true} {4889#false} #1135#return; {4889#false} is VALID [2022-02-20 18:01:59,393 INFO L290 TraceCheckUtils]: 97: Hoare triple {4889#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {4889#false} is VALID [2022-02-20 18:01:59,393 INFO L272 TraceCheckUtils]: 98: Hoare triple {4889#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {4888#true} is VALID [2022-02-20 18:01:59,393 INFO L290 TraceCheckUtils]: 99: Hoare triple {4888#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {4888#true} is VALID [2022-02-20 18:01:59,393 INFO L290 TraceCheckUtils]: 100: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,393 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {4888#true} {4889#false} #1137#return; {4889#false} is VALID [2022-02-20 18:01:59,393 INFO L290 TraceCheckUtils]: 102: Hoare triple {4889#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {4889#false} is VALID [2022-02-20 18:01:59,393 INFO L290 TraceCheckUtils]: 103: Hoare triple {4889#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {4889#false} is VALID [2022-02-20 18:01:59,394 INFO L290 TraceCheckUtils]: 104: Hoare triple {4889#false} assume !false; {4889#false} is VALID [2022-02-20 18:01:59,394 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:01:59,394 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:01:59,395 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [605764597] [2022-02-20 18:01:59,396 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [605764597] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:01:59,396 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [698685192] [2022-02-20 18:01:59,396 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:01:59,397 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:01:59,397 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:01:59,398 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:01:59,423 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:01:59,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,608 INFO L263 TraceCheckSpWp]: Trace formula consists of 1065 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:01:59,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:01:59,659 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 0: Hoare triple {4888#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 1: Hoare triple {4888#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 2: Hoare triple {4888#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 3: Hoare triple {4888#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 4: Hoare triple {4888#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 5: Hoare triple {4888#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L272 TraceCheckUtils]: 6: Hoare triple {4888#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 7: Hoare triple {4888#true} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 8: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L290 TraceCheckUtils]: 9: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,864 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4888#true} {4888#true} #1151#return; {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L290 TraceCheckUtils]: 11: Hoare triple {4888#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L272 TraceCheckUtils]: 12: Hoare triple {4888#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L290 TraceCheckUtils]: 13: Hoare triple {4888#true} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L290 TraceCheckUtils]: 14: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L290 TraceCheckUtils]: 15: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4888#true} {4888#true} #1153#return; {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L290 TraceCheckUtils]: 17: Hoare triple {4888#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L272 TraceCheckUtils]: 18: Hoare triple {4888#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4888#true} is VALID [2022-02-20 18:01:59,865 INFO L290 TraceCheckUtils]: 19: Hoare triple {4888#true} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L290 TraceCheckUtils]: 20: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L290 TraceCheckUtils]: 21: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4888#true} {4888#true} #1155#return; {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L290 TraceCheckUtils]: 23: Hoare triple {4888#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L272 TraceCheckUtils]: 24: Hoare triple {4888#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L290 TraceCheckUtils]: 25: Hoare triple {4888#true} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L290 TraceCheckUtils]: 26: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L290 TraceCheckUtils]: 27: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,866 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4888#true} {4888#true} #1157#return; {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L290 TraceCheckUtils]: 29: Hoare triple {4888#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L272 TraceCheckUtils]: 30: Hoare triple {4888#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L290 TraceCheckUtils]: 31: Hoare triple {4888#true} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L290 TraceCheckUtils]: 32: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L290 TraceCheckUtils]: 33: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4888#true} {4888#true} #1159#return; {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L290 TraceCheckUtils]: 35: Hoare triple {4888#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L272 TraceCheckUtils]: 36: Hoare triple {4888#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4888#true} is VALID [2022-02-20 18:01:59,867 INFO L290 TraceCheckUtils]: 37: Hoare triple {4888#true} ~handle := #in~handle;~value := #in~value; {4888#true} is VALID [2022-02-20 18:01:59,868 INFO L290 TraceCheckUtils]: 38: Hoare triple {4888#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4888#true} is VALID [2022-02-20 18:01:59,868 INFO L290 TraceCheckUtils]: 39: Hoare triple {4888#true} assume true; {4888#true} is VALID [2022-02-20 18:01:59,868 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4888#true} {4888#true} #1161#return; {4888#true} is VALID [2022-02-20 18:01:59,868 INFO L290 TraceCheckUtils]: 41: Hoare triple {4888#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {4888#true} is VALID [2022-02-20 18:01:59,874 INFO L290 TraceCheckUtils]: 42: Hoare triple {4888#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5073#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:59,874 INFO L290 TraceCheckUtils]: 43: Hoare triple {5073#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5073#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:59,875 INFO L290 TraceCheckUtils]: 44: Hoare triple {5073#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5073#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:59,875 INFO L290 TraceCheckUtils]: 45: Hoare triple {5073#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5073#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:01:59,875 INFO L290 TraceCheckUtils]: 46: Hoare triple {5073#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4889#false} is VALID [2022-02-20 18:01:59,875 INFO L290 TraceCheckUtils]: 47: Hoare triple {4889#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {4889#false} is VALID [2022-02-20 18:01:59,876 INFO L290 TraceCheckUtils]: 48: Hoare triple {4889#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4889#false} is VALID [2022-02-20 18:01:59,876 INFO L290 TraceCheckUtils]: 49: Hoare triple {4889#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4889#false} is VALID [2022-02-20 18:01:59,876 INFO L290 TraceCheckUtils]: 50: Hoare triple {4889#false} assume { :end_inline_setClientAutoResponse } true; {4889#false} is VALID [2022-02-20 18:01:59,876 INFO L290 TraceCheckUtils]: 51: Hoare triple {4889#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4889#false} is VALID [2022-02-20 18:01:59,876 INFO L290 TraceCheckUtils]: 52: Hoare triple {4889#false} assume !false; {4889#false} is VALID [2022-02-20 18:01:59,876 INFO L290 TraceCheckUtils]: 53: Hoare triple {4889#false} assume !(test_~splverifierCounter~0#1 < 4); {4889#false} is VALID [2022-02-20 18:01:59,876 INFO L290 TraceCheckUtils]: 54: Hoare triple {4889#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {4889#false} is VALID [2022-02-20 18:01:59,876 INFO L272 TraceCheckUtils]: 55: Hoare triple {4889#false} call sendEmail(~bob~0, ~rjh~0); {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L290 TraceCheckUtils]: 56: Hoare triple {4889#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L272 TraceCheckUtils]: 57: Hoare triple {4889#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L290 TraceCheckUtils]: 58: Hoare triple {4889#false} ~handle := #in~handle;~value := #in~value; {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L290 TraceCheckUtils]: 59: Hoare triple {4889#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L290 TraceCheckUtils]: 60: Hoare triple {4889#false} assume true; {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {4889#false} {4889#false} #1119#return; {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L272 TraceCheckUtils]: 62: Hoare triple {4889#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L290 TraceCheckUtils]: 63: Hoare triple {4889#false} ~handle := #in~handle;~value := #in~value; {4889#false} is VALID [2022-02-20 18:01:59,877 INFO L290 TraceCheckUtils]: 64: Hoare triple {4889#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L290 TraceCheckUtils]: 65: Hoare triple {4889#false} assume true; {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {4889#false} {4889#false} #1121#return; {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L290 TraceCheckUtils]: 67: Hoare triple {4889#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L290 TraceCheckUtils]: 68: Hoare triple {4889#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L272 TraceCheckUtils]: 69: Hoare triple {4889#false} call outgoing(~sender#1, ~email~0#1); {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L290 TraceCheckUtils]: 70: Hoare triple {4889#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L290 TraceCheckUtils]: 71: Hoare triple {4889#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L290 TraceCheckUtils]: 72: Hoare triple {4889#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {4889#false} is VALID [2022-02-20 18:01:59,878 INFO L290 TraceCheckUtils]: 73: Hoare triple {4889#false} assume 0 == sign_~privkey~0#1; {4889#false} is VALID [2022-02-20 18:01:59,890 INFO L290 TraceCheckUtils]: 74: Hoare triple {4889#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {4889#false} is VALID [2022-02-20 18:01:59,890 INFO L272 TraceCheckUtils]: 75: Hoare triple {4889#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L290 TraceCheckUtils]: 76: Hoare triple {4889#false} ~handle := #in~handle;havoc ~retValue_acc~25; {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L290 TraceCheckUtils]: 77: Hoare triple {4889#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L290 TraceCheckUtils]: 78: Hoare triple {4889#false} assume true; {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {4889#false} {4889#false} #1101#return; {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L290 TraceCheckUtils]: 80: Hoare triple {4889#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L290 TraceCheckUtils]: 81: Hoare triple {4889#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L272 TraceCheckUtils]: 82: Hoare triple {4889#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L290 TraceCheckUtils]: 83: Hoare triple {4889#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {4889#false} is VALID [2022-02-20 18:01:59,891 INFO L290 TraceCheckUtils]: 84: Hoare triple {4889#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L290 TraceCheckUtils]: 85: Hoare triple {4889#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L272 TraceCheckUtils]: 86: Hoare triple {4889#false} call setEmailFrom(~msg#1, ~tmp~1#1); {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L290 TraceCheckUtils]: 87: Hoare triple {4889#false} ~handle := #in~handle;~value := #in~value; {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L290 TraceCheckUtils]: 88: Hoare triple {4889#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L290 TraceCheckUtils]: 89: Hoare triple {4889#false} assume true; {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {4889#false} {4889#false} #1133#return; {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L290 TraceCheckUtils]: 91: Hoare triple {4889#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L272 TraceCheckUtils]: 92: Hoare triple {4889#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {4889#false} is VALID [2022-02-20 18:01:59,892 INFO L290 TraceCheckUtils]: 93: Hoare triple {4889#false} ~handle := #in~handle;havoc ~retValue_acc~12; {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L290 TraceCheckUtils]: 94: Hoare triple {4889#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L290 TraceCheckUtils]: 95: Hoare triple {4889#false} assume true; {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {4889#false} {4889#false} #1135#return; {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L290 TraceCheckUtils]: 97: Hoare triple {4889#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L272 TraceCheckUtils]: 98: Hoare triple {4889#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L290 TraceCheckUtils]: 99: Hoare triple {4889#false} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L290 TraceCheckUtils]: 100: Hoare triple {4889#false} assume true; {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {4889#false} {4889#false} #1137#return; {4889#false} is VALID [2022-02-20 18:01:59,893 INFO L290 TraceCheckUtils]: 102: Hoare triple {4889#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {4889#false} is VALID [2022-02-20 18:01:59,906 INFO L290 TraceCheckUtils]: 103: Hoare triple {4889#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {4889#false} is VALID [2022-02-20 18:01:59,906 INFO L290 TraceCheckUtils]: 104: Hoare triple {4889#false} assume !false; {4889#false} is VALID [2022-02-20 18:01:59,906 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:01:59,906 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:01:59,907 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [698685192] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:01:59,907 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:01:59,907 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:01:59,907 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [550892979] [2022-02-20 18:01:59,907 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:01:59,908 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 105 [2022-02-20 18:01:59,908 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:01:59,908 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:01:59,963 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:01:59,963 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:01:59,963 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:01:59,963 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:01:59,964 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:01:59,964 INFO L87 Difference]: Start difference. First operand 357 states and 547 transitions. Second operand has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:00,449 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:00,450 INFO L93 Difference]: Finished difference Result 762 states and 1186 transitions. [2022-02-20 18:02:00,450 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:00,450 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 105 [2022-02-20 18:02:00,450 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:00,451 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:00,459 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1184 transitions. [2022-02-20 18:02:00,459 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:00,468 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1184 transitions. [2022-02-20 18:02:00,469 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1184 transitions. [2022-02-20 18:02:01,187 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1184 edges. 1184 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:01,203 INFO L225 Difference]: With dead ends: 762 [2022-02-20 18:02:01,204 INFO L226 Difference]: Without dead ends: 432 [2022-02-20 18:02:01,205 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 132 GetRequests, 124 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:01,207 INFO L933 BasicCegarLoop]: 564 mSDtfsCounter, 134 mSDsluCounter, 497 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1061 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:01,210 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 1061 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:01,212 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 432 states. [2022-02-20 18:02:01,228 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 432 to 424. [2022-02-20 18:02:01,228 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:01,229 INFO L82 GeneralOperation]: Start isEquivalent. First operand 432 states. Second operand has 424 states, 338 states have (on average 1.5887573964497042) internal successors, (537), 340 states have internal predecessors, (537), 64 states have call successors, (64), 21 states have call predecessors, (64), 21 states have return successors, (63), 62 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:02:01,230 INFO L74 IsIncluded]: Start isIncluded. First operand 432 states. Second operand has 424 states, 338 states have (on average 1.5887573964497042) internal successors, (537), 340 states have internal predecessors, (537), 64 states have call successors, (64), 21 states have call predecessors, (64), 21 states have return successors, (63), 62 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:02:01,232 INFO L87 Difference]: Start difference. First operand 432 states. Second operand has 424 states, 338 states have (on average 1.5887573964497042) internal successors, (537), 340 states have internal predecessors, (537), 64 states have call successors, (64), 21 states have call predecessors, (64), 21 states have return successors, (63), 62 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:02:01,243 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:01,243 INFO L93 Difference]: Finished difference Result 432 states and 673 transitions. [2022-02-20 18:02:01,243 INFO L276 IsEmpty]: Start isEmpty. Operand 432 states and 673 transitions. [2022-02-20 18:02:01,245 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:01,245 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:01,246 INFO L74 IsIncluded]: Start isIncluded. First operand has 424 states, 338 states have (on average 1.5887573964497042) internal successors, (537), 340 states have internal predecessors, (537), 64 states have call successors, (64), 21 states have call predecessors, (64), 21 states have return successors, (63), 62 states have call predecessors, (63), 63 states have call successors, (63) Second operand 432 states. [2022-02-20 18:02:01,246 INFO L87 Difference]: Start difference. First operand has 424 states, 338 states have (on average 1.5887573964497042) internal successors, (537), 340 states have internal predecessors, (537), 64 states have call successors, (64), 21 states have call predecessors, (64), 21 states have return successors, (63), 62 states have call predecessors, (63), 63 states have call successors, (63) Second operand 432 states. [2022-02-20 18:02:01,257 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:01,257 INFO L93 Difference]: Finished difference Result 432 states and 673 transitions. [2022-02-20 18:02:01,258 INFO L276 IsEmpty]: Start isEmpty. Operand 432 states and 673 transitions. [2022-02-20 18:02:01,259 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:01,260 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:01,260 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:01,260 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:01,261 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 424 states, 338 states have (on average 1.5887573964497042) internal successors, (537), 340 states have internal predecessors, (537), 64 states have call successors, (64), 21 states have call predecessors, (64), 21 states have return successors, (63), 62 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 18:02:01,272 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 424 states to 424 states and 664 transitions. [2022-02-20 18:02:01,272 INFO L78 Accepts]: Start accepts. Automaton has 424 states and 664 transitions. Word has length 105 [2022-02-20 18:02:01,272 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:01,273 INFO L470 AbstractCegarLoop]: Abstraction has 424 states and 664 transitions. [2022-02-20 18:02:01,273 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:01,273 INFO L276 IsEmpty]: Start isEmpty. Operand 424 states and 664 transitions. [2022-02-20 18:02:01,278 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 107 [2022-02-20 18:02:01,278 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:01,279 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:01,299 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:01,495 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:01,495 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:01,495 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:01,495 INFO L85 PathProgramCache]: Analyzing trace with hash -579172174, now seen corresponding path program 1 times [2022-02-20 18:02:01,496 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:01,496 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2128319527] [2022-02-20 18:02:01,496 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:01,496 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:01,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:01,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,552 INFO L290 TraceCheckUtils]: 0: Hoare triple {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,552 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,552 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7758#true} #1151#return; {7758#true} is VALID [2022-02-20 18:02:01,557 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:01,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,561 INFO L290 TraceCheckUtils]: 0: Hoare triple {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,561 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,561 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,561 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7758#true} #1153#return; {7758#true} is VALID [2022-02-20 18:02:01,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:01,563 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,575 INFO L290 TraceCheckUtils]: 0: Hoare triple {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7810#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:01,575 INFO L290 TraceCheckUtils]: 1: Hoare triple {7810#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7811#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:01,576 INFO L290 TraceCheckUtils]: 2: Hoare triple {7811#(= |setClientId_#in~handle| 1)} assume true; {7811#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:01,576 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7811#(= |setClientId_#in~handle| 1)} {7768#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1155#return; {7759#false} is VALID [2022-02-20 18:02:01,576 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:01,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,580 INFO L290 TraceCheckUtils]: 0: Hoare triple {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,580 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,580 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,581 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7759#false} #1157#return; {7759#false} is VALID [2022-02-20 18:02:01,581 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:01,583 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,595 INFO L290 TraceCheckUtils]: 0: Hoare triple {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,596 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,596 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7759#false} #1159#return; {7759#false} is VALID [2022-02-20 18:02:01,596 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:01,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7759#false} #1161#return; {7759#false} is VALID [2022-02-20 18:02:01,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:01,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,610 INFO L290 TraceCheckUtils]: 0: Hoare triple {7812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,611 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,611 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7759#false} #1119#return; {7759#false} is VALID [2022-02-20 18:02:01,618 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:02:01,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,622 INFO L290 TraceCheckUtils]: 0: Hoare triple {7813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,622 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,622 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,622 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7759#false} #1121#return; {7759#false} is VALID [2022-02-20 18:02:01,622 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:02:01,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {7758#true} ~handle := #in~handle;havoc ~retValue_acc~25; {7758#true} is VALID [2022-02-20 18:02:01,626 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {7758#true} is VALID [2022-02-20 18:02:01,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,627 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7759#false} #1101#return; {7759#false} is VALID [2022-02-20 18:02:01,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:02:01,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {7812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7759#false} #1133#return; {7759#false} is VALID [2022-02-20 18:02:01,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:02:01,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {7758#true} ~handle := #in~handle;havoc ~retValue_acc~12; {7758#true} is VALID [2022-02-20 18:02:01,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {7758#true} is VALID [2022-02-20 18:02:01,640 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,640 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7758#true} {7759#false} #1135#return; {7759#false} is VALID [2022-02-20 18:02:01,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:02:01,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {7758#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {7758#true} is VALID [2022-02-20 18:02:01,644 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,644 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {7758#true} {7759#false} #1137#return; {7759#false} is VALID [2022-02-20 18:02:01,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {7758#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {7758#true} is VALID [2022-02-20 18:02:01,645 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {7758#true} is VALID [2022-02-20 18:02:01,645 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7758#true} is VALID [2022-02-20 18:02:01,645 INFO L290 TraceCheckUtils]: 3: Hoare triple {7758#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {7758#true} is VALID [2022-02-20 18:02:01,645 INFO L290 TraceCheckUtils]: 4: Hoare triple {7758#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {7758#true} is VALID [2022-02-20 18:02:01,645 INFO L290 TraceCheckUtils]: 5: Hoare triple {7758#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7758#true} is VALID [2022-02-20 18:02:01,646 INFO L272 TraceCheckUtils]: 6: Hoare triple {7758#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:01,646 INFO L290 TraceCheckUtils]: 7: Hoare triple {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,646 INFO L290 TraceCheckUtils]: 8: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,646 INFO L290 TraceCheckUtils]: 9: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,646 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7758#true} {7758#true} #1151#return; {7758#true} is VALID [2022-02-20 18:02:01,646 INFO L290 TraceCheckUtils]: 11: Hoare triple {7758#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7758#true} is VALID [2022-02-20 18:02:01,647 INFO L272 TraceCheckUtils]: 12: Hoare triple {7758#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:01,647 INFO L290 TraceCheckUtils]: 13: Hoare triple {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,647 INFO L290 TraceCheckUtils]: 14: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,647 INFO L290 TraceCheckUtils]: 15: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,647 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7758#true} {7758#true} #1153#return; {7758#true} is VALID [2022-02-20 18:02:01,648 INFO L290 TraceCheckUtils]: 17: Hoare triple {7758#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7768#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:01,648 INFO L272 TraceCheckUtils]: 18: Hoare triple {7768#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:01,649 INFO L290 TraceCheckUtils]: 19: Hoare triple {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7810#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:01,649 INFO L290 TraceCheckUtils]: 20: Hoare triple {7810#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7811#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:01,650 INFO L290 TraceCheckUtils]: 21: Hoare triple {7811#(= |setClientId_#in~handle| 1)} assume true; {7811#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:01,650 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7811#(= |setClientId_#in~handle| 1)} {7768#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1155#return; {7759#false} is VALID [2022-02-20 18:02:01,650 INFO L290 TraceCheckUtils]: 23: Hoare triple {7759#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7759#false} is VALID [2022-02-20 18:02:01,650 INFO L272 TraceCheckUtils]: 24: Hoare triple {7759#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:01,650 INFO L290 TraceCheckUtils]: 25: Hoare triple {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,651 INFO L290 TraceCheckUtils]: 26: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,651 INFO L290 TraceCheckUtils]: 27: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,651 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7758#true} {7759#false} #1157#return; {7759#false} is VALID [2022-02-20 18:02:01,651 INFO L290 TraceCheckUtils]: 29: Hoare triple {7759#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7759#false} is VALID [2022-02-20 18:02:01,651 INFO L272 TraceCheckUtils]: 30: Hoare triple {7759#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:01,651 INFO L290 TraceCheckUtils]: 31: Hoare triple {7808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,651 INFO L290 TraceCheckUtils]: 32: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,651 INFO L290 TraceCheckUtils]: 33: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,651 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7758#true} {7759#false} #1159#return; {7759#false} is VALID [2022-02-20 18:02:01,652 INFO L290 TraceCheckUtils]: 35: Hoare triple {7759#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7759#false} is VALID [2022-02-20 18:02:01,652 INFO L272 TraceCheckUtils]: 36: Hoare triple {7759#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:01,652 INFO L290 TraceCheckUtils]: 37: Hoare triple {7809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,652 INFO L290 TraceCheckUtils]: 38: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,652 INFO L290 TraceCheckUtils]: 39: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,652 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7758#true} {7759#false} #1161#return; {7759#false} is VALID [2022-02-20 18:02:01,652 INFO L290 TraceCheckUtils]: 41: Hoare triple {7759#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {7759#false} is VALID [2022-02-20 18:02:01,652 INFO L290 TraceCheckUtils]: 42: Hoare triple {7759#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7759#false} is VALID [2022-02-20 18:02:01,652 INFO L290 TraceCheckUtils]: 43: Hoare triple {7759#false} assume !false; {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 44: Hoare triple {7759#false} assume test_~splverifierCounter~0#1 < 4; {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 45: Hoare triple {7759#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 46: Hoare triple {7759#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 47: Hoare triple {7759#false} assume !(0 != test_~tmp___9~0#1); {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 48: Hoare triple {7759#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 49: Hoare triple {7759#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 50: Hoare triple {7759#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 51: Hoare triple {7759#false} assume { :end_inline_setClientAutoResponse } true; {7759#false} is VALID [2022-02-20 18:02:01,653 INFO L290 TraceCheckUtils]: 52: Hoare triple {7759#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {7759#false} is VALID [2022-02-20 18:02:01,654 INFO L290 TraceCheckUtils]: 53: Hoare triple {7759#false} assume !false; {7759#false} is VALID [2022-02-20 18:02:01,654 INFO L290 TraceCheckUtils]: 54: Hoare triple {7759#false} assume !(test_~splverifierCounter~0#1 < 4); {7759#false} is VALID [2022-02-20 18:02:01,654 INFO L290 TraceCheckUtils]: 55: Hoare triple {7759#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {7759#false} is VALID [2022-02-20 18:02:01,654 INFO L272 TraceCheckUtils]: 56: Hoare triple {7759#false} call sendEmail(~bob~0, ~rjh~0); {7759#false} is VALID [2022-02-20 18:02:01,654 INFO L290 TraceCheckUtils]: 57: Hoare triple {7759#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7759#false} is VALID [2022-02-20 18:02:01,654 INFO L272 TraceCheckUtils]: 58: Hoare triple {7759#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:01,654 INFO L290 TraceCheckUtils]: 59: Hoare triple {7812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,654 INFO L290 TraceCheckUtils]: 60: Hoare triple {7758#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,654 INFO L290 TraceCheckUtils]: 61: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,654 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7758#true} {7759#false} #1119#return; {7759#false} is VALID [2022-02-20 18:02:01,655 INFO L272 TraceCheckUtils]: 63: Hoare triple {7759#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:01,655 INFO L290 TraceCheckUtils]: 64: Hoare triple {7813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,655 INFO L290 TraceCheckUtils]: 65: Hoare triple {7758#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,655 INFO L290 TraceCheckUtils]: 66: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,655 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {7758#true} {7759#false} #1121#return; {7759#false} is VALID [2022-02-20 18:02:01,655 INFO L290 TraceCheckUtils]: 68: Hoare triple {7759#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {7759#false} is VALID [2022-02-20 18:02:01,655 INFO L290 TraceCheckUtils]: 69: Hoare triple {7759#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {7759#false} is VALID [2022-02-20 18:02:01,655 INFO L272 TraceCheckUtils]: 70: Hoare triple {7759#false} call outgoing(~sender#1, ~email~0#1); {7759#false} is VALID [2022-02-20 18:02:01,655 INFO L290 TraceCheckUtils]: 71: Hoare triple {7759#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {7759#false} is VALID [2022-02-20 18:02:01,656 INFO L290 TraceCheckUtils]: 72: Hoare triple {7759#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {7759#false} is VALID [2022-02-20 18:02:01,656 INFO L290 TraceCheckUtils]: 73: Hoare triple {7759#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {7759#false} is VALID [2022-02-20 18:02:01,656 INFO L290 TraceCheckUtils]: 74: Hoare triple {7759#false} assume 0 == sign_~privkey~0#1; {7759#false} is VALID [2022-02-20 18:02:01,656 INFO L290 TraceCheckUtils]: 75: Hoare triple {7759#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {7759#false} is VALID [2022-02-20 18:02:01,656 INFO L272 TraceCheckUtils]: 76: Hoare triple {7759#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {7758#true} is VALID [2022-02-20 18:02:01,656 INFO L290 TraceCheckUtils]: 77: Hoare triple {7758#true} ~handle := #in~handle;havoc ~retValue_acc~25; {7758#true} is VALID [2022-02-20 18:02:01,656 INFO L290 TraceCheckUtils]: 78: Hoare triple {7758#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {7758#true} is VALID [2022-02-20 18:02:01,657 INFO L290 TraceCheckUtils]: 79: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,657 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {7758#true} {7759#false} #1101#return; {7759#false} is VALID [2022-02-20 18:02:01,657 INFO L290 TraceCheckUtils]: 81: Hoare triple {7759#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {7759#false} is VALID [2022-02-20 18:02:01,657 INFO L290 TraceCheckUtils]: 82: Hoare triple {7759#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {7759#false} is VALID [2022-02-20 18:02:01,657 INFO L272 TraceCheckUtils]: 83: Hoare triple {7759#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {7759#false} is VALID [2022-02-20 18:02:01,657 INFO L290 TraceCheckUtils]: 84: Hoare triple {7759#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {7759#false} is VALID [2022-02-20 18:02:01,657 INFO L290 TraceCheckUtils]: 85: Hoare triple {7759#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {7759#false} is VALID [2022-02-20 18:02:01,657 INFO L290 TraceCheckUtils]: 86: Hoare triple {7759#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {7759#false} is VALID [2022-02-20 18:02:01,657 INFO L272 TraceCheckUtils]: 87: Hoare triple {7759#false} call setEmailFrom(~msg#1, ~tmp~1#1); {7812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:01,658 INFO L290 TraceCheckUtils]: 88: Hoare triple {7812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:01,658 INFO L290 TraceCheckUtils]: 89: Hoare triple {7758#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:01,658 INFO L290 TraceCheckUtils]: 90: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,658 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7758#true} {7759#false} #1133#return; {7759#false} is VALID [2022-02-20 18:02:01,658 INFO L290 TraceCheckUtils]: 92: Hoare triple {7759#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {7759#false} is VALID [2022-02-20 18:02:01,658 INFO L272 TraceCheckUtils]: 93: Hoare triple {7759#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {7758#true} is VALID [2022-02-20 18:02:01,658 INFO L290 TraceCheckUtils]: 94: Hoare triple {7758#true} ~handle := #in~handle;havoc ~retValue_acc~12; {7758#true} is VALID [2022-02-20 18:02:01,658 INFO L290 TraceCheckUtils]: 95: Hoare triple {7758#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {7758#true} is VALID [2022-02-20 18:02:01,658 INFO L290 TraceCheckUtils]: 96: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,659 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {7758#true} {7759#false} #1135#return; {7759#false} is VALID [2022-02-20 18:02:01,659 INFO L290 TraceCheckUtils]: 98: Hoare triple {7759#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {7759#false} is VALID [2022-02-20 18:02:01,659 INFO L272 TraceCheckUtils]: 99: Hoare triple {7759#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {7758#true} is VALID [2022-02-20 18:02:01,659 INFO L290 TraceCheckUtils]: 100: Hoare triple {7758#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {7758#true} is VALID [2022-02-20 18:02:01,659 INFO L290 TraceCheckUtils]: 101: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:01,659 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {7758#true} {7759#false} #1137#return; {7759#false} is VALID [2022-02-20 18:02:01,659 INFO L290 TraceCheckUtils]: 103: Hoare triple {7759#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {7759#false} is VALID [2022-02-20 18:02:01,659 INFO L290 TraceCheckUtils]: 104: Hoare triple {7759#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {7759#false} is VALID [2022-02-20 18:02:01,659 INFO L290 TraceCheckUtils]: 105: Hoare triple {7759#false} assume !false; {7759#false} is VALID [2022-02-20 18:02:01,660 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:02:01,663 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:01,663 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2128319527] [2022-02-20 18:02:01,663 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2128319527] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:01,663 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1391638740] [2022-02-20 18:02:01,663 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:01,664 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:01,664 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:01,680 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:01,706 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:02:01,896 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,901 INFO L263 TraceCheckSpWp]: Trace formula consists of 1072 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:02:01,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:01,950 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:02,290 INFO L290 TraceCheckUtils]: 0: Hoare triple {7758#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 1: Hoare triple {7758#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 2: Hoare triple {7758#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 3: Hoare triple {7758#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 4: Hoare triple {7758#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 5: Hoare triple {7758#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L272 TraceCheckUtils]: 6: Hoare triple {7758#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 7: Hoare triple {7758#true} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 8: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 9: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7758#true} {7758#true} #1151#return; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 11: Hoare triple {7758#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L272 TraceCheckUtils]: 12: Hoare triple {7758#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 13: Hoare triple {7758#true} ~handle := #in~handle;~value := #in~value; {7758#true} is VALID [2022-02-20 18:02:02,291 INFO L290 TraceCheckUtils]: 14: Hoare triple {7758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7758#true} is VALID [2022-02-20 18:02:02,292 INFO L290 TraceCheckUtils]: 15: Hoare triple {7758#true} assume true; {7758#true} is VALID [2022-02-20 18:02:02,292 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7758#true} {7758#true} #1153#return; {7758#true} is VALID [2022-02-20 18:02:02,297 INFO L290 TraceCheckUtils]: 17: Hoare triple {7758#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7868#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:02,297 INFO L272 TraceCheckUtils]: 18: Hoare triple {7868#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7758#true} is VALID [2022-02-20 18:02:02,297 INFO L290 TraceCheckUtils]: 19: Hoare triple {7758#true} ~handle := #in~handle;~value := #in~value; {7875#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:02:02,298 INFO L290 TraceCheckUtils]: 20: Hoare triple {7875#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7879#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:02,298 INFO L290 TraceCheckUtils]: 21: Hoare triple {7879#(<= |setClientId_#in~handle| 1)} assume true; {7879#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:02,299 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7879#(<= |setClientId_#in~handle| 1)} {7868#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1155#return; {7759#false} is VALID [2022-02-20 18:02:02,299 INFO L290 TraceCheckUtils]: 23: Hoare triple {7759#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7759#false} is VALID [2022-02-20 18:02:02,299 INFO L272 TraceCheckUtils]: 24: Hoare triple {7759#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7759#false} is VALID [2022-02-20 18:02:02,301 INFO L290 TraceCheckUtils]: 25: Hoare triple {7759#false} ~handle := #in~handle;~value := #in~value; {7759#false} is VALID [2022-02-20 18:02:02,301 INFO L290 TraceCheckUtils]: 26: Hoare triple {7759#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7759#false} is VALID [2022-02-20 18:02:02,301 INFO L290 TraceCheckUtils]: 27: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,301 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7759#false} {7759#false} #1157#return; {7759#false} is VALID [2022-02-20 18:02:02,301 INFO L290 TraceCheckUtils]: 29: Hoare triple {7759#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7759#false} is VALID [2022-02-20 18:02:02,301 INFO L272 TraceCheckUtils]: 30: Hoare triple {7759#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7759#false} is VALID [2022-02-20 18:02:02,301 INFO L290 TraceCheckUtils]: 31: Hoare triple {7759#false} ~handle := #in~handle;~value := #in~value; {7759#false} is VALID [2022-02-20 18:02:02,301 INFO L290 TraceCheckUtils]: 32: Hoare triple {7759#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L290 TraceCheckUtils]: 33: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7759#false} {7759#false} #1159#return; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L290 TraceCheckUtils]: 35: Hoare triple {7759#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L272 TraceCheckUtils]: 36: Hoare triple {7759#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L290 TraceCheckUtils]: 37: Hoare triple {7759#false} ~handle := #in~handle;~value := #in~value; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L290 TraceCheckUtils]: 38: Hoare triple {7759#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L290 TraceCheckUtils]: 39: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7759#false} {7759#false} #1161#return; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L290 TraceCheckUtils]: 41: Hoare triple {7759#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {7759#false} is VALID [2022-02-20 18:02:02,302 INFO L290 TraceCheckUtils]: 42: Hoare triple {7759#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7759#false} is VALID [2022-02-20 18:02:02,303 INFO L290 TraceCheckUtils]: 43: Hoare triple {7759#false} assume !false; {7759#false} is VALID [2022-02-20 18:02:02,303 INFO L290 TraceCheckUtils]: 44: Hoare triple {7759#false} assume test_~splverifierCounter~0#1 < 4; {7759#false} is VALID [2022-02-20 18:02:02,303 INFO L290 TraceCheckUtils]: 45: Hoare triple {7759#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7759#false} is VALID [2022-02-20 18:02:02,303 INFO L290 TraceCheckUtils]: 46: Hoare triple {7759#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {7759#false} is VALID [2022-02-20 18:02:02,303 INFO L290 TraceCheckUtils]: 47: Hoare triple {7759#false} assume !(0 != test_~tmp___9~0#1); {7759#false} is VALID [2022-02-20 18:02:02,303 INFO L290 TraceCheckUtils]: 48: Hoare triple {7759#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {7759#false} is VALID [2022-02-20 18:02:02,303 INFO L290 TraceCheckUtils]: 49: Hoare triple {7759#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {7759#false} is VALID [2022-02-20 18:02:02,303 INFO L290 TraceCheckUtils]: 50: Hoare triple {7759#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L290 TraceCheckUtils]: 51: Hoare triple {7759#false} assume { :end_inline_setClientAutoResponse } true; {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L290 TraceCheckUtils]: 52: Hoare triple {7759#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L290 TraceCheckUtils]: 53: Hoare triple {7759#false} assume !false; {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L290 TraceCheckUtils]: 54: Hoare triple {7759#false} assume !(test_~splverifierCounter~0#1 < 4); {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L290 TraceCheckUtils]: 55: Hoare triple {7759#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L272 TraceCheckUtils]: 56: Hoare triple {7759#false} call sendEmail(~bob~0, ~rjh~0); {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L290 TraceCheckUtils]: 57: Hoare triple {7759#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L272 TraceCheckUtils]: 58: Hoare triple {7759#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L290 TraceCheckUtils]: 59: Hoare triple {7759#false} ~handle := #in~handle;~value := #in~value; {7759#false} is VALID [2022-02-20 18:02:02,304 INFO L290 TraceCheckUtils]: 60: Hoare triple {7759#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L290 TraceCheckUtils]: 61: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7759#false} {7759#false} #1119#return; {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L272 TraceCheckUtils]: 63: Hoare triple {7759#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L290 TraceCheckUtils]: 64: Hoare triple {7759#false} ~handle := #in~handle;~value := #in~value; {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L290 TraceCheckUtils]: 65: Hoare triple {7759#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L290 TraceCheckUtils]: 66: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {7759#false} {7759#false} #1121#return; {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L290 TraceCheckUtils]: 68: Hoare triple {7759#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {7759#false} is VALID [2022-02-20 18:02:02,305 INFO L290 TraceCheckUtils]: 69: Hoare triple {7759#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {7759#false} is VALID [2022-02-20 18:02:02,306 INFO L272 TraceCheckUtils]: 70: Hoare triple {7759#false} call outgoing(~sender#1, ~email~0#1); {7759#false} is VALID [2022-02-20 18:02:02,306 INFO L290 TraceCheckUtils]: 71: Hoare triple {7759#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {7759#false} is VALID [2022-02-20 18:02:02,306 INFO L290 TraceCheckUtils]: 72: Hoare triple {7759#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {7759#false} is VALID [2022-02-20 18:02:02,306 INFO L290 TraceCheckUtils]: 73: Hoare triple {7759#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {7759#false} is VALID [2022-02-20 18:02:02,306 INFO L290 TraceCheckUtils]: 74: Hoare triple {7759#false} assume 0 == sign_~privkey~0#1; {7759#false} is VALID [2022-02-20 18:02:02,306 INFO L290 TraceCheckUtils]: 75: Hoare triple {7759#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {7759#false} is VALID [2022-02-20 18:02:02,306 INFO L272 TraceCheckUtils]: 76: Hoare triple {7759#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {7759#false} is VALID [2022-02-20 18:02:02,306 INFO L290 TraceCheckUtils]: 77: Hoare triple {7759#false} ~handle := #in~handle;havoc ~retValue_acc~25; {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L290 TraceCheckUtils]: 78: Hoare triple {7759#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L290 TraceCheckUtils]: 79: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {7759#false} {7759#false} #1101#return; {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L290 TraceCheckUtils]: 81: Hoare triple {7759#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L290 TraceCheckUtils]: 82: Hoare triple {7759#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L272 TraceCheckUtils]: 83: Hoare triple {7759#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L290 TraceCheckUtils]: 84: Hoare triple {7759#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L290 TraceCheckUtils]: 85: Hoare triple {7759#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {7759#false} is VALID [2022-02-20 18:02:02,307 INFO L290 TraceCheckUtils]: 86: Hoare triple {7759#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L272 TraceCheckUtils]: 87: Hoare triple {7759#false} call setEmailFrom(~msg#1, ~tmp~1#1); {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L290 TraceCheckUtils]: 88: Hoare triple {7759#false} ~handle := #in~handle;~value := #in~value; {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L290 TraceCheckUtils]: 89: Hoare triple {7759#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L290 TraceCheckUtils]: 90: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7759#false} {7759#false} #1133#return; {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L290 TraceCheckUtils]: 92: Hoare triple {7759#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L272 TraceCheckUtils]: 93: Hoare triple {7759#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L290 TraceCheckUtils]: 94: Hoare triple {7759#false} ~handle := #in~handle;havoc ~retValue_acc~12; {7759#false} is VALID [2022-02-20 18:02:02,308 INFO L290 TraceCheckUtils]: 95: Hoare triple {7759#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L290 TraceCheckUtils]: 96: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {7759#false} {7759#false} #1135#return; {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L290 TraceCheckUtils]: 98: Hoare triple {7759#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L272 TraceCheckUtils]: 99: Hoare triple {7759#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L290 TraceCheckUtils]: 100: Hoare triple {7759#false} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L290 TraceCheckUtils]: 101: Hoare triple {7759#false} assume true; {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {7759#false} {7759#false} #1137#return; {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L290 TraceCheckUtils]: 103: Hoare triple {7759#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {7759#false} is VALID [2022-02-20 18:02:02,309 INFO L290 TraceCheckUtils]: 104: Hoare triple {7759#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {7759#false} is VALID [2022-02-20 18:02:02,310 INFO L290 TraceCheckUtils]: 105: Hoare triple {7759#false} assume !false; {7759#false} is VALID [2022-02-20 18:02:02,310 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:02:02,310 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:02,310 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1391638740] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:02,310 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:02,310 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:02:02,311 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1444663897] [2022-02-20 18:02:02,311 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:02,311 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 18:02:02,311 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:02,312 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:02,372 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:02,372 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:02,372 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:02,373 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:02,373 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:02,373 INFO L87 Difference]: Start difference. First operand 424 states and 664 transitions. Second operand has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:03,298 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:03,299 INFO L93 Difference]: Finished difference Result 839 states and 1318 transitions. [2022-02-20 18:02:03,299 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:02:03,309 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 18:02:03,309 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:03,309 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:03,316 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1080 transitions. [2022-02-20 18:02:03,317 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:03,323 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1080 transitions. [2022-02-20 18:02:03,323 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1080 transitions. [2022-02-20 18:02:03,953 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1080 edges. 1080 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:03,967 INFO L225 Difference]: With dead ends: 839 [2022-02-20 18:02:03,967 INFO L226 Difference]: Without dead ends: 426 [2022-02-20 18:02:03,968 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:03,969 INFO L933 BasicCegarLoop]: 536 mSDtfsCounter, 152 mSDsluCounter, 1434 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 175 SdHoareTripleChecker+Valid, 1970 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:03,969 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [175 Valid, 1970 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:03,971 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 426 states. [2022-02-20 18:02:04,029 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 426 to 426. [2022-02-20 18:02:04,029 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:04,030 INFO L82 GeneralOperation]: Start isEquivalent. First operand 426 states. Second operand has 426 states, 339 states have (on average 1.5870206489675516) internal successors, (538), 342 states have internal predecessors, (538), 64 states have call successors, (64), 21 states have call predecessors, (64), 22 states have return successors, (65), 62 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 18:02:04,031 INFO L74 IsIncluded]: Start isIncluded. First operand 426 states. Second operand has 426 states, 339 states have (on average 1.5870206489675516) internal successors, (538), 342 states have internal predecessors, (538), 64 states have call successors, (64), 21 states have call predecessors, (64), 22 states have return successors, (65), 62 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 18:02:04,032 INFO L87 Difference]: Start difference. First operand 426 states. Second operand has 426 states, 339 states have (on average 1.5870206489675516) internal successors, (538), 342 states have internal predecessors, (538), 64 states have call successors, (64), 21 states have call predecessors, (64), 22 states have return successors, (65), 62 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 18:02:04,041 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:04,041 INFO L93 Difference]: Finished difference Result 426 states and 667 transitions. [2022-02-20 18:02:04,041 INFO L276 IsEmpty]: Start isEmpty. Operand 426 states and 667 transitions. [2022-02-20 18:02:04,042 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:04,042 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:04,043 INFO L74 IsIncluded]: Start isIncluded. First operand has 426 states, 339 states have (on average 1.5870206489675516) internal successors, (538), 342 states have internal predecessors, (538), 64 states have call successors, (64), 21 states have call predecessors, (64), 22 states have return successors, (65), 62 states have call predecessors, (65), 63 states have call successors, (65) Second operand 426 states. [2022-02-20 18:02:04,044 INFO L87 Difference]: Start difference. First operand has 426 states, 339 states have (on average 1.5870206489675516) internal successors, (538), 342 states have internal predecessors, (538), 64 states have call successors, (64), 21 states have call predecessors, (64), 22 states have return successors, (65), 62 states have call predecessors, (65), 63 states have call successors, (65) Second operand 426 states. [2022-02-20 18:02:04,054 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:04,054 INFO L93 Difference]: Finished difference Result 426 states and 667 transitions. [2022-02-20 18:02:04,054 INFO L276 IsEmpty]: Start isEmpty. Operand 426 states and 667 transitions. [2022-02-20 18:02:04,056 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:04,056 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:04,056 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:04,056 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:04,057 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 426 states, 339 states have (on average 1.5870206489675516) internal successors, (538), 342 states have internal predecessors, (538), 64 states have call successors, (64), 21 states have call predecessors, (64), 22 states have return successors, (65), 62 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 18:02:04,068 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 426 states to 426 states and 667 transitions. [2022-02-20 18:02:04,068 INFO L78 Accepts]: Start accepts. Automaton has 426 states and 667 transitions. Word has length 106 [2022-02-20 18:02:04,069 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:04,069 INFO L470 AbstractCegarLoop]: Abstraction has 426 states and 667 transitions. [2022-02-20 18:02:04,069 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:04,069 INFO L276 IsEmpty]: Start isEmpty. Operand 426 states and 667 transitions. [2022-02-20 18:02:04,070 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 108 [2022-02-20 18:02:04,070 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:04,071 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:04,107 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:04,283 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:04,283 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:04,284 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:04,284 INFO L85 PathProgramCache]: Analyzing trace with hash -1210001082, now seen corresponding path program 1 times [2022-02-20 18:02:04,284 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:04,284 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [118394925] [2022-02-20 18:02:04,284 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:04,284 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:04,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:04,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,377 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10740#true} #1151#return; {10740#true} is VALID [2022-02-20 18:02:04,383 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:04,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,395 INFO L290 TraceCheckUtils]: 0: Hoare triple {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,395 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,395 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,395 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10740#true} #1153#return; {10740#true} is VALID [2022-02-20 18:02:04,395 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:04,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,409 INFO L290 TraceCheckUtils]: 0: Hoare triple {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10794#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:04,410 INFO L290 TraceCheckUtils]: 1: Hoare triple {10794#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10794#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:04,410 INFO L290 TraceCheckUtils]: 2: Hoare triple {10794#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10795#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:04,410 INFO L290 TraceCheckUtils]: 3: Hoare triple {10795#(= 2 |setClientId_#in~handle|)} assume true; {10795#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:04,411 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10795#(= 2 |setClientId_#in~handle|)} {10750#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1155#return; {10756#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:04,411 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:04,413 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,443 INFO L290 TraceCheckUtils]: 0: Hoare triple {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10796#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:04,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {10796#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10797#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:04,445 INFO L290 TraceCheckUtils]: 2: Hoare triple {10797#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10797#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:04,446 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10797#(= |setClientPrivateKey_#in~handle| 1)} {10756#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1157#return; {10741#false} is VALID [2022-02-20 18:02:04,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:02:04,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,451 INFO L290 TraceCheckUtils]: 0: Hoare triple {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,452 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,452 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,452 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10741#false} #1159#return; {10741#false} is VALID [2022-02-20 18:02:04,453 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:02:04,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,457 INFO L290 TraceCheckUtils]: 0: Hoare triple {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,457 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,457 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,457 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10741#false} #1161#return; {10741#false} is VALID [2022-02-20 18:02:04,465 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:02:04,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,471 INFO L290 TraceCheckUtils]: 0: Hoare triple {10798#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,471 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,471 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,471 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10741#false} #1119#return; {10741#false} is VALID [2022-02-20 18:02:04,479 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:02:04,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,484 INFO L290 TraceCheckUtils]: 0: Hoare triple {10799#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,484 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,485 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,485 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10741#false} #1121#return; {10741#false} is VALID [2022-02-20 18:02:04,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:02:04,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,488 INFO L290 TraceCheckUtils]: 0: Hoare triple {10740#true} ~handle := #in~handle;havoc ~retValue_acc~25; {10740#true} is VALID [2022-02-20 18:02:04,489 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {10740#true} is VALID [2022-02-20 18:02:04,489 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,489 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10741#false} #1101#return; {10741#false} is VALID [2022-02-20 18:02:04,489 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:02:04,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {10798#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10741#false} #1133#return; {10741#false} is VALID [2022-02-20 18:02:04,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:02:04,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,494 INFO L290 TraceCheckUtils]: 0: Hoare triple {10740#true} ~handle := #in~handle;havoc ~retValue_acc~12; {10740#true} is VALID [2022-02-20 18:02:04,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {10740#true} is VALID [2022-02-20 18:02:04,494 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,494 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10740#true} {10741#false} #1135#return; {10741#false} is VALID [2022-02-20 18:02:04,495 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:02:04,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {10740#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {10740#true} is VALID [2022-02-20 18:02:04,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,497 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {10740#true} {10741#false} #1137#return; {10741#false} is VALID [2022-02-20 18:02:04,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {10740#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {10740#true} is VALID [2022-02-20 18:02:04,498 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {10740#true} is VALID [2022-02-20 18:02:04,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10740#true} is VALID [2022-02-20 18:02:04,498 INFO L290 TraceCheckUtils]: 3: Hoare triple {10740#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {10740#true} is VALID [2022-02-20 18:02:04,498 INFO L290 TraceCheckUtils]: 4: Hoare triple {10740#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {10740#true} is VALID [2022-02-20 18:02:04,498 INFO L290 TraceCheckUtils]: 5: Hoare triple {10740#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10740#true} is VALID [2022-02-20 18:02:04,499 INFO L272 TraceCheckUtils]: 6: Hoare triple {10740#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:04,499 INFO L290 TraceCheckUtils]: 7: Hoare triple {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,499 INFO L290 TraceCheckUtils]: 8: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,499 INFO L290 TraceCheckUtils]: 9: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,499 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10740#true} {10740#true} #1151#return; {10740#true} is VALID [2022-02-20 18:02:04,499 INFO L290 TraceCheckUtils]: 11: Hoare triple {10740#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10740#true} is VALID [2022-02-20 18:02:04,500 INFO L272 TraceCheckUtils]: 12: Hoare triple {10740#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:04,500 INFO L290 TraceCheckUtils]: 13: Hoare triple {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,500 INFO L290 TraceCheckUtils]: 14: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,500 INFO L290 TraceCheckUtils]: 15: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,500 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10740#true} {10740#true} #1153#return; {10740#true} is VALID [2022-02-20 18:02:04,501 INFO L290 TraceCheckUtils]: 17: Hoare triple {10740#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10750#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:04,501 INFO L272 TraceCheckUtils]: 18: Hoare triple {10750#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:04,501 INFO L290 TraceCheckUtils]: 19: Hoare triple {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10794#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:04,502 INFO L290 TraceCheckUtils]: 20: Hoare triple {10794#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10794#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:04,502 INFO L290 TraceCheckUtils]: 21: Hoare triple {10794#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10795#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:04,502 INFO L290 TraceCheckUtils]: 22: Hoare triple {10795#(= 2 |setClientId_#in~handle|)} assume true; {10795#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:04,503 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10795#(= 2 |setClientId_#in~handle|)} {10750#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1155#return; {10756#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:04,503 INFO L290 TraceCheckUtils]: 24: Hoare triple {10756#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {10756#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:04,503 INFO L272 TraceCheckUtils]: 25: Hoare triple {10756#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:04,504 INFO L290 TraceCheckUtils]: 26: Hoare triple {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10796#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:04,504 INFO L290 TraceCheckUtils]: 27: Hoare triple {10796#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10797#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:04,504 INFO L290 TraceCheckUtils]: 28: Hoare triple {10797#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10797#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:04,505 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10797#(= |setClientPrivateKey_#in~handle| 1)} {10756#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1157#return; {10741#false} is VALID [2022-02-20 18:02:04,505 INFO L290 TraceCheckUtils]: 30: Hoare triple {10741#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10741#false} is VALID [2022-02-20 18:02:04,505 INFO L272 TraceCheckUtils]: 31: Hoare triple {10741#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:04,505 INFO L290 TraceCheckUtils]: 32: Hoare triple {10792#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,505 INFO L290 TraceCheckUtils]: 33: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,505 INFO L290 TraceCheckUtils]: 34: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,505 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10740#true} {10741#false} #1159#return; {10741#false} is VALID [2022-02-20 18:02:04,505 INFO L290 TraceCheckUtils]: 36: Hoare triple {10741#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10741#false} is VALID [2022-02-20 18:02:04,506 INFO L272 TraceCheckUtils]: 37: Hoare triple {10741#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:04,506 INFO L290 TraceCheckUtils]: 38: Hoare triple {10793#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,506 INFO L290 TraceCheckUtils]: 39: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,506 INFO L290 TraceCheckUtils]: 40: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,506 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10740#true} {10741#false} #1161#return; {10741#false} is VALID [2022-02-20 18:02:04,506 INFO L290 TraceCheckUtils]: 42: Hoare triple {10741#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {10741#false} is VALID [2022-02-20 18:02:04,506 INFO L290 TraceCheckUtils]: 43: Hoare triple {10741#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10741#false} is VALID [2022-02-20 18:02:04,506 INFO L290 TraceCheckUtils]: 44: Hoare triple {10741#false} assume !false; {10741#false} is VALID [2022-02-20 18:02:04,506 INFO L290 TraceCheckUtils]: 45: Hoare triple {10741#false} assume test_~splverifierCounter~0#1 < 4; {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 46: Hoare triple {10741#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 47: Hoare triple {10741#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 48: Hoare triple {10741#false} assume !(0 != test_~tmp___9~0#1); {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 49: Hoare triple {10741#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 50: Hoare triple {10741#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 51: Hoare triple {10741#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 52: Hoare triple {10741#false} assume { :end_inline_setClientAutoResponse } true; {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 53: Hoare triple {10741#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {10741#false} is VALID [2022-02-20 18:02:04,507 INFO L290 TraceCheckUtils]: 54: Hoare triple {10741#false} assume !false; {10741#false} is VALID [2022-02-20 18:02:04,508 INFO L290 TraceCheckUtils]: 55: Hoare triple {10741#false} assume !(test_~splverifierCounter~0#1 < 4); {10741#false} is VALID [2022-02-20 18:02:04,508 INFO L290 TraceCheckUtils]: 56: Hoare triple {10741#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {10741#false} is VALID [2022-02-20 18:02:04,508 INFO L272 TraceCheckUtils]: 57: Hoare triple {10741#false} call sendEmail(~bob~0, ~rjh~0); {10741#false} is VALID [2022-02-20 18:02:04,508 INFO L290 TraceCheckUtils]: 58: Hoare triple {10741#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10741#false} is VALID [2022-02-20 18:02:04,508 INFO L272 TraceCheckUtils]: 59: Hoare triple {10741#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10798#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:04,508 INFO L290 TraceCheckUtils]: 60: Hoare triple {10798#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,508 INFO L290 TraceCheckUtils]: 61: Hoare triple {10740#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,508 INFO L290 TraceCheckUtils]: 62: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,508 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {10740#true} {10741#false} #1119#return; {10741#false} is VALID [2022-02-20 18:02:04,509 INFO L272 TraceCheckUtils]: 64: Hoare triple {10741#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10799#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:04,509 INFO L290 TraceCheckUtils]: 65: Hoare triple {10799#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,509 INFO L290 TraceCheckUtils]: 66: Hoare triple {10740#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,509 INFO L290 TraceCheckUtils]: 67: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,509 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {10740#true} {10741#false} #1121#return; {10741#false} is VALID [2022-02-20 18:02:04,509 INFO L290 TraceCheckUtils]: 69: Hoare triple {10741#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {10741#false} is VALID [2022-02-20 18:02:04,509 INFO L290 TraceCheckUtils]: 70: Hoare triple {10741#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {10741#false} is VALID [2022-02-20 18:02:04,509 INFO L272 TraceCheckUtils]: 71: Hoare triple {10741#false} call outgoing(~sender#1, ~email~0#1); {10741#false} is VALID [2022-02-20 18:02:04,509 INFO L290 TraceCheckUtils]: 72: Hoare triple {10741#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {10741#false} is VALID [2022-02-20 18:02:04,509 INFO L290 TraceCheckUtils]: 73: Hoare triple {10741#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {10741#false} is VALID [2022-02-20 18:02:04,510 INFO L290 TraceCheckUtils]: 74: Hoare triple {10741#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {10741#false} is VALID [2022-02-20 18:02:04,510 INFO L290 TraceCheckUtils]: 75: Hoare triple {10741#false} assume 0 == sign_~privkey~0#1; {10741#false} is VALID [2022-02-20 18:02:04,510 INFO L290 TraceCheckUtils]: 76: Hoare triple {10741#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {10741#false} is VALID [2022-02-20 18:02:04,510 INFO L272 TraceCheckUtils]: 77: Hoare triple {10741#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {10740#true} is VALID [2022-02-20 18:02:04,510 INFO L290 TraceCheckUtils]: 78: Hoare triple {10740#true} ~handle := #in~handle;havoc ~retValue_acc~25; {10740#true} is VALID [2022-02-20 18:02:04,510 INFO L290 TraceCheckUtils]: 79: Hoare triple {10740#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {10740#true} is VALID [2022-02-20 18:02:04,510 INFO L290 TraceCheckUtils]: 80: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,510 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {10740#true} {10741#false} #1101#return; {10741#false} is VALID [2022-02-20 18:02:04,510 INFO L290 TraceCheckUtils]: 82: Hoare triple {10741#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {10741#false} is VALID [2022-02-20 18:02:04,511 INFO L290 TraceCheckUtils]: 83: Hoare triple {10741#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {10741#false} is VALID [2022-02-20 18:02:04,511 INFO L272 TraceCheckUtils]: 84: Hoare triple {10741#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {10741#false} is VALID [2022-02-20 18:02:04,511 INFO L290 TraceCheckUtils]: 85: Hoare triple {10741#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {10741#false} is VALID [2022-02-20 18:02:04,511 INFO L290 TraceCheckUtils]: 86: Hoare triple {10741#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {10741#false} is VALID [2022-02-20 18:02:04,511 INFO L290 TraceCheckUtils]: 87: Hoare triple {10741#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {10741#false} is VALID [2022-02-20 18:02:04,511 INFO L272 TraceCheckUtils]: 88: Hoare triple {10741#false} call setEmailFrom(~msg#1, ~tmp~1#1); {10798#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:04,511 INFO L290 TraceCheckUtils]: 89: Hoare triple {10798#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:04,511 INFO L290 TraceCheckUtils]: 90: Hoare triple {10740#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:04,511 INFO L290 TraceCheckUtils]: 91: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,512 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {10740#true} {10741#false} #1133#return; {10741#false} is VALID [2022-02-20 18:02:04,512 INFO L290 TraceCheckUtils]: 93: Hoare triple {10741#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {10741#false} is VALID [2022-02-20 18:02:04,512 INFO L272 TraceCheckUtils]: 94: Hoare triple {10741#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {10740#true} is VALID [2022-02-20 18:02:04,512 INFO L290 TraceCheckUtils]: 95: Hoare triple {10740#true} ~handle := #in~handle;havoc ~retValue_acc~12; {10740#true} is VALID [2022-02-20 18:02:04,512 INFO L290 TraceCheckUtils]: 96: Hoare triple {10740#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {10740#true} is VALID [2022-02-20 18:02:04,512 INFO L290 TraceCheckUtils]: 97: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,512 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {10740#true} {10741#false} #1135#return; {10741#false} is VALID [2022-02-20 18:02:04,512 INFO L290 TraceCheckUtils]: 99: Hoare triple {10741#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {10741#false} is VALID [2022-02-20 18:02:04,512 INFO L272 TraceCheckUtils]: 100: Hoare triple {10741#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {10740#true} is VALID [2022-02-20 18:02:04,513 INFO L290 TraceCheckUtils]: 101: Hoare triple {10740#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {10740#true} is VALID [2022-02-20 18:02:04,513 INFO L290 TraceCheckUtils]: 102: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:04,513 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {10740#true} {10741#false} #1137#return; {10741#false} is VALID [2022-02-20 18:02:04,513 INFO L290 TraceCheckUtils]: 104: Hoare triple {10741#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {10741#false} is VALID [2022-02-20 18:02:04,513 INFO L290 TraceCheckUtils]: 105: Hoare triple {10741#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {10741#false} is VALID [2022-02-20 18:02:04,513 INFO L290 TraceCheckUtils]: 106: Hoare triple {10741#false} assume !false; {10741#false} is VALID [2022-02-20 18:02:04,513 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:02:04,514 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:04,514 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [118394925] [2022-02-20 18:02:04,514 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [118394925] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:04,514 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1824985169] [2022-02-20 18:02:04,514 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:04,514 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:04,514 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:04,515 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:04,554 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:02:04,730 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,734 INFO L263 TraceCheckSpWp]: Trace formula consists of 1073 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:02:04,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:04,777 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:05,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {10740#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {10740#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {10740#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 3: Hoare triple {10740#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 4: Hoare triple {10740#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 5: Hoare triple {10740#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L272 TraceCheckUtils]: 6: Hoare triple {10740#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 7: Hoare triple {10740#true} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 8: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 9: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10740#true} {10740#true} #1151#return; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 11: Hoare triple {10740#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L272 TraceCheckUtils]: 12: Hoare triple {10740#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10740#true} is VALID [2022-02-20 18:02:05,002 INFO L290 TraceCheckUtils]: 13: Hoare triple {10740#true} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:05,003 INFO L290 TraceCheckUtils]: 14: Hoare triple {10740#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:05,003 INFO L290 TraceCheckUtils]: 15: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:05,003 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10740#true} {10740#true} #1153#return; {10740#true} is VALID [2022-02-20 18:02:05,003 INFO L290 TraceCheckUtils]: 17: Hoare triple {10740#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10854#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:05,003 INFO L272 TraceCheckUtils]: 18: Hoare triple {10854#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10740#true} is VALID [2022-02-20 18:02:05,003 INFO L290 TraceCheckUtils]: 19: Hoare triple {10740#true} ~handle := #in~handle;~value := #in~value; {10740#true} is VALID [2022-02-20 18:02:05,003 INFO L290 TraceCheckUtils]: 20: Hoare triple {10740#true} assume !(1 == ~handle); {10740#true} is VALID [2022-02-20 18:02:05,003 INFO L290 TraceCheckUtils]: 21: Hoare triple {10740#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10740#true} is VALID [2022-02-20 18:02:05,003 INFO L290 TraceCheckUtils]: 22: Hoare triple {10740#true} assume true; {10740#true} is VALID [2022-02-20 18:02:05,004 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10740#true} {10854#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1155#return; {10854#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:05,004 INFO L290 TraceCheckUtils]: 24: Hoare triple {10854#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {10854#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:05,004 INFO L272 TraceCheckUtils]: 25: Hoare triple {10854#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10740#true} is VALID [2022-02-20 18:02:05,005 INFO L290 TraceCheckUtils]: 26: Hoare triple {10740#true} ~handle := #in~handle;~value := #in~value; {10882#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:02:05,005 INFO L290 TraceCheckUtils]: 27: Hoare triple {10882#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10886#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:05,005 INFO L290 TraceCheckUtils]: 28: Hoare triple {10886#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {10886#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:05,006 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10886#(<= |setClientPrivateKey_#in~handle| 1)} {10854#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1157#return; {10741#false} is VALID [2022-02-20 18:02:05,006 INFO L290 TraceCheckUtils]: 30: Hoare triple {10741#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10741#false} is VALID [2022-02-20 18:02:05,006 INFO L272 TraceCheckUtils]: 31: Hoare triple {10741#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10741#false} is VALID [2022-02-20 18:02:05,006 INFO L290 TraceCheckUtils]: 32: Hoare triple {10741#false} ~handle := #in~handle;~value := #in~value; {10741#false} is VALID [2022-02-20 18:02:05,006 INFO L290 TraceCheckUtils]: 33: Hoare triple {10741#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10741#false} is VALID [2022-02-20 18:02:05,006 INFO L290 TraceCheckUtils]: 34: Hoare triple {10741#false} assume true; {10741#false} is VALID [2022-02-20 18:02:05,006 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10741#false} {10741#false} #1159#return; {10741#false} is VALID [2022-02-20 18:02:05,006 INFO L290 TraceCheckUtils]: 36: Hoare triple {10741#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L272 TraceCheckUtils]: 37: Hoare triple {10741#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L290 TraceCheckUtils]: 38: Hoare triple {10741#false} ~handle := #in~handle;~value := #in~value; {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L290 TraceCheckUtils]: 39: Hoare triple {10741#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L290 TraceCheckUtils]: 40: Hoare triple {10741#false} assume true; {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10741#false} {10741#false} #1161#return; {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L290 TraceCheckUtils]: 42: Hoare triple {10741#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L290 TraceCheckUtils]: 43: Hoare triple {10741#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L290 TraceCheckUtils]: 44: Hoare triple {10741#false} assume !false; {10741#false} is VALID [2022-02-20 18:02:05,007 INFO L290 TraceCheckUtils]: 45: Hoare triple {10741#false} assume test_~splverifierCounter~0#1 < 4; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 46: Hoare triple {10741#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 47: Hoare triple {10741#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 48: Hoare triple {10741#false} assume !(0 != test_~tmp___9~0#1); {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 49: Hoare triple {10741#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 50: Hoare triple {10741#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 51: Hoare triple {10741#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 52: Hoare triple {10741#false} assume { :end_inline_setClientAutoResponse } true; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 53: Hoare triple {10741#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 54: Hoare triple {10741#false} assume !false; {10741#false} is VALID [2022-02-20 18:02:05,008 INFO L290 TraceCheckUtils]: 55: Hoare triple {10741#false} assume !(test_~splverifierCounter~0#1 < 4); {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L290 TraceCheckUtils]: 56: Hoare triple {10741#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L272 TraceCheckUtils]: 57: Hoare triple {10741#false} call sendEmail(~bob~0, ~rjh~0); {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L290 TraceCheckUtils]: 58: Hoare triple {10741#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L272 TraceCheckUtils]: 59: Hoare triple {10741#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L290 TraceCheckUtils]: 60: Hoare triple {10741#false} ~handle := #in~handle;~value := #in~value; {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L290 TraceCheckUtils]: 61: Hoare triple {10741#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L290 TraceCheckUtils]: 62: Hoare triple {10741#false} assume true; {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {10741#false} {10741#false} #1119#return; {10741#false} is VALID [2022-02-20 18:02:05,009 INFO L272 TraceCheckUtils]: 64: Hoare triple {10741#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L290 TraceCheckUtils]: 65: Hoare triple {10741#false} ~handle := #in~handle;~value := #in~value; {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L290 TraceCheckUtils]: 66: Hoare triple {10741#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L290 TraceCheckUtils]: 67: Hoare triple {10741#false} assume true; {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {10741#false} {10741#false} #1121#return; {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L290 TraceCheckUtils]: 69: Hoare triple {10741#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L290 TraceCheckUtils]: 70: Hoare triple {10741#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L272 TraceCheckUtils]: 71: Hoare triple {10741#false} call outgoing(~sender#1, ~email~0#1); {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L290 TraceCheckUtils]: 72: Hoare triple {10741#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {10741#false} is VALID [2022-02-20 18:02:05,010 INFO L290 TraceCheckUtils]: 73: Hoare triple {10741#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L290 TraceCheckUtils]: 74: Hoare triple {10741#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L290 TraceCheckUtils]: 75: Hoare triple {10741#false} assume 0 == sign_~privkey~0#1; {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L290 TraceCheckUtils]: 76: Hoare triple {10741#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L272 TraceCheckUtils]: 77: Hoare triple {10741#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L290 TraceCheckUtils]: 78: Hoare triple {10741#false} ~handle := #in~handle;havoc ~retValue_acc~25; {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L290 TraceCheckUtils]: 79: Hoare triple {10741#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L290 TraceCheckUtils]: 80: Hoare triple {10741#false} assume true; {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {10741#false} {10741#false} #1101#return; {10741#false} is VALID [2022-02-20 18:02:05,011 INFO L290 TraceCheckUtils]: 82: Hoare triple {10741#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L290 TraceCheckUtils]: 83: Hoare triple {10741#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L272 TraceCheckUtils]: 84: Hoare triple {10741#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L290 TraceCheckUtils]: 85: Hoare triple {10741#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L290 TraceCheckUtils]: 86: Hoare triple {10741#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L290 TraceCheckUtils]: 87: Hoare triple {10741#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L272 TraceCheckUtils]: 88: Hoare triple {10741#false} call setEmailFrom(~msg#1, ~tmp~1#1); {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L290 TraceCheckUtils]: 89: Hoare triple {10741#false} ~handle := #in~handle;~value := #in~value; {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L290 TraceCheckUtils]: 90: Hoare triple {10741#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10741#false} is VALID [2022-02-20 18:02:05,012 INFO L290 TraceCheckUtils]: 91: Hoare triple {10741#false} assume true; {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {10741#false} {10741#false} #1133#return; {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L290 TraceCheckUtils]: 93: Hoare triple {10741#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L272 TraceCheckUtils]: 94: Hoare triple {10741#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L290 TraceCheckUtils]: 95: Hoare triple {10741#false} ~handle := #in~handle;havoc ~retValue_acc~12; {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L290 TraceCheckUtils]: 96: Hoare triple {10741#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L290 TraceCheckUtils]: 97: Hoare triple {10741#false} assume true; {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {10741#false} {10741#false} #1135#return; {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L290 TraceCheckUtils]: 99: Hoare triple {10741#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {10741#false} is VALID [2022-02-20 18:02:05,013 INFO L272 TraceCheckUtils]: 100: Hoare triple {10741#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {10741#false} is VALID [2022-02-20 18:02:05,014 INFO L290 TraceCheckUtils]: 101: Hoare triple {10741#false} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {10741#false} is VALID [2022-02-20 18:02:05,014 INFO L290 TraceCheckUtils]: 102: Hoare triple {10741#false} assume true; {10741#false} is VALID [2022-02-20 18:02:05,014 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {10741#false} {10741#false} #1137#return; {10741#false} is VALID [2022-02-20 18:02:05,014 INFO L290 TraceCheckUtils]: 104: Hoare triple {10741#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {10741#false} is VALID [2022-02-20 18:02:05,014 INFO L290 TraceCheckUtils]: 105: Hoare triple {10741#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {10741#false} is VALID [2022-02-20 18:02:05,014 INFO L290 TraceCheckUtils]: 106: Hoare triple {10741#false} assume !false; {10741#false} is VALID [2022-02-20 18:02:05,014 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:02:05,014 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:05,015 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1824985169] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:05,015 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:05,015 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:02:05,015 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1550451079] [2022-02-20 18:02:05,015 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:05,016 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 107 [2022-02-20 18:02:05,016 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:05,016 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:05,103 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:05,103 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:05,103 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:05,104 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:05,104 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:02:05,104 INFO L87 Difference]: Start difference. First operand 426 states and 667 transitions. Second operand has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:06,118 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:06,118 INFO L93 Difference]: Finished difference Result 841 states and 1323 transitions. [2022-02-20 18:02:06,118 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:02:06,119 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 107 [2022-02-20 18:02:06,119 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:06,119 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:06,127 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1079 transitions. [2022-02-20 18:02:06,127 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:06,135 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1079 transitions. [2022-02-20 18:02:06,135 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1079 transitions. [2022-02-20 18:02:06,814 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1079 edges. 1079 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:06,826 INFO L225 Difference]: With dead ends: 841 [2022-02-20 18:02:06,826 INFO L226 Difference]: Without dead ends: 428 [2022-02-20 18:02:06,828 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 137 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:02:06,828 INFO L933 BasicCegarLoop]: 534 mSDtfsCounter, 151 mSDsluCounter, 1425 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 174 SdHoareTripleChecker+Valid, 1959 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:06,828 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [174 Valid, 1959 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:06,829 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 428 states. [2022-02-20 18:02:06,932 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 428 to 428. [2022-02-20 18:02:06,932 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:06,933 INFO L82 GeneralOperation]: Start isEquivalent. First operand 428 states. Second operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:02:06,934 INFO L74 IsIncluded]: Start isIncluded. First operand 428 states. Second operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:02:06,935 INFO L87 Difference]: Start difference. First operand 428 states. Second operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:02:06,946 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:06,947 INFO L93 Difference]: Finished difference Result 428 states and 673 transitions. [2022-02-20 18:02:06,947 INFO L276 IsEmpty]: Start isEmpty. Operand 428 states and 673 transitions. [2022-02-20 18:02:06,948 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:06,948 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:06,949 INFO L74 IsIncluded]: Start isIncluded. First operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) Second operand 428 states. [2022-02-20 18:02:06,950 INFO L87 Difference]: Start difference. First operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) Second operand 428 states. [2022-02-20 18:02:06,961 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:06,961 INFO L93 Difference]: Finished difference Result 428 states and 673 transitions. [2022-02-20 18:02:06,961 INFO L276 IsEmpty]: Start isEmpty. Operand 428 states and 673 transitions. [2022-02-20 18:02:06,962 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:06,962 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:06,962 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:06,962 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:06,964 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:02:06,983 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 428 states to 428 states and 673 transitions. [2022-02-20 18:02:06,984 INFO L78 Accepts]: Start accepts. Automaton has 428 states and 673 transitions. Word has length 107 [2022-02-20 18:02:06,984 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:06,985 INFO L470 AbstractCegarLoop]: Abstraction has 428 states and 673 transitions. [2022-02-20 18:02:06,985 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:06,985 INFO L276 IsEmpty]: Start isEmpty. Operand 428 states and 673 transitions. [2022-02-20 18:02:06,986 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 18:02:06,986 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:06,986 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:07,008 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:07,211 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:07,211 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:07,212 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:07,212 INFO L85 PathProgramCache]: Analyzing trace with hash -1521378202, now seen corresponding path program 1 times [2022-02-20 18:02:07,212 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:07,212 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [147390281] [2022-02-20 18:02:07,212 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:07,212 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:07,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:07,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,277 INFO L290 TraceCheckUtils]: 0: Hoare triple {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,278 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,278 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,278 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13735#true} {13735#true} #1151#return; {13735#true} is VALID [2022-02-20 18:02:07,282 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:07,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,295 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,295 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13735#true} {13735#true} #1153#return; {13735#true} is VALID [2022-02-20 18:02:07,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:07,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,299 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume !(1 == ~handle); {13735#true} is VALID [2022-02-20 18:02:07,299 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,299 INFO L290 TraceCheckUtils]: 3: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,299 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13735#true} {13735#true} #1155#return; {13735#true} is VALID [2022-02-20 18:02:07,299 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:07,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume !(1 == ~handle); {13735#true} is VALID [2022-02-20 18:02:07,306 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,306 INFO L290 TraceCheckUtils]: 3: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,306 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13735#true} {13735#true} #1157#return; {13735#true} is VALID [2022-02-20 18:02:07,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:07,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13789#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:07,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {13789#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13790#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:07,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {13790#(= |setClientId_#in~handle| 1)} assume true; {13790#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:07,322 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13790#(= |setClientId_#in~handle| 1)} {13755#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1159#return; {13736#false} is VALID [2022-02-20 18:02:07,323 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:07,324 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,327 INFO L290 TraceCheckUtils]: 0: Hoare triple {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,327 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,327 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,327 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13735#true} {13736#false} #1161#return; {13736#false} is VALID [2022-02-20 18:02:07,332 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:02:07,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {13791#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,337 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13735#true} {13736#false} #1119#return; {13736#false} is VALID [2022-02-20 18:02:07,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:02:07,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {13792#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,349 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13735#true} {13736#false} #1121#return; {13736#false} is VALID [2022-02-20 18:02:07,349 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:02:07,350 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {13735#true} ~handle := #in~handle;havoc ~retValue_acc~25; {13735#true} is VALID [2022-02-20 18:02:07,352 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {13735#true} is VALID [2022-02-20 18:02:07,352 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,352 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13735#true} {13736#false} #1101#return; {13736#false} is VALID [2022-02-20 18:02:07,352 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:02:07,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {13791#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,356 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,356 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13735#true} {13736#false} #1133#return; {13736#false} is VALID [2022-02-20 18:02:07,356 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:02:07,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,359 INFO L290 TraceCheckUtils]: 0: Hoare triple {13735#true} ~handle := #in~handle;havoc ~retValue_acc~12; {13735#true} is VALID [2022-02-20 18:02:07,359 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {13735#true} is VALID [2022-02-20 18:02:07,360 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,360 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13735#true} {13736#false} #1135#return; {13736#false} is VALID [2022-02-20 18:02:07,360 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:07,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:07,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {13735#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {13735#true} is VALID [2022-02-20 18:02:07,365 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,365 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13735#true} {13736#false} #1137#return; {13736#false} is VALID [2022-02-20 18:02:07,365 INFO L290 TraceCheckUtils]: 0: Hoare triple {13735#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {13735#true} is VALID [2022-02-20 18:02:07,365 INFO L290 TraceCheckUtils]: 1: Hoare triple {13735#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {13735#true} is VALID [2022-02-20 18:02:07,365 INFO L290 TraceCheckUtils]: 2: Hoare triple {13735#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13735#true} is VALID [2022-02-20 18:02:07,365 INFO L290 TraceCheckUtils]: 3: Hoare triple {13735#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {13735#true} is VALID [2022-02-20 18:02:07,366 INFO L290 TraceCheckUtils]: 4: Hoare triple {13735#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {13735#true} is VALID [2022-02-20 18:02:07,366 INFO L290 TraceCheckUtils]: 5: Hoare triple {13735#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13735#true} is VALID [2022-02-20 18:02:07,366 INFO L272 TraceCheckUtils]: 6: Hoare triple {13735#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:07,367 INFO L290 TraceCheckUtils]: 7: Hoare triple {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,367 INFO L290 TraceCheckUtils]: 8: Hoare triple {13735#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,367 INFO L290 TraceCheckUtils]: 9: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,367 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13735#true} {13735#true} #1151#return; {13735#true} is VALID [2022-02-20 18:02:07,367 INFO L290 TraceCheckUtils]: 11: Hoare triple {13735#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13735#true} is VALID [2022-02-20 18:02:07,368 INFO L272 TraceCheckUtils]: 12: Hoare triple {13735#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:07,368 INFO L290 TraceCheckUtils]: 13: Hoare triple {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,368 INFO L290 TraceCheckUtils]: 14: Hoare triple {13735#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,368 INFO L290 TraceCheckUtils]: 15: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,368 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13735#true} {13735#true} #1153#return; {13735#true} is VALID [2022-02-20 18:02:07,368 INFO L290 TraceCheckUtils]: 17: Hoare triple {13735#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13735#true} is VALID [2022-02-20 18:02:07,369 INFO L272 TraceCheckUtils]: 18: Hoare triple {13735#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:07,369 INFO L290 TraceCheckUtils]: 19: Hoare triple {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,369 INFO L290 TraceCheckUtils]: 20: Hoare triple {13735#true} assume !(1 == ~handle); {13735#true} is VALID [2022-02-20 18:02:07,369 INFO L290 TraceCheckUtils]: 21: Hoare triple {13735#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,370 INFO L290 TraceCheckUtils]: 22: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,370 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13735#true} {13735#true} #1155#return; {13735#true} is VALID [2022-02-20 18:02:07,370 INFO L290 TraceCheckUtils]: 24: Hoare triple {13735#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {13735#true} is VALID [2022-02-20 18:02:07,370 INFO L272 TraceCheckUtils]: 25: Hoare triple {13735#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:07,371 INFO L290 TraceCheckUtils]: 26: Hoare triple {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,371 INFO L290 TraceCheckUtils]: 27: Hoare triple {13735#true} assume !(1 == ~handle); {13735#true} is VALID [2022-02-20 18:02:07,371 INFO L290 TraceCheckUtils]: 28: Hoare triple {13735#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,371 INFO L290 TraceCheckUtils]: 29: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,371 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13735#true} {13735#true} #1157#return; {13735#true} is VALID [2022-02-20 18:02:07,372 INFO L290 TraceCheckUtils]: 31: Hoare triple {13735#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13755#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:07,372 INFO L272 TraceCheckUtils]: 32: Hoare triple {13755#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:07,373 INFO L290 TraceCheckUtils]: 33: Hoare triple {13787#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13789#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:07,373 INFO L290 TraceCheckUtils]: 34: Hoare triple {13789#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13790#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:07,373 INFO L290 TraceCheckUtils]: 35: Hoare triple {13790#(= |setClientId_#in~handle| 1)} assume true; {13790#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:07,374 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13790#(= |setClientId_#in~handle| 1)} {13755#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1159#return; {13736#false} is VALID [2022-02-20 18:02:07,374 INFO L290 TraceCheckUtils]: 37: Hoare triple {13736#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13736#false} is VALID [2022-02-20 18:02:07,374 INFO L272 TraceCheckUtils]: 38: Hoare triple {13736#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:07,374 INFO L290 TraceCheckUtils]: 39: Hoare triple {13788#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,374 INFO L290 TraceCheckUtils]: 40: Hoare triple {13735#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,374 INFO L290 TraceCheckUtils]: 41: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,375 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {13735#true} {13736#false} #1161#return; {13736#false} is VALID [2022-02-20 18:02:07,375 INFO L290 TraceCheckUtils]: 43: Hoare triple {13736#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {13736#false} is VALID [2022-02-20 18:02:07,375 INFO L290 TraceCheckUtils]: 44: Hoare triple {13736#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13736#false} is VALID [2022-02-20 18:02:07,375 INFO L290 TraceCheckUtils]: 45: Hoare triple {13736#false} assume !false; {13736#false} is VALID [2022-02-20 18:02:07,375 INFO L290 TraceCheckUtils]: 46: Hoare triple {13736#false} assume test_~splverifierCounter~0#1 < 4; {13736#false} is VALID [2022-02-20 18:02:07,375 INFO L290 TraceCheckUtils]: 47: Hoare triple {13736#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 48: Hoare triple {13736#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 49: Hoare triple {13736#false} assume !(0 != test_~tmp___9~0#1); {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 50: Hoare triple {13736#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 51: Hoare triple {13736#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 52: Hoare triple {13736#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 53: Hoare triple {13736#false} assume { :end_inline_setClientAutoResponse } true; {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 54: Hoare triple {13736#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 55: Hoare triple {13736#false} assume !false; {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 56: Hoare triple {13736#false} assume !(test_~splverifierCounter~0#1 < 4); {13736#false} is VALID [2022-02-20 18:02:07,376 INFO L290 TraceCheckUtils]: 57: Hoare triple {13736#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {13736#false} is VALID [2022-02-20 18:02:07,377 INFO L272 TraceCheckUtils]: 58: Hoare triple {13736#false} call sendEmail(~bob~0, ~rjh~0); {13736#false} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 59: Hoare triple {13736#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13736#false} is VALID [2022-02-20 18:02:07,377 INFO L272 TraceCheckUtils]: 60: Hoare triple {13736#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13791#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 61: Hoare triple {13791#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 62: Hoare triple {13735#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 63: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,377 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {13735#true} {13736#false} #1119#return; {13736#false} is VALID [2022-02-20 18:02:07,377 INFO L272 TraceCheckUtils]: 65: Hoare triple {13736#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13792#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 66: Hoare triple {13792#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 67: Hoare triple {13735#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 68: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,377 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {13735#true} {13736#false} #1121#return; {13736#false} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 70: Hoare triple {13736#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {13736#false} is VALID [2022-02-20 18:02:07,377 INFO L290 TraceCheckUtils]: 71: Hoare triple {13736#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {13736#false} is VALID [2022-02-20 18:02:07,378 INFO L272 TraceCheckUtils]: 72: Hoare triple {13736#false} call outgoing(~sender#1, ~email~0#1); {13736#false} is VALID [2022-02-20 18:02:07,378 INFO L290 TraceCheckUtils]: 73: Hoare triple {13736#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {13736#false} is VALID [2022-02-20 18:02:07,378 INFO L290 TraceCheckUtils]: 74: Hoare triple {13736#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {13736#false} is VALID [2022-02-20 18:02:07,378 INFO L290 TraceCheckUtils]: 75: Hoare triple {13736#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {13736#false} is VALID [2022-02-20 18:02:07,378 INFO L290 TraceCheckUtils]: 76: Hoare triple {13736#false} assume 0 == sign_~privkey~0#1; {13736#false} is VALID [2022-02-20 18:02:07,378 INFO L290 TraceCheckUtils]: 77: Hoare triple {13736#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {13736#false} is VALID [2022-02-20 18:02:07,378 INFO L272 TraceCheckUtils]: 78: Hoare triple {13736#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {13735#true} is VALID [2022-02-20 18:02:07,379 INFO L290 TraceCheckUtils]: 79: Hoare triple {13735#true} ~handle := #in~handle;havoc ~retValue_acc~25; {13735#true} is VALID [2022-02-20 18:02:07,379 INFO L290 TraceCheckUtils]: 80: Hoare triple {13735#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {13735#true} is VALID [2022-02-20 18:02:07,379 INFO L290 TraceCheckUtils]: 81: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,379 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {13735#true} {13736#false} #1101#return; {13736#false} is VALID [2022-02-20 18:02:07,379 INFO L290 TraceCheckUtils]: 83: Hoare triple {13736#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {13736#false} is VALID [2022-02-20 18:02:07,380 INFO L290 TraceCheckUtils]: 84: Hoare triple {13736#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {13736#false} is VALID [2022-02-20 18:02:07,380 INFO L272 TraceCheckUtils]: 85: Hoare triple {13736#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {13736#false} is VALID [2022-02-20 18:02:07,380 INFO L290 TraceCheckUtils]: 86: Hoare triple {13736#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {13736#false} is VALID [2022-02-20 18:02:07,380 INFO L290 TraceCheckUtils]: 87: Hoare triple {13736#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {13736#false} is VALID [2022-02-20 18:02:07,380 INFO L290 TraceCheckUtils]: 88: Hoare triple {13736#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {13736#false} is VALID [2022-02-20 18:02:07,380 INFO L272 TraceCheckUtils]: 89: Hoare triple {13736#false} call setEmailFrom(~msg#1, ~tmp~1#1); {13791#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:07,380 INFO L290 TraceCheckUtils]: 90: Hoare triple {13791#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13735#true} is VALID [2022-02-20 18:02:07,381 INFO L290 TraceCheckUtils]: 91: Hoare triple {13735#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13735#true} is VALID [2022-02-20 18:02:07,381 INFO L290 TraceCheckUtils]: 92: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,381 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {13735#true} {13736#false} #1133#return; {13736#false} is VALID [2022-02-20 18:02:07,381 INFO L290 TraceCheckUtils]: 94: Hoare triple {13736#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {13736#false} is VALID [2022-02-20 18:02:07,381 INFO L272 TraceCheckUtils]: 95: Hoare triple {13736#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {13735#true} is VALID [2022-02-20 18:02:07,381 INFO L290 TraceCheckUtils]: 96: Hoare triple {13735#true} ~handle := #in~handle;havoc ~retValue_acc~12; {13735#true} is VALID [2022-02-20 18:02:07,381 INFO L290 TraceCheckUtils]: 97: Hoare triple {13735#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {13735#true} is VALID [2022-02-20 18:02:07,381 INFO L290 TraceCheckUtils]: 98: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,382 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {13735#true} {13736#false} #1135#return; {13736#false} is VALID [2022-02-20 18:02:07,382 INFO L290 TraceCheckUtils]: 100: Hoare triple {13736#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {13736#false} is VALID [2022-02-20 18:02:07,382 INFO L272 TraceCheckUtils]: 101: Hoare triple {13736#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {13735#true} is VALID [2022-02-20 18:02:07,382 INFO L290 TraceCheckUtils]: 102: Hoare triple {13735#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {13735#true} is VALID [2022-02-20 18:02:07,382 INFO L290 TraceCheckUtils]: 103: Hoare triple {13735#true} assume true; {13735#true} is VALID [2022-02-20 18:02:07,382 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {13735#true} {13736#false} #1137#return; {13736#false} is VALID [2022-02-20 18:02:07,382 INFO L290 TraceCheckUtils]: 105: Hoare triple {13736#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {13736#false} is VALID [2022-02-20 18:02:07,382 INFO L290 TraceCheckUtils]: 106: Hoare triple {13736#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {13736#false} is VALID [2022-02-20 18:02:07,383 INFO L290 TraceCheckUtils]: 107: Hoare triple {13736#false} assume !false; {13736#false} is VALID [2022-02-20 18:02:07,383 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:02:07,383 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:07,383 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [147390281] [2022-02-20 18:02:07,383 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [147390281] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:07,384 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:07,384 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:07,384 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1821969384] [2022-02-20 18:02:07,384 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:07,384 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 108 [2022-02-20 18:02:07,385 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:07,385 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:07,453 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:07,453 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:07,453 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:07,454 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:07,454 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:07,454 INFO L87 Difference]: Start difference. First operand 428 states and 673 transitions. Second operand has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:14,071 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:14,072 INFO L93 Difference]: Finished difference Result 953 states and 1523 transitions. [2022-02-20 18:02:14,072 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:02:14,074 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 108 [2022-02-20 18:02:14,075 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:14,075 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:14,117 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1271 transitions. [2022-02-20 18:02:14,117 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:14,128 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1271 transitions. [2022-02-20 18:02:14,128 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1271 transitions. [2022-02-20 18:02:15,139 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1271 edges. 1271 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:15,161 INFO L225 Difference]: With dead ends: 953 [2022-02-20 18:02:15,161 INFO L226 Difference]: Without dead ends: 548 [2022-02-20 18:02:15,162 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:15,164 INFO L933 BasicCegarLoop]: 615 mSDtfsCounter, 1330 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 1971 mSolverCounterSat, 421 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1351 SdHoareTripleChecker+Valid, 1601 SdHoareTripleChecker+Invalid, 2392 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 421 IncrementalHoareTripleChecker+Valid, 1971 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:15,164 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1351 Valid, 1601 Invalid, 2392 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [421 Valid, 1971 Invalid, 0 Unknown, 0 Unchecked, 2.9s Time] [2022-02-20 18:02:15,165 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 548 states. [2022-02-20 18:02:15,257 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 548 to 428. [2022-02-20 18:02:15,257 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:15,259 INFO L82 GeneralOperation]: Start isEquivalent. First operand 548 states. Second operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (69), 62 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 18:02:15,260 INFO L74 IsIncluded]: Start isIncluded. First operand 548 states. Second operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (69), 62 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 18:02:15,260 INFO L87 Difference]: Start difference. First operand 548 states. Second operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (69), 62 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 18:02:15,276 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:15,276 INFO L93 Difference]: Finished difference Result 548 states and 881 transitions. [2022-02-20 18:02:15,276 INFO L276 IsEmpty]: Start isEmpty. Operand 548 states and 881 transitions. [2022-02-20 18:02:15,280 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:15,280 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:15,281 INFO L74 IsIncluded]: Start isIncluded. First operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (69), 62 states have call predecessors, (69), 63 states have call successors, (69) Second operand 548 states. [2022-02-20 18:02:15,283 INFO L87 Difference]: Start difference. First operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (69), 62 states have call predecessors, (69), 63 states have call successors, (69) Second operand 548 states. [2022-02-20 18:02:15,297 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:15,298 INFO L93 Difference]: Finished difference Result 548 states and 881 transitions. [2022-02-20 18:02:15,298 INFO L276 IsEmpty]: Start isEmpty. Operand 548 states and 881 transitions. [2022-02-20 18:02:15,300 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:15,300 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:15,300 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:15,300 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:15,302 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 428 states, 340 states have (on average 1.5852941176470587) internal successors, (539), 344 states have internal predecessors, (539), 64 states have call successors, (64), 21 states have call predecessors, (64), 23 states have return successors, (69), 62 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 18:02:15,312 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 428 states to 428 states and 672 transitions. [2022-02-20 18:02:15,313 INFO L78 Accepts]: Start accepts. Automaton has 428 states and 672 transitions. Word has length 108 [2022-02-20 18:02:15,313 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:15,313 INFO L470 AbstractCegarLoop]: Abstraction has 428 states and 672 transitions. [2022-02-20 18:02:15,314 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:15,314 INFO L276 IsEmpty]: Start isEmpty. Operand 428 states and 672 transitions. [2022-02-20 18:02:15,315 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 18:02:15,315 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:15,315 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:15,315 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:02:15,316 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:15,316 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:15,316 INFO L85 PathProgramCache]: Analyzing trace with hash -1922641764, now seen corresponding path program 2 times [2022-02-20 18:02:15,316 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:15,316 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [859866399] [2022-02-20 18:02:15,316 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:15,316 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:15,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:15,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,383 INFO L290 TraceCheckUtils]: 0: Hoare triple {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,383 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,383 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,383 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16827#true} {16827#true} #1151#return; {16827#true} is VALID [2022-02-20 18:02:15,388 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:15,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,394 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,394 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,394 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16827#true} {16827#true} #1153#return; {16827#true} is VALID [2022-02-20 18:02:15,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:15,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume !(1 == ~handle); {16827#true} is VALID [2022-02-20 18:02:15,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,400 INFO L290 TraceCheckUtils]: 3: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,400 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16827#true} {16827#true} #1155#return; {16827#true} is VALID [2022-02-20 18:02:15,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:15,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,407 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume !(1 == ~handle); {16827#true} is VALID [2022-02-20 18:02:15,407 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,407 INFO L290 TraceCheckUtils]: 3: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,407 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16827#true} {16827#true} #1157#return; {16827#true} is VALID [2022-02-20 18:02:15,407 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:15,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,420 INFO L290 TraceCheckUtils]: 0: Hoare triple {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16882#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:15,421 INFO L290 TraceCheckUtils]: 1: Hoare triple {16882#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16882#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:15,421 INFO L290 TraceCheckUtils]: 2: Hoare triple {16882#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16883#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:15,422 INFO L290 TraceCheckUtils]: 3: Hoare triple {16883#(= 2 |setClientId_#in~handle|)} assume true; {16883#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:15,422 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16883#(= 2 |setClientId_#in~handle|)} {16847#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1159#return; {16828#false} is VALID [2022-02-20 18:02:15,422 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:02:15,424 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,426 INFO L290 TraceCheckUtils]: 0: Hoare triple {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,426 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,426 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,426 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16827#true} {16828#false} #1161#return; {16828#false} is VALID [2022-02-20 18:02:15,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:15,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,434 INFO L290 TraceCheckUtils]: 0: Hoare triple {16884#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,434 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16827#true} {16828#false} #1119#return; {16828#false} is VALID [2022-02-20 18:02:15,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:02:15,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,442 INFO L290 TraceCheckUtils]: 0: Hoare triple {16885#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,442 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,442 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,443 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16827#true} {16828#false} #1121#return; {16828#false} is VALID [2022-02-20 18:02:15,443 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:02:15,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,446 INFO L290 TraceCheckUtils]: 0: Hoare triple {16827#true} ~handle := #in~handle;havoc ~retValue_acc~25; {16827#true} is VALID [2022-02-20 18:02:15,446 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {16827#true} is VALID [2022-02-20 18:02:15,447 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,447 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16827#true} {16828#false} #1101#return; {16828#false} is VALID [2022-02-20 18:02:15,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:02:15,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {16884#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,450 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16827#true} {16828#false} #1133#return; {16828#false} is VALID [2022-02-20 18:02:15,450 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:15,450 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {16827#true} ~handle := #in~handle;havoc ~retValue_acc~12; {16827#true} is VALID [2022-02-20 18:02:15,452 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {16827#true} is VALID [2022-02-20 18:02:15,452 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,452 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16827#true} {16828#false} #1135#return; {16828#false} is VALID [2022-02-20 18:02:15,452 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:15,453 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:15,455 INFO L290 TraceCheckUtils]: 0: Hoare triple {16827#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {16827#true} is VALID [2022-02-20 18:02:15,455 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,455 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16827#true} {16828#false} #1137#return; {16828#false} is VALID [2022-02-20 18:02:15,455 INFO L290 TraceCheckUtils]: 0: Hoare triple {16827#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {16827#true} is VALID [2022-02-20 18:02:15,456 INFO L290 TraceCheckUtils]: 1: Hoare triple {16827#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {16827#true} is VALID [2022-02-20 18:02:15,456 INFO L290 TraceCheckUtils]: 2: Hoare triple {16827#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16827#true} is VALID [2022-02-20 18:02:15,456 INFO L290 TraceCheckUtils]: 3: Hoare triple {16827#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {16827#true} is VALID [2022-02-20 18:02:15,456 INFO L290 TraceCheckUtils]: 4: Hoare triple {16827#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {16827#true} is VALID [2022-02-20 18:02:15,456 INFO L290 TraceCheckUtils]: 5: Hoare triple {16827#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16827#true} is VALID [2022-02-20 18:02:15,457 INFO L272 TraceCheckUtils]: 6: Hoare triple {16827#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:15,457 INFO L290 TraceCheckUtils]: 7: Hoare triple {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,457 INFO L290 TraceCheckUtils]: 8: Hoare triple {16827#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,457 INFO L290 TraceCheckUtils]: 9: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,457 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16827#true} {16827#true} #1151#return; {16827#true} is VALID [2022-02-20 18:02:15,457 INFO L290 TraceCheckUtils]: 11: Hoare triple {16827#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16827#true} is VALID [2022-02-20 18:02:15,458 INFO L272 TraceCheckUtils]: 12: Hoare triple {16827#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:15,458 INFO L290 TraceCheckUtils]: 13: Hoare triple {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,458 INFO L290 TraceCheckUtils]: 14: Hoare triple {16827#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,458 INFO L290 TraceCheckUtils]: 15: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,458 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16827#true} {16827#true} #1153#return; {16827#true} is VALID [2022-02-20 18:02:15,458 INFO L290 TraceCheckUtils]: 17: Hoare triple {16827#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16827#true} is VALID [2022-02-20 18:02:15,459 INFO L272 TraceCheckUtils]: 18: Hoare triple {16827#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:15,459 INFO L290 TraceCheckUtils]: 19: Hoare triple {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,459 INFO L290 TraceCheckUtils]: 20: Hoare triple {16827#true} assume !(1 == ~handle); {16827#true} is VALID [2022-02-20 18:02:15,459 INFO L290 TraceCheckUtils]: 21: Hoare triple {16827#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,459 INFO L290 TraceCheckUtils]: 22: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,459 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16827#true} {16827#true} #1155#return; {16827#true} is VALID [2022-02-20 18:02:15,459 INFO L290 TraceCheckUtils]: 24: Hoare triple {16827#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16827#true} is VALID [2022-02-20 18:02:15,460 INFO L272 TraceCheckUtils]: 25: Hoare triple {16827#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:15,460 INFO L290 TraceCheckUtils]: 26: Hoare triple {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,460 INFO L290 TraceCheckUtils]: 27: Hoare triple {16827#true} assume !(1 == ~handle); {16827#true} is VALID [2022-02-20 18:02:15,460 INFO L290 TraceCheckUtils]: 28: Hoare triple {16827#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,460 INFO L290 TraceCheckUtils]: 29: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,460 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16827#true} {16827#true} #1157#return; {16827#true} is VALID [2022-02-20 18:02:15,461 INFO L290 TraceCheckUtils]: 31: Hoare triple {16827#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16847#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:15,461 INFO L272 TraceCheckUtils]: 32: Hoare triple {16847#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:15,461 INFO L290 TraceCheckUtils]: 33: Hoare triple {16880#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16882#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:15,462 INFO L290 TraceCheckUtils]: 34: Hoare triple {16882#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16882#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:15,462 INFO L290 TraceCheckUtils]: 35: Hoare triple {16882#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16883#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:15,462 INFO L290 TraceCheckUtils]: 36: Hoare triple {16883#(= 2 |setClientId_#in~handle|)} assume true; {16883#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:15,463 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {16883#(= 2 |setClientId_#in~handle|)} {16847#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1159#return; {16828#false} is VALID [2022-02-20 18:02:15,463 INFO L290 TraceCheckUtils]: 38: Hoare triple {16828#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {16828#false} is VALID [2022-02-20 18:02:15,463 INFO L272 TraceCheckUtils]: 39: Hoare triple {16828#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:15,463 INFO L290 TraceCheckUtils]: 40: Hoare triple {16881#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,463 INFO L290 TraceCheckUtils]: 41: Hoare triple {16827#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,463 INFO L290 TraceCheckUtils]: 42: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,463 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {16827#true} {16828#false} #1161#return; {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 44: Hoare triple {16828#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 45: Hoare triple {16828#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 46: Hoare triple {16828#false} assume !false; {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 47: Hoare triple {16828#false} assume test_~splverifierCounter~0#1 < 4; {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 48: Hoare triple {16828#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 49: Hoare triple {16828#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 50: Hoare triple {16828#false} assume !(0 != test_~tmp___9~0#1); {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 51: Hoare triple {16828#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {16828#false} is VALID [2022-02-20 18:02:15,464 INFO L290 TraceCheckUtils]: 52: Hoare triple {16828#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L290 TraceCheckUtils]: 53: Hoare triple {16828#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L290 TraceCheckUtils]: 54: Hoare triple {16828#false} assume { :end_inline_setClientAutoResponse } true; {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L290 TraceCheckUtils]: 55: Hoare triple {16828#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L290 TraceCheckUtils]: 56: Hoare triple {16828#false} assume !false; {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L290 TraceCheckUtils]: 57: Hoare triple {16828#false} assume !(test_~splverifierCounter~0#1 < 4); {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L290 TraceCheckUtils]: 58: Hoare triple {16828#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L272 TraceCheckUtils]: 59: Hoare triple {16828#false} call sendEmail(~bob~0, ~rjh~0); {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L290 TraceCheckUtils]: 60: Hoare triple {16828#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16828#false} is VALID [2022-02-20 18:02:15,465 INFO L272 TraceCheckUtils]: 61: Hoare triple {16828#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16884#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:15,465 INFO L290 TraceCheckUtils]: 62: Hoare triple {16884#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,466 INFO L290 TraceCheckUtils]: 63: Hoare triple {16827#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,466 INFO L290 TraceCheckUtils]: 64: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,466 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {16827#true} {16828#false} #1119#return; {16828#false} is VALID [2022-02-20 18:02:15,466 INFO L272 TraceCheckUtils]: 66: Hoare triple {16828#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16885#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:15,466 INFO L290 TraceCheckUtils]: 67: Hoare triple {16885#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,466 INFO L290 TraceCheckUtils]: 68: Hoare triple {16827#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,466 INFO L290 TraceCheckUtils]: 69: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,466 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {16827#true} {16828#false} #1121#return; {16828#false} is VALID [2022-02-20 18:02:15,466 INFO L290 TraceCheckUtils]: 71: Hoare triple {16828#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {16828#false} is VALID [2022-02-20 18:02:15,467 INFO L290 TraceCheckUtils]: 72: Hoare triple {16828#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {16828#false} is VALID [2022-02-20 18:02:15,467 INFO L272 TraceCheckUtils]: 73: Hoare triple {16828#false} call outgoing(~sender#1, ~email~0#1); {16828#false} is VALID [2022-02-20 18:02:15,467 INFO L290 TraceCheckUtils]: 74: Hoare triple {16828#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {16828#false} is VALID [2022-02-20 18:02:15,467 INFO L290 TraceCheckUtils]: 75: Hoare triple {16828#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {16828#false} is VALID [2022-02-20 18:02:15,467 INFO L290 TraceCheckUtils]: 76: Hoare triple {16828#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {16828#false} is VALID [2022-02-20 18:02:15,467 INFO L290 TraceCheckUtils]: 77: Hoare triple {16828#false} assume 0 == sign_~privkey~0#1; {16828#false} is VALID [2022-02-20 18:02:15,467 INFO L290 TraceCheckUtils]: 78: Hoare triple {16828#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {16828#false} is VALID [2022-02-20 18:02:15,467 INFO L272 TraceCheckUtils]: 79: Hoare triple {16828#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {16827#true} is VALID [2022-02-20 18:02:15,467 INFO L290 TraceCheckUtils]: 80: Hoare triple {16827#true} ~handle := #in~handle;havoc ~retValue_acc~25; {16827#true} is VALID [2022-02-20 18:02:15,467 INFO L290 TraceCheckUtils]: 81: Hoare triple {16827#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {16827#true} is VALID [2022-02-20 18:02:15,468 INFO L290 TraceCheckUtils]: 82: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,468 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {16827#true} {16828#false} #1101#return; {16828#false} is VALID [2022-02-20 18:02:15,468 INFO L290 TraceCheckUtils]: 84: Hoare triple {16828#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {16828#false} is VALID [2022-02-20 18:02:15,468 INFO L290 TraceCheckUtils]: 85: Hoare triple {16828#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {16828#false} is VALID [2022-02-20 18:02:15,468 INFO L272 TraceCheckUtils]: 86: Hoare triple {16828#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {16828#false} is VALID [2022-02-20 18:02:15,468 INFO L290 TraceCheckUtils]: 87: Hoare triple {16828#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {16828#false} is VALID [2022-02-20 18:02:15,468 INFO L290 TraceCheckUtils]: 88: Hoare triple {16828#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {16828#false} is VALID [2022-02-20 18:02:15,468 INFO L290 TraceCheckUtils]: 89: Hoare triple {16828#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {16828#false} is VALID [2022-02-20 18:02:15,468 INFO L272 TraceCheckUtils]: 90: Hoare triple {16828#false} call setEmailFrom(~msg#1, ~tmp~1#1); {16884#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:15,469 INFO L290 TraceCheckUtils]: 91: Hoare triple {16884#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16827#true} is VALID [2022-02-20 18:02:15,469 INFO L290 TraceCheckUtils]: 92: Hoare triple {16827#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16827#true} is VALID [2022-02-20 18:02:15,469 INFO L290 TraceCheckUtils]: 93: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,469 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {16827#true} {16828#false} #1133#return; {16828#false} is VALID [2022-02-20 18:02:15,469 INFO L290 TraceCheckUtils]: 95: Hoare triple {16828#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {16828#false} is VALID [2022-02-20 18:02:15,469 INFO L272 TraceCheckUtils]: 96: Hoare triple {16828#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {16827#true} is VALID [2022-02-20 18:02:15,469 INFO L290 TraceCheckUtils]: 97: Hoare triple {16827#true} ~handle := #in~handle;havoc ~retValue_acc~12; {16827#true} is VALID [2022-02-20 18:02:15,469 INFO L290 TraceCheckUtils]: 98: Hoare triple {16827#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {16827#true} is VALID [2022-02-20 18:02:15,469 INFO L290 TraceCheckUtils]: 99: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,470 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {16827#true} {16828#false} #1135#return; {16828#false} is VALID [2022-02-20 18:02:15,470 INFO L290 TraceCheckUtils]: 101: Hoare triple {16828#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {16828#false} is VALID [2022-02-20 18:02:15,470 INFO L272 TraceCheckUtils]: 102: Hoare triple {16828#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {16827#true} is VALID [2022-02-20 18:02:15,470 INFO L290 TraceCheckUtils]: 103: Hoare triple {16827#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {16827#true} is VALID [2022-02-20 18:02:15,470 INFO L290 TraceCheckUtils]: 104: Hoare triple {16827#true} assume true; {16827#true} is VALID [2022-02-20 18:02:15,470 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {16827#true} {16828#false} #1137#return; {16828#false} is VALID [2022-02-20 18:02:15,470 INFO L290 TraceCheckUtils]: 106: Hoare triple {16828#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {16828#false} is VALID [2022-02-20 18:02:15,470 INFO L290 TraceCheckUtils]: 107: Hoare triple {16828#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {16828#false} is VALID [2022-02-20 18:02:15,470 INFO L290 TraceCheckUtils]: 108: Hoare triple {16828#false} assume !false; {16828#false} is VALID [2022-02-20 18:02:15,471 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:02:15,471 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:15,471 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [859866399] [2022-02-20 18:02:15,471 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [859866399] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:15,471 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:15,471 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:15,471 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2004256979] [2022-02-20 18:02:15,472 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:15,472 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 18:02:15,473 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:15,473 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:15,528 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:15,528 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:15,528 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:15,528 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:15,528 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:15,529 INFO L87 Difference]: Start difference. First operand 428 states and 672 transitions. Second operand has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:21,870 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:21,870 INFO L93 Difference]: Finished difference Result 955 states and 1526 transitions. [2022-02-20 18:02:21,870 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:02:21,871 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 18:02:21,871 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:21,871 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:21,879 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1272 transitions. [2022-02-20 18:02:21,880 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:21,889 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1272 transitions. [2022-02-20 18:02:21,890 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1272 transitions. [2022-02-20 18:02:22,939 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1272 edges. 1272 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:22,963 INFO L225 Difference]: With dead ends: 955 [2022-02-20 18:02:22,963 INFO L226 Difference]: Without dead ends: 550 [2022-02-20 18:02:22,964 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:22,965 INFO L933 BasicCegarLoop]: 616 mSDtfsCounter, 1326 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 1980 mSolverCounterSat, 428 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1346 SdHoareTripleChecker+Valid, 1602 SdHoareTripleChecker+Invalid, 2408 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 428 IncrementalHoareTripleChecker+Valid, 1980 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:22,966 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1346 Valid, 1602 Invalid, 2408 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [428 Valid, 1980 Invalid, 0 Unknown, 0 Unchecked, 2.8s Time] [2022-02-20 18:02:22,967 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 550 states. [2022-02-20 18:02:23,047 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 550 to 430. [2022-02-20 18:02:23,047 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:23,048 INFO L82 GeneralOperation]: Start isEquivalent. First operand 550 states. Second operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (71), 62 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 18:02:23,049 INFO L74 IsIncluded]: Start isIncluded. First operand 550 states. Second operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (71), 62 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 18:02:23,050 INFO L87 Difference]: Start difference. First operand 550 states. Second operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (71), 62 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 18:02:23,064 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:23,064 INFO L93 Difference]: Finished difference Result 550 states and 884 transitions. [2022-02-20 18:02:23,064 INFO L276 IsEmpty]: Start isEmpty. Operand 550 states and 884 transitions. [2022-02-20 18:02:23,066 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:23,066 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:23,068 INFO L74 IsIncluded]: Start isIncluded. First operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (71), 62 states have call predecessors, (71), 63 states have call successors, (71) Second operand 550 states. [2022-02-20 18:02:23,080 INFO L87 Difference]: Start difference. First operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (71), 62 states have call predecessors, (71), 63 states have call successors, (71) Second operand 550 states. [2022-02-20 18:02:23,094 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:23,095 INFO L93 Difference]: Finished difference Result 550 states and 884 transitions. [2022-02-20 18:02:23,095 INFO L276 IsEmpty]: Start isEmpty. Operand 550 states and 884 transitions. [2022-02-20 18:02:23,097 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:23,097 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:23,097 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:23,098 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:23,099 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (71), 62 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 18:02:23,109 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 430 states to 430 states and 675 transitions. [2022-02-20 18:02:23,110 INFO L78 Accepts]: Start accepts. Automaton has 430 states and 675 transitions. Word has length 109 [2022-02-20 18:02:23,110 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:23,110 INFO L470 AbstractCegarLoop]: Abstraction has 430 states and 675 transitions. [2022-02-20 18:02:23,110 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:23,110 INFO L276 IsEmpty]: Start isEmpty. Operand 430 states and 675 transitions. [2022-02-20 18:02:23,112 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2022-02-20 18:02:23,112 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:23,112 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:23,112 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:02:23,113 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:23,113 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:23,113 INFO L85 PathProgramCache]: Analyzing trace with hash 741146817, now seen corresponding path program 1 times [2022-02-20 18:02:23,113 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:23,113 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1090118182] [2022-02-20 18:02:23,113 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:23,114 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:23,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:23,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,180 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,180 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19928#true} {19928#true} #1151#return; {19928#true} is VALID [2022-02-20 18:02:23,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:23,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,218 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,219 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,219 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,219 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19928#true} {19928#true} #1153#return; {19928#true} is VALID [2022-02-20 18:02:23,219 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:23,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,222 INFO L290 TraceCheckUtils]: 0: Hoare triple {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,222 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume !(1 == ~handle); {19928#true} is VALID [2022-02-20 18:02:23,222 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,222 INFO L290 TraceCheckUtils]: 3: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,222 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19928#true} {19928#true} #1155#return; {19928#true} is VALID [2022-02-20 18:02:23,223 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:23,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume !(1 == ~handle); {19928#true} is VALID [2022-02-20 18:02:23,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,232 INFO L290 TraceCheckUtils]: 3: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,232 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19928#true} {19928#true} #1157#return; {19928#true} is VALID [2022-02-20 18:02:23,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:23,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,261 INFO L290 TraceCheckUtils]: 0: Hoare triple {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19985#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,261 INFO L290 TraceCheckUtils]: 1: Hoare triple {19985#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19985#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,261 INFO L290 TraceCheckUtils]: 2: Hoare triple {19985#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19985#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,262 INFO L290 TraceCheckUtils]: 3: Hoare triple {19985#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19986#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,262 INFO L290 TraceCheckUtils]: 4: Hoare triple {19986#(= 3 |setClientId_#in~handle|)} assume true; {19986#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,262 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19986#(= 3 |setClientId_#in~handle|)} {19948#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1159#return; {19955#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:23,262 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:23,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,281 INFO L290 TraceCheckUtils]: 0: Hoare triple {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19987#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:23,282 INFO L290 TraceCheckUtils]: 1: Hoare triple {19987#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19988#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:23,282 INFO L290 TraceCheckUtils]: 2: Hoare triple {19988#(= |setClientPrivateKey_#in~handle| 1)} assume true; {19988#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:23,282 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19988#(= |setClientPrivateKey_#in~handle| 1)} {19955#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1161#return; {19929#false} is VALID [2022-02-20 18:02:23,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:02:23,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,291 INFO L290 TraceCheckUtils]: 0: Hoare triple {19989#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,291 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,291 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,291 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19928#true} {19929#false} #1119#return; {19929#false} is VALID [2022-02-20 18:02:23,298 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:02:23,298 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,300 INFO L290 TraceCheckUtils]: 0: Hoare triple {19990#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,300 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19928#true} {19929#false} #1121#return; {19929#false} is VALID [2022-02-20 18:02:23,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:02:23,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,302 INFO L290 TraceCheckUtils]: 0: Hoare triple {19928#true} ~handle := #in~handle;havoc ~retValue_acc~25; {19928#true} is VALID [2022-02-20 18:02:23,302 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {19928#true} is VALID [2022-02-20 18:02:23,302 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,302 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19928#true} {19929#false} #1101#return; {19929#false} is VALID [2022-02-20 18:02:23,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:02:23,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,305 INFO L290 TraceCheckUtils]: 0: Hoare triple {19989#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,305 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,305 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,306 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19928#true} {19929#false} #1133#return; {19929#false} is VALID [2022-02-20 18:02:23,306 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:02:23,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {19928#true} ~handle := #in~handle;havoc ~retValue_acc~12; {19928#true} is VALID [2022-02-20 18:02:23,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {19928#true} is VALID [2022-02-20 18:02:23,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,308 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19928#true} {19929#false} #1135#return; {19929#false} is VALID [2022-02-20 18:02:23,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:02:23,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,310 INFO L290 TraceCheckUtils]: 0: Hoare triple {19928#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {19928#true} is VALID [2022-02-20 18:02:23,310 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,310 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {19928#true} {19929#false} #1137#return; {19929#false} is VALID [2022-02-20 18:02:23,310 INFO L290 TraceCheckUtils]: 0: Hoare triple {19928#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {19928#true} is VALID [2022-02-20 18:02:23,310 INFO L290 TraceCheckUtils]: 1: Hoare triple {19928#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {19928#true} is VALID [2022-02-20 18:02:23,311 INFO L290 TraceCheckUtils]: 2: Hoare triple {19928#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19928#true} is VALID [2022-02-20 18:02:23,311 INFO L290 TraceCheckUtils]: 3: Hoare triple {19928#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {19928#true} is VALID [2022-02-20 18:02:23,311 INFO L290 TraceCheckUtils]: 4: Hoare triple {19928#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {19928#true} is VALID [2022-02-20 18:02:23,311 INFO L290 TraceCheckUtils]: 5: Hoare triple {19928#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19928#true} is VALID [2022-02-20 18:02:23,311 INFO L272 TraceCheckUtils]: 6: Hoare triple {19928#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:23,311 INFO L290 TraceCheckUtils]: 7: Hoare triple {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,312 INFO L290 TraceCheckUtils]: 8: Hoare triple {19928#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,312 INFO L290 TraceCheckUtils]: 9: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,312 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19928#true} {19928#true} #1151#return; {19928#true} is VALID [2022-02-20 18:02:23,312 INFO L290 TraceCheckUtils]: 11: Hoare triple {19928#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19928#true} is VALID [2022-02-20 18:02:23,312 INFO L272 TraceCheckUtils]: 12: Hoare triple {19928#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:23,312 INFO L290 TraceCheckUtils]: 13: Hoare triple {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,313 INFO L290 TraceCheckUtils]: 14: Hoare triple {19928#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,313 INFO L290 TraceCheckUtils]: 15: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,313 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19928#true} {19928#true} #1153#return; {19928#true} is VALID [2022-02-20 18:02:23,313 INFO L290 TraceCheckUtils]: 17: Hoare triple {19928#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19928#true} is VALID [2022-02-20 18:02:23,313 INFO L272 TraceCheckUtils]: 18: Hoare triple {19928#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:23,313 INFO L290 TraceCheckUtils]: 19: Hoare triple {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,314 INFO L290 TraceCheckUtils]: 20: Hoare triple {19928#true} assume !(1 == ~handle); {19928#true} is VALID [2022-02-20 18:02:23,314 INFO L290 TraceCheckUtils]: 21: Hoare triple {19928#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,314 INFO L290 TraceCheckUtils]: 22: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,314 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19928#true} {19928#true} #1155#return; {19928#true} is VALID [2022-02-20 18:02:23,314 INFO L290 TraceCheckUtils]: 24: Hoare triple {19928#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19928#true} is VALID [2022-02-20 18:02:23,314 INFO L272 TraceCheckUtils]: 25: Hoare triple {19928#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:23,314 INFO L290 TraceCheckUtils]: 26: Hoare triple {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,315 INFO L290 TraceCheckUtils]: 27: Hoare triple {19928#true} assume !(1 == ~handle); {19928#true} is VALID [2022-02-20 18:02:23,315 INFO L290 TraceCheckUtils]: 28: Hoare triple {19928#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,315 INFO L290 TraceCheckUtils]: 29: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,315 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19928#true} {19928#true} #1157#return; {19928#true} is VALID [2022-02-20 18:02:23,315 INFO L290 TraceCheckUtils]: 31: Hoare triple {19928#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19948#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:23,316 INFO L272 TraceCheckUtils]: 32: Hoare triple {19948#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:23,316 INFO L290 TraceCheckUtils]: 33: Hoare triple {19983#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19985#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,316 INFO L290 TraceCheckUtils]: 34: Hoare triple {19985#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19985#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,317 INFO L290 TraceCheckUtils]: 35: Hoare triple {19985#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19985#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,317 INFO L290 TraceCheckUtils]: 36: Hoare triple {19985#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19986#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,317 INFO L290 TraceCheckUtils]: 37: Hoare triple {19986#(= 3 |setClientId_#in~handle|)} assume true; {19986#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,318 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {19986#(= 3 |setClientId_#in~handle|)} {19948#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1159#return; {19955#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:23,318 INFO L290 TraceCheckUtils]: 39: Hoare triple {19955#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {19955#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:23,318 INFO L272 TraceCheckUtils]: 40: Hoare triple {19955#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:23,318 INFO L290 TraceCheckUtils]: 41: Hoare triple {19984#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19987#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:23,319 INFO L290 TraceCheckUtils]: 42: Hoare triple {19987#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19988#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:23,319 INFO L290 TraceCheckUtils]: 43: Hoare triple {19988#(= |setClientPrivateKey_#in~handle| 1)} assume true; {19988#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:23,319 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {19988#(= |setClientPrivateKey_#in~handle| 1)} {19955#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1161#return; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 45: Hoare triple {19929#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 46: Hoare triple {19929#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 47: Hoare triple {19929#false} assume !false; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 48: Hoare triple {19929#false} assume test_~splverifierCounter~0#1 < 4; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 49: Hoare triple {19929#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 50: Hoare triple {19929#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 51: Hoare triple {19929#false} assume !(0 != test_~tmp___9~0#1); {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 52: Hoare triple {19929#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 53: Hoare triple {19929#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {19929#false} is VALID [2022-02-20 18:02:23,320 INFO L290 TraceCheckUtils]: 54: Hoare triple {19929#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {19929#false} is VALID [2022-02-20 18:02:23,321 INFO L290 TraceCheckUtils]: 55: Hoare triple {19929#false} assume { :end_inline_setClientAutoResponse } true; {19929#false} is VALID [2022-02-20 18:02:23,321 INFO L290 TraceCheckUtils]: 56: Hoare triple {19929#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {19929#false} is VALID [2022-02-20 18:02:23,321 INFO L290 TraceCheckUtils]: 57: Hoare triple {19929#false} assume !false; {19929#false} is VALID [2022-02-20 18:02:23,321 INFO L290 TraceCheckUtils]: 58: Hoare triple {19929#false} assume !(test_~splverifierCounter~0#1 < 4); {19929#false} is VALID [2022-02-20 18:02:23,321 INFO L290 TraceCheckUtils]: 59: Hoare triple {19929#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {19929#false} is VALID [2022-02-20 18:02:23,321 INFO L272 TraceCheckUtils]: 60: Hoare triple {19929#false} call sendEmail(~bob~0, ~rjh~0); {19929#false} is VALID [2022-02-20 18:02:23,321 INFO L290 TraceCheckUtils]: 61: Hoare triple {19929#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19929#false} is VALID [2022-02-20 18:02:23,321 INFO L272 TraceCheckUtils]: 62: Hoare triple {19929#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19989#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:23,321 INFO L290 TraceCheckUtils]: 63: Hoare triple {19989#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,322 INFO L290 TraceCheckUtils]: 64: Hoare triple {19928#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,322 INFO L290 TraceCheckUtils]: 65: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,322 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {19928#true} {19929#false} #1119#return; {19929#false} is VALID [2022-02-20 18:02:23,322 INFO L272 TraceCheckUtils]: 67: Hoare triple {19929#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19990#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:23,322 INFO L290 TraceCheckUtils]: 68: Hoare triple {19990#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,322 INFO L290 TraceCheckUtils]: 69: Hoare triple {19928#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,322 INFO L290 TraceCheckUtils]: 70: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,322 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {19928#true} {19929#false} #1121#return; {19929#false} is VALID [2022-02-20 18:02:23,322 INFO L290 TraceCheckUtils]: 72: Hoare triple {19929#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {19929#false} is VALID [2022-02-20 18:02:23,322 INFO L290 TraceCheckUtils]: 73: Hoare triple {19929#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {19929#false} is VALID [2022-02-20 18:02:23,323 INFO L272 TraceCheckUtils]: 74: Hoare triple {19929#false} call outgoing(~sender#1, ~email~0#1); {19929#false} is VALID [2022-02-20 18:02:23,323 INFO L290 TraceCheckUtils]: 75: Hoare triple {19929#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {19929#false} is VALID [2022-02-20 18:02:23,323 INFO L290 TraceCheckUtils]: 76: Hoare triple {19929#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {19929#false} is VALID [2022-02-20 18:02:23,323 INFO L290 TraceCheckUtils]: 77: Hoare triple {19929#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {19929#false} is VALID [2022-02-20 18:02:23,323 INFO L290 TraceCheckUtils]: 78: Hoare triple {19929#false} assume 0 == sign_~privkey~0#1; {19929#false} is VALID [2022-02-20 18:02:23,323 INFO L290 TraceCheckUtils]: 79: Hoare triple {19929#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {19929#false} is VALID [2022-02-20 18:02:23,323 INFO L272 TraceCheckUtils]: 80: Hoare triple {19929#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {19928#true} is VALID [2022-02-20 18:02:23,323 INFO L290 TraceCheckUtils]: 81: Hoare triple {19928#true} ~handle := #in~handle;havoc ~retValue_acc~25; {19928#true} is VALID [2022-02-20 18:02:23,323 INFO L290 TraceCheckUtils]: 82: Hoare triple {19928#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {19928#true} is VALID [2022-02-20 18:02:23,324 INFO L290 TraceCheckUtils]: 83: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,324 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {19928#true} {19929#false} #1101#return; {19929#false} is VALID [2022-02-20 18:02:23,324 INFO L290 TraceCheckUtils]: 85: Hoare triple {19929#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {19929#false} is VALID [2022-02-20 18:02:23,324 INFO L290 TraceCheckUtils]: 86: Hoare triple {19929#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {19929#false} is VALID [2022-02-20 18:02:23,324 INFO L272 TraceCheckUtils]: 87: Hoare triple {19929#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {19929#false} is VALID [2022-02-20 18:02:23,324 INFO L290 TraceCheckUtils]: 88: Hoare triple {19929#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {19929#false} is VALID [2022-02-20 18:02:23,324 INFO L290 TraceCheckUtils]: 89: Hoare triple {19929#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {19929#false} is VALID [2022-02-20 18:02:23,324 INFO L290 TraceCheckUtils]: 90: Hoare triple {19929#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {19929#false} is VALID [2022-02-20 18:02:23,324 INFO L272 TraceCheckUtils]: 91: Hoare triple {19929#false} call setEmailFrom(~msg#1, ~tmp~1#1); {19989#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:23,324 INFO L290 TraceCheckUtils]: 92: Hoare triple {19989#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19928#true} is VALID [2022-02-20 18:02:23,325 INFO L290 TraceCheckUtils]: 93: Hoare triple {19928#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19928#true} is VALID [2022-02-20 18:02:23,325 INFO L290 TraceCheckUtils]: 94: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,325 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {19928#true} {19929#false} #1133#return; {19929#false} is VALID [2022-02-20 18:02:23,325 INFO L290 TraceCheckUtils]: 96: Hoare triple {19929#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {19929#false} is VALID [2022-02-20 18:02:23,325 INFO L272 TraceCheckUtils]: 97: Hoare triple {19929#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {19928#true} is VALID [2022-02-20 18:02:23,325 INFO L290 TraceCheckUtils]: 98: Hoare triple {19928#true} ~handle := #in~handle;havoc ~retValue_acc~12; {19928#true} is VALID [2022-02-20 18:02:23,325 INFO L290 TraceCheckUtils]: 99: Hoare triple {19928#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {19928#true} is VALID [2022-02-20 18:02:23,325 INFO L290 TraceCheckUtils]: 100: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,325 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {19928#true} {19929#false} #1135#return; {19929#false} is VALID [2022-02-20 18:02:23,326 INFO L290 TraceCheckUtils]: 102: Hoare triple {19929#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {19929#false} is VALID [2022-02-20 18:02:23,326 INFO L272 TraceCheckUtils]: 103: Hoare triple {19929#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {19928#true} is VALID [2022-02-20 18:02:23,326 INFO L290 TraceCheckUtils]: 104: Hoare triple {19928#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {19928#true} is VALID [2022-02-20 18:02:23,326 INFO L290 TraceCheckUtils]: 105: Hoare triple {19928#true} assume true; {19928#true} is VALID [2022-02-20 18:02:23,326 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {19928#true} {19929#false} #1137#return; {19929#false} is VALID [2022-02-20 18:02:23,326 INFO L290 TraceCheckUtils]: 107: Hoare triple {19929#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {19929#false} is VALID [2022-02-20 18:02:23,326 INFO L290 TraceCheckUtils]: 108: Hoare triple {19929#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {19929#false} is VALID [2022-02-20 18:02:23,326 INFO L290 TraceCheckUtils]: 109: Hoare triple {19929#false} assume !false; {19929#false} is VALID [2022-02-20 18:02:23,327 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:02:23,327 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:23,327 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1090118182] [2022-02-20 18:02:23,327 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1090118182] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:23,327 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:23,327 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:23,327 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [719270243] [2022-02-20 18:02:23,327 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:23,328 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 110 [2022-02-20 18:02:23,328 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:23,328 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:23,383 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:23,383 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:23,383 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:23,384 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:23,384 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:23,385 INFO L87 Difference]: Start difference. First operand 430 states and 675 transitions. Second operand has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:32,353 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:32,353 INFO L93 Difference]: Finished difference Result 953 states and 1521 transitions. [2022-02-20 18:02:32,353 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:02:32,353 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 110 [2022-02-20 18:02:32,353 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:32,353 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:32,362 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1273 transitions. [2022-02-20 18:02:32,362 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:32,370 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1273 transitions. [2022-02-20 18:02:32,370 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1273 transitions. [2022-02-20 18:02:33,435 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1273 edges. 1273 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:33,451 INFO L225 Difference]: With dead ends: 953 [2022-02-20 18:02:33,451 INFO L226 Difference]: Without dead ends: 550 [2022-02-20 18:02:33,452 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:02:33,453 INFO L933 BasicCegarLoop]: 600 mSDtfsCounter, 1466 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 3562 mSolverCounterSat, 478 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1466 SdHoareTripleChecker+Valid, 1966 SdHoareTripleChecker+Invalid, 4040 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 478 IncrementalHoareTripleChecker+Valid, 3562 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:33,453 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1466 Valid, 1966 Invalid, 4040 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [478 Valid, 3562 Invalid, 0 Unknown, 0 Unchecked, 4.2s Time] [2022-02-20 18:02:33,454 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 550 states. [2022-02-20 18:02:33,541 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 550 to 430. [2022-02-20 18:02:33,541 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:33,542 INFO L82 GeneralOperation]: Start isEquivalent. First operand 550 states. Second operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:02:33,543 INFO L74 IsIncluded]: Start isIncluded. First operand 550 states. Second operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:02:33,543 INFO L87 Difference]: Start difference. First operand 550 states. Second operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:02:33,557 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:33,557 INFO L93 Difference]: Finished difference Result 550 states and 883 transitions. [2022-02-20 18:02:33,557 INFO L276 IsEmpty]: Start isEmpty. Operand 550 states and 883 transitions. [2022-02-20 18:02:33,559 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:33,560 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:33,560 INFO L74 IsIncluded]: Start isIncluded. First operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) Second operand 550 states. [2022-02-20 18:02:33,561 INFO L87 Difference]: Start difference. First operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) Second operand 550 states. [2022-02-20 18:02:33,575 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:33,575 INFO L93 Difference]: Finished difference Result 550 states and 883 transitions. [2022-02-20 18:02:33,575 INFO L276 IsEmpty]: Start isEmpty. Operand 550 states and 883 transitions. [2022-02-20 18:02:33,577 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:33,577 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:33,577 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:33,578 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:33,578 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 430 states, 341 states have (on average 1.5835777126099706) internal successors, (540), 346 states have internal predecessors, (540), 64 states have call successors, (64), 21 states have call predecessors, (64), 24 states have return successors, (70), 62 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 18:02:33,589 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 430 states to 430 states and 674 transitions. [2022-02-20 18:02:33,589 INFO L78 Accepts]: Start accepts. Automaton has 430 states and 674 transitions. Word has length 110 [2022-02-20 18:02:33,589 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:33,589 INFO L470 AbstractCegarLoop]: Abstraction has 430 states and 674 transitions. [2022-02-20 18:02:33,590 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:33,590 INFO L276 IsEmpty]: Start isEmpty. Operand 430 states and 674 transitions. [2022-02-20 18:02:33,591 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 18:02:33,591 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:33,591 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:33,591 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:02:33,591 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:33,592 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:33,592 INFO L85 PathProgramCache]: Analyzing trace with hash 1075987353, now seen corresponding path program 2 times [2022-02-20 18:02:33,592 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:33,592 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1618918562] [2022-02-20 18:02:33,592 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:33,592 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:33,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:33,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,642 INFO L290 TraceCheckUtils]: 0: Hoare triple {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,642 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,642 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,642 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23038#true} {23038#true} #1151#return; {23038#true} is VALID [2022-02-20 18:02:33,647 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:33,648 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,650 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23038#true} {23038#true} #1153#return; {23038#true} is VALID [2022-02-20 18:02:33,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:33,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,653 INFO L290 TraceCheckUtils]: 0: Hoare triple {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,653 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume !(1 == ~handle); {23038#true} is VALID [2022-02-20 18:02:33,653 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,653 INFO L290 TraceCheckUtils]: 3: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,653 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23038#true} {23038#true} #1155#return; {23038#true} is VALID [2022-02-20 18:02:33,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:33,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume !(1 == ~handle); {23038#true} is VALID [2022-02-20 18:02:33,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,656 INFO L290 TraceCheckUtils]: 3: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,657 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23038#true} {23038#true} #1157#return; {23038#true} is VALID [2022-02-20 18:02:33,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:33,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23096#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {23096#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23096#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {23096#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23096#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,673 INFO L290 TraceCheckUtils]: 3: Hoare triple {23096#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23097#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,673 INFO L290 TraceCheckUtils]: 4: Hoare triple {23097#(= 3 |setClientId_#in~handle|)} assume true; {23097#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,674 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {23097#(= 3 |setClientId_#in~handle|)} {23058#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1159#return; {23065#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:33,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:33,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23098#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:33,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {23098#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {23098#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:33,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {23098#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23099#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:33,690 INFO L290 TraceCheckUtils]: 3: Hoare triple {23099#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {23099#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:33,691 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23099#(= 2 |setClientPrivateKey_#in~handle|)} {23065#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1161#return; {23039#false} is VALID [2022-02-20 18:02:33,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:02:33,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,700 INFO L290 TraceCheckUtils]: 0: Hoare triple {23100#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,700 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,701 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,701 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23038#true} {23039#false} #1119#return; {23039#false} is VALID [2022-02-20 18:02:33,724 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:02:33,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {23101#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,727 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23038#true} {23039#false} #1121#return; {23039#false} is VALID [2022-02-20 18:02:33,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:02:33,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {23038#true} ~handle := #in~handle;havoc ~retValue_acc~25; {23038#true} is VALID [2022-02-20 18:02:33,729 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {23038#true} is VALID [2022-02-20 18:02:33,729 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,729 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23038#true} {23039#false} #1101#return; {23039#false} is VALID [2022-02-20 18:02:33,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:02:33,730 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,733 INFO L290 TraceCheckUtils]: 0: Hoare triple {23100#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,733 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,733 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,733 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23038#true} {23039#false} #1133#return; {23039#false} is VALID [2022-02-20 18:02:33,733 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:02:33,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {23038#true} ~handle := #in~handle;havoc ~retValue_acc~12; {23038#true} is VALID [2022-02-20 18:02:33,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {23038#true} is VALID [2022-02-20 18:02:33,735 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,735 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23038#true} {23039#false} #1135#return; {23039#false} is VALID [2022-02-20 18:02:33,736 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:02:33,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {23038#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {23038#true} is VALID [2022-02-20 18:02:33,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,738 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {23038#true} {23039#false} #1137#return; {23039#false} is VALID [2022-02-20 18:02:33,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {23038#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {23038#true} is VALID [2022-02-20 18:02:33,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {23038#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {23038#true} is VALID [2022-02-20 18:02:33,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {23038#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23038#true} is VALID [2022-02-20 18:02:33,738 INFO L290 TraceCheckUtils]: 3: Hoare triple {23038#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {23038#true} is VALID [2022-02-20 18:02:33,738 INFO L290 TraceCheckUtils]: 4: Hoare triple {23038#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {23038#true} is VALID [2022-02-20 18:02:33,738 INFO L290 TraceCheckUtils]: 5: Hoare triple {23038#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {23038#true} is VALID [2022-02-20 18:02:33,739 INFO L272 TraceCheckUtils]: 6: Hoare triple {23038#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:33,739 INFO L290 TraceCheckUtils]: 7: Hoare triple {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,739 INFO L290 TraceCheckUtils]: 8: Hoare triple {23038#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,739 INFO L290 TraceCheckUtils]: 9: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,739 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {23038#true} {23038#true} #1151#return; {23038#true} is VALID [2022-02-20 18:02:33,739 INFO L290 TraceCheckUtils]: 11: Hoare triple {23038#true} assume { :end_inline_setup_bob__wrappee__Base } true; {23038#true} is VALID [2022-02-20 18:02:33,740 INFO L272 TraceCheckUtils]: 12: Hoare triple {23038#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:33,740 INFO L290 TraceCheckUtils]: 13: Hoare triple {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,740 INFO L290 TraceCheckUtils]: 14: Hoare triple {23038#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,740 INFO L290 TraceCheckUtils]: 15: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,740 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {23038#true} {23038#true} #1153#return; {23038#true} is VALID [2022-02-20 18:02:33,740 INFO L290 TraceCheckUtils]: 17: Hoare triple {23038#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {23038#true} is VALID [2022-02-20 18:02:33,741 INFO L272 TraceCheckUtils]: 18: Hoare triple {23038#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:33,741 INFO L290 TraceCheckUtils]: 19: Hoare triple {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,741 INFO L290 TraceCheckUtils]: 20: Hoare triple {23038#true} assume !(1 == ~handle); {23038#true} is VALID [2022-02-20 18:02:33,741 INFO L290 TraceCheckUtils]: 21: Hoare triple {23038#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,741 INFO L290 TraceCheckUtils]: 22: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,741 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {23038#true} {23038#true} #1155#return; {23038#true} is VALID [2022-02-20 18:02:33,741 INFO L290 TraceCheckUtils]: 24: Hoare triple {23038#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {23038#true} is VALID [2022-02-20 18:02:33,742 INFO L272 TraceCheckUtils]: 25: Hoare triple {23038#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:33,742 INFO L290 TraceCheckUtils]: 26: Hoare triple {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,742 INFO L290 TraceCheckUtils]: 27: Hoare triple {23038#true} assume !(1 == ~handle); {23038#true} is VALID [2022-02-20 18:02:33,742 INFO L290 TraceCheckUtils]: 28: Hoare triple {23038#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,742 INFO L290 TraceCheckUtils]: 29: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,742 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {23038#true} {23038#true} #1157#return; {23038#true} is VALID [2022-02-20 18:02:33,743 INFO L290 TraceCheckUtils]: 31: Hoare triple {23038#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {23058#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:33,743 INFO L272 TraceCheckUtils]: 32: Hoare triple {23058#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:33,743 INFO L290 TraceCheckUtils]: 33: Hoare triple {23094#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23096#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,744 INFO L290 TraceCheckUtils]: 34: Hoare triple {23096#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23096#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,744 INFO L290 TraceCheckUtils]: 35: Hoare triple {23096#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23096#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,744 INFO L290 TraceCheckUtils]: 36: Hoare triple {23096#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23097#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,744 INFO L290 TraceCheckUtils]: 37: Hoare triple {23097#(= 3 |setClientId_#in~handle|)} assume true; {23097#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,745 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {23097#(= 3 |setClientId_#in~handle|)} {23058#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1159#return; {23065#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:33,745 INFO L290 TraceCheckUtils]: 39: Hoare triple {23065#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {23065#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:33,746 INFO L272 TraceCheckUtils]: 40: Hoare triple {23065#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:33,746 INFO L290 TraceCheckUtils]: 41: Hoare triple {23095#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23098#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:33,746 INFO L290 TraceCheckUtils]: 42: Hoare triple {23098#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {23098#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:33,746 INFO L290 TraceCheckUtils]: 43: Hoare triple {23098#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23099#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:33,747 INFO L290 TraceCheckUtils]: 44: Hoare triple {23099#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {23099#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:33,747 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {23099#(= 2 |setClientPrivateKey_#in~handle|)} {23065#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1161#return; {23039#false} is VALID [2022-02-20 18:02:33,747 INFO L290 TraceCheckUtils]: 46: Hoare triple {23039#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {23039#false} is VALID [2022-02-20 18:02:33,747 INFO L290 TraceCheckUtils]: 47: Hoare triple {23039#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23039#false} is VALID [2022-02-20 18:02:33,747 INFO L290 TraceCheckUtils]: 48: Hoare triple {23039#false} assume !false; {23039#false} is VALID [2022-02-20 18:02:33,747 INFO L290 TraceCheckUtils]: 49: Hoare triple {23039#false} assume test_~splverifierCounter~0#1 < 4; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 50: Hoare triple {23039#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 51: Hoare triple {23039#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 52: Hoare triple {23039#false} assume !(0 != test_~tmp___9~0#1); {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 53: Hoare triple {23039#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 54: Hoare triple {23039#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 55: Hoare triple {23039#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 56: Hoare triple {23039#false} assume { :end_inline_setClientAutoResponse } true; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 57: Hoare triple {23039#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 58: Hoare triple {23039#false} assume !false; {23039#false} is VALID [2022-02-20 18:02:33,748 INFO L290 TraceCheckUtils]: 59: Hoare triple {23039#false} assume !(test_~splverifierCounter~0#1 < 4); {23039#false} is VALID [2022-02-20 18:02:33,749 INFO L290 TraceCheckUtils]: 60: Hoare triple {23039#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {23039#false} is VALID [2022-02-20 18:02:33,749 INFO L272 TraceCheckUtils]: 61: Hoare triple {23039#false} call sendEmail(~bob~0, ~rjh~0); {23039#false} is VALID [2022-02-20 18:02:33,749 INFO L290 TraceCheckUtils]: 62: Hoare triple {23039#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {23039#false} is VALID [2022-02-20 18:02:33,749 INFO L272 TraceCheckUtils]: 63: Hoare triple {23039#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {23100#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:33,749 INFO L290 TraceCheckUtils]: 64: Hoare triple {23100#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,749 INFO L290 TraceCheckUtils]: 65: Hoare triple {23038#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,749 INFO L290 TraceCheckUtils]: 66: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,749 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {23038#true} {23039#false} #1119#return; {23039#false} is VALID [2022-02-20 18:02:33,749 INFO L272 TraceCheckUtils]: 68: Hoare triple {23039#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {23101#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:33,749 INFO L290 TraceCheckUtils]: 69: Hoare triple {23101#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,750 INFO L290 TraceCheckUtils]: 70: Hoare triple {23038#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,750 INFO L290 TraceCheckUtils]: 71: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,750 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {23038#true} {23039#false} #1121#return; {23039#false} is VALID [2022-02-20 18:02:33,750 INFO L290 TraceCheckUtils]: 73: Hoare triple {23039#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {23039#false} is VALID [2022-02-20 18:02:33,750 INFO L290 TraceCheckUtils]: 74: Hoare triple {23039#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {23039#false} is VALID [2022-02-20 18:02:33,750 INFO L272 TraceCheckUtils]: 75: Hoare triple {23039#false} call outgoing(~sender#1, ~email~0#1); {23039#false} is VALID [2022-02-20 18:02:33,750 INFO L290 TraceCheckUtils]: 76: Hoare triple {23039#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {23039#false} is VALID [2022-02-20 18:02:33,750 INFO L290 TraceCheckUtils]: 77: Hoare triple {23039#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {23039#false} is VALID [2022-02-20 18:02:33,750 INFO L290 TraceCheckUtils]: 78: Hoare triple {23039#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {23039#false} is VALID [2022-02-20 18:02:33,750 INFO L290 TraceCheckUtils]: 79: Hoare triple {23039#false} assume 0 == sign_~privkey~0#1; {23039#false} is VALID [2022-02-20 18:02:33,751 INFO L290 TraceCheckUtils]: 80: Hoare triple {23039#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {23039#false} is VALID [2022-02-20 18:02:33,751 INFO L272 TraceCheckUtils]: 81: Hoare triple {23039#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {23038#true} is VALID [2022-02-20 18:02:33,751 INFO L290 TraceCheckUtils]: 82: Hoare triple {23038#true} ~handle := #in~handle;havoc ~retValue_acc~25; {23038#true} is VALID [2022-02-20 18:02:33,751 INFO L290 TraceCheckUtils]: 83: Hoare triple {23038#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {23038#true} is VALID [2022-02-20 18:02:33,751 INFO L290 TraceCheckUtils]: 84: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,751 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {23038#true} {23039#false} #1101#return; {23039#false} is VALID [2022-02-20 18:02:33,751 INFO L290 TraceCheckUtils]: 86: Hoare triple {23039#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {23039#false} is VALID [2022-02-20 18:02:33,751 INFO L290 TraceCheckUtils]: 87: Hoare triple {23039#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {23039#false} is VALID [2022-02-20 18:02:33,751 INFO L272 TraceCheckUtils]: 88: Hoare triple {23039#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {23039#false} is VALID [2022-02-20 18:02:33,752 INFO L290 TraceCheckUtils]: 89: Hoare triple {23039#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {23039#false} is VALID [2022-02-20 18:02:33,752 INFO L290 TraceCheckUtils]: 90: Hoare triple {23039#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {23039#false} is VALID [2022-02-20 18:02:33,752 INFO L290 TraceCheckUtils]: 91: Hoare triple {23039#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {23039#false} is VALID [2022-02-20 18:02:33,752 INFO L272 TraceCheckUtils]: 92: Hoare triple {23039#false} call setEmailFrom(~msg#1, ~tmp~1#1); {23100#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:33,752 INFO L290 TraceCheckUtils]: 93: Hoare triple {23100#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23038#true} is VALID [2022-02-20 18:02:33,752 INFO L290 TraceCheckUtils]: 94: Hoare triple {23038#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23038#true} is VALID [2022-02-20 18:02:33,752 INFO L290 TraceCheckUtils]: 95: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,752 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {23038#true} {23039#false} #1133#return; {23039#false} is VALID [2022-02-20 18:02:33,752 INFO L290 TraceCheckUtils]: 97: Hoare triple {23039#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {23039#false} is VALID [2022-02-20 18:02:33,752 INFO L272 TraceCheckUtils]: 98: Hoare triple {23039#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {23038#true} is VALID [2022-02-20 18:02:33,753 INFO L290 TraceCheckUtils]: 99: Hoare triple {23038#true} ~handle := #in~handle;havoc ~retValue_acc~12; {23038#true} is VALID [2022-02-20 18:02:33,753 INFO L290 TraceCheckUtils]: 100: Hoare triple {23038#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {23038#true} is VALID [2022-02-20 18:02:33,753 INFO L290 TraceCheckUtils]: 101: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,753 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {23038#true} {23039#false} #1135#return; {23039#false} is VALID [2022-02-20 18:02:33,753 INFO L290 TraceCheckUtils]: 103: Hoare triple {23039#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {23039#false} is VALID [2022-02-20 18:02:33,753 INFO L272 TraceCheckUtils]: 104: Hoare triple {23039#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {23038#true} is VALID [2022-02-20 18:02:33,753 INFO L290 TraceCheckUtils]: 105: Hoare triple {23038#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {23038#true} is VALID [2022-02-20 18:02:33,753 INFO L290 TraceCheckUtils]: 106: Hoare triple {23038#true} assume true; {23038#true} is VALID [2022-02-20 18:02:33,753 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {23038#true} {23039#false} #1137#return; {23039#false} is VALID [2022-02-20 18:02:33,753 INFO L290 TraceCheckUtils]: 108: Hoare triple {23039#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {23039#false} is VALID [2022-02-20 18:02:33,754 INFO L290 TraceCheckUtils]: 109: Hoare triple {23039#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {23039#false} is VALID [2022-02-20 18:02:33,754 INFO L290 TraceCheckUtils]: 110: Hoare triple {23039#false} assume !false; {23039#false} is VALID [2022-02-20 18:02:33,754 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:02:33,754 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:33,754 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1618918562] [2022-02-20 18:02:33,754 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1618918562] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:33,754 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:33,755 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:33,755 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [591048214] [2022-02-20 18:02:33,755 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:33,755 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 111 [2022-02-20 18:02:33,755 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:33,756 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:33,810 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:33,810 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:33,810 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:33,811 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:33,811 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:33,811 INFO L87 Difference]: Start difference. First operand 430 states and 674 transitions. Second operand has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:42,431 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:42,431 INFO L93 Difference]: Finished difference Result 955 states and 1527 transitions. [2022-02-20 18:02:42,431 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:02:42,432 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 111 [2022-02-20 18:02:42,432 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:42,432 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:42,439 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1274 transitions. [2022-02-20 18:02:42,440 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:42,448 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1274 transitions. [2022-02-20 18:02:42,448 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1274 transitions. [2022-02-20 18:02:43,438 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1274 edges. 1274 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:43,453 INFO L225 Difference]: With dead ends: 955 [2022-02-20 18:02:43,453 INFO L226 Difference]: Without dead ends: 552 [2022-02-20 18:02:43,454 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:02:43,456 INFO L933 BasicCegarLoop]: 603 mSDtfsCounter, 1460 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 3601 mSolverCounterSat, 478 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1460 SdHoareTripleChecker+Valid, 1969 SdHoareTripleChecker+Invalid, 4079 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 478 IncrementalHoareTripleChecker+Valid, 3601 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:43,456 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1460 Valid, 1969 Invalid, 4079 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [478 Valid, 3601 Invalid, 0 Unknown, 0 Unchecked, 4.0s Time] [2022-02-20 18:02:43,457 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 552 states. [2022-02-20 18:02:43,539 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 552 to 432. [2022-02-20 18:02:43,539 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:43,554 INFO L82 GeneralOperation]: Start isEquivalent. First operand 552 states. Second operand has 432 states, 342 states have (on average 1.5818713450292399) internal successors, (541), 348 states have internal predecessors, (541), 64 states have call successors, (64), 21 states have call predecessors, (64), 25 states have return successors, (75), 62 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 18:02:43,555 INFO L74 IsIncluded]: Start isIncluded. First operand 552 states. Second operand has 432 states, 342 states have (on average 1.5818713450292399) internal successors, (541), 348 states have internal predecessors, (541), 64 states have call successors, (64), 21 states have call predecessors, (64), 25 states have return successors, (75), 62 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 18:02:43,556 INFO L87 Difference]: Start difference. First operand 552 states. Second operand has 432 states, 342 states have (on average 1.5818713450292399) internal successors, (541), 348 states have internal predecessors, (541), 64 states have call successors, (64), 21 states have call predecessors, (64), 25 states have return successors, (75), 62 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 18:02:43,570 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:43,571 INFO L93 Difference]: Finished difference Result 552 states and 889 transitions. [2022-02-20 18:02:43,571 INFO L276 IsEmpty]: Start isEmpty. Operand 552 states and 889 transitions. [2022-02-20 18:02:43,574 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:43,574 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:43,575 INFO L74 IsIncluded]: Start isIncluded. First operand has 432 states, 342 states have (on average 1.5818713450292399) internal successors, (541), 348 states have internal predecessors, (541), 64 states have call successors, (64), 21 states have call predecessors, (64), 25 states have return successors, (75), 62 states have call predecessors, (75), 63 states have call successors, (75) Second operand 552 states. [2022-02-20 18:02:43,576 INFO L87 Difference]: Start difference. First operand has 432 states, 342 states have (on average 1.5818713450292399) internal successors, (541), 348 states have internal predecessors, (541), 64 states have call successors, (64), 21 states have call predecessors, (64), 25 states have return successors, (75), 62 states have call predecessors, (75), 63 states have call successors, (75) Second operand 552 states. [2022-02-20 18:02:43,594 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:43,595 INFO L93 Difference]: Finished difference Result 552 states and 889 transitions. [2022-02-20 18:02:43,595 INFO L276 IsEmpty]: Start isEmpty. Operand 552 states and 889 transitions. [2022-02-20 18:02:43,597 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:43,598 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:43,598 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:43,598 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:43,599 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 432 states, 342 states have (on average 1.5818713450292399) internal successors, (541), 348 states have internal predecessors, (541), 64 states have call successors, (64), 21 states have call predecessors, (64), 25 states have return successors, (75), 62 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 18:02:43,610 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 432 states to 432 states and 680 transitions. [2022-02-20 18:02:43,610 INFO L78 Accepts]: Start accepts. Automaton has 432 states and 680 transitions. Word has length 111 [2022-02-20 18:02:43,611 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:43,611 INFO L470 AbstractCegarLoop]: Abstraction has 432 states and 680 transitions. [2022-02-20 18:02:43,611 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:43,611 INFO L276 IsEmpty]: Start isEmpty. Operand 432 states and 680 transitions. [2022-02-20 18:02:43,613 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 18:02:43,613 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:43,613 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:43,613 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:02:43,613 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:43,614 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:43,614 INFO L85 PathProgramCache]: Analyzing trace with hash -1191491172, now seen corresponding path program 1 times [2022-02-20 18:02:43,614 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:43,614 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [268124568] [2022-02-20 18:02:43,614 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:43,614 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:43,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:43,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,696 INFO L290 TraceCheckUtils]: 0: Hoare triple {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,697 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26157#true} {26157#true} #1151#return; {26157#true} is VALID [2022-02-20 18:02:43,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:43,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26157#true} {26157#true} #1153#return; {26157#true} is VALID [2022-02-20 18:02:43,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:43,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,719 INFO L290 TraceCheckUtils]: 0: Hoare triple {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26217#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {26217#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26217#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,720 INFO L290 TraceCheckUtils]: 2: Hoare triple {26217#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26218#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,720 INFO L290 TraceCheckUtils]: 3: Hoare triple {26218#(= 2 |setClientId_#in~handle|)} assume true; {26218#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,721 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26218#(= 2 |setClientId_#in~handle|)} {26167#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1155#return; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:43,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,725 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,725 INFO L290 TraceCheckUtils]: 3: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,725 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26157#true} {26173#(not (= ~rjh~0 1))} #1157#return; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:43,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,731 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume !(2 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,731 INFO L290 TraceCheckUtils]: 3: Hoare triple {26157#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,731 INFO L290 TraceCheckUtils]: 4: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,732 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {26157#true} {26173#(not (= ~rjh~0 1))} #1159#return; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:43,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume !(2 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,738 INFO L290 TraceCheckUtils]: 3: Hoare triple {26157#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,738 INFO L290 TraceCheckUtils]: 4: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,738 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {26157#true} {26173#(not (= ~rjh~0 1))} #1161#return; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,744 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:02:43,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {26219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,748 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,748 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26157#true} {26158#false} #1119#return; {26158#false} is VALID [2022-02-20 18:02:43,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:02:43,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,758 INFO L290 TraceCheckUtils]: 0: Hoare triple {26220#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,758 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,758 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26157#true} {26158#false} #1121#return; {26158#false} is VALID [2022-02-20 18:02:43,759 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:02:43,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,762 INFO L290 TraceCheckUtils]: 0: Hoare triple {26157#true} ~handle := #in~handle;havoc ~retValue_acc~25; {26157#true} is VALID [2022-02-20 18:02:43,762 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {26157#true} is VALID [2022-02-20 18:02:43,762 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,762 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26157#true} {26158#false} #1101#return; {26158#false} is VALID [2022-02-20 18:02:43,762 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:02:43,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {26219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,769 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26157#true} {26158#false} #1133#return; {26158#false} is VALID [2022-02-20 18:02:43,769 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:02:43,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {26157#true} ~handle := #in~handle;havoc ~retValue_acc~12; {26157#true} is VALID [2022-02-20 18:02:43,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {26157#true} is VALID [2022-02-20 18:02:43,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,772 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26157#true} {26158#false} #1135#return; {26158#false} is VALID [2022-02-20 18:02:43,772 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:02:43,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {26157#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {26157#true} is VALID [2022-02-20 18:02:43,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,774 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {26157#true} {26158#false} #1137#return; {26158#false} is VALID [2022-02-20 18:02:43,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {26157#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {26157#true} is VALID [2022-02-20 18:02:43,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {26157#true} is VALID [2022-02-20 18:02:43,775 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {26157#true} is VALID [2022-02-20 18:02:43,775 INFO L290 TraceCheckUtils]: 3: Hoare triple {26157#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {26157#true} is VALID [2022-02-20 18:02:43,775 INFO L290 TraceCheckUtils]: 4: Hoare triple {26157#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {26157#true} is VALID [2022-02-20 18:02:43,775 INFO L290 TraceCheckUtils]: 5: Hoare triple {26157#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {26157#true} is VALID [2022-02-20 18:02:43,776 INFO L272 TraceCheckUtils]: 6: Hoare triple {26157#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,776 INFO L290 TraceCheckUtils]: 7: Hoare triple {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,776 INFO L290 TraceCheckUtils]: 8: Hoare triple {26157#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,776 INFO L290 TraceCheckUtils]: 9: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,776 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {26157#true} {26157#true} #1151#return; {26157#true} is VALID [2022-02-20 18:02:43,776 INFO L290 TraceCheckUtils]: 11: Hoare triple {26157#true} assume { :end_inline_setup_bob__wrappee__Base } true; {26157#true} is VALID [2022-02-20 18:02:43,777 INFO L272 TraceCheckUtils]: 12: Hoare triple {26157#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,777 INFO L290 TraceCheckUtils]: 13: Hoare triple {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,777 INFO L290 TraceCheckUtils]: 14: Hoare triple {26157#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,777 INFO L290 TraceCheckUtils]: 15: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,777 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {26157#true} {26157#true} #1153#return; {26157#true} is VALID [2022-02-20 18:02:43,777 INFO L290 TraceCheckUtils]: 17: Hoare triple {26157#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {26167#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:43,778 INFO L272 TraceCheckUtils]: 18: Hoare triple {26167#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,778 INFO L290 TraceCheckUtils]: 19: Hoare triple {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26217#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,778 INFO L290 TraceCheckUtils]: 20: Hoare triple {26217#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26217#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,779 INFO L290 TraceCheckUtils]: 21: Hoare triple {26217#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26218#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,779 INFO L290 TraceCheckUtils]: 22: Hoare triple {26218#(= 2 |setClientId_#in~handle|)} assume true; {26218#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,779 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {26218#(= 2 |setClientId_#in~handle|)} {26167#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1155#return; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,780 INFO L290 TraceCheckUtils]: 24: Hoare triple {26173#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,780 INFO L272 TraceCheckUtils]: 25: Hoare triple {26173#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,780 INFO L290 TraceCheckUtils]: 26: Hoare triple {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,780 INFO L290 TraceCheckUtils]: 27: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,780 INFO L290 TraceCheckUtils]: 28: Hoare triple {26157#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,780 INFO L290 TraceCheckUtils]: 29: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,781 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {26157#true} {26173#(not (= ~rjh~0 1))} #1157#return; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,781 INFO L290 TraceCheckUtils]: 31: Hoare triple {26173#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,782 INFO L272 TraceCheckUtils]: 32: Hoare triple {26173#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,782 INFO L290 TraceCheckUtils]: 33: Hoare triple {26215#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,782 INFO L290 TraceCheckUtils]: 34: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,782 INFO L290 TraceCheckUtils]: 35: Hoare triple {26157#true} assume !(2 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,782 INFO L290 TraceCheckUtils]: 36: Hoare triple {26157#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,782 INFO L290 TraceCheckUtils]: 37: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,782 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26157#true} {26173#(not (= ~rjh~0 1))} #1159#return; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,783 INFO L290 TraceCheckUtils]: 39: Hoare triple {26173#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,783 INFO L272 TraceCheckUtils]: 40: Hoare triple {26173#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,783 INFO L290 TraceCheckUtils]: 41: Hoare triple {26216#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,783 INFO L290 TraceCheckUtils]: 42: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,784 INFO L290 TraceCheckUtils]: 43: Hoare triple {26157#true} assume !(2 == ~handle); {26157#true} is VALID [2022-02-20 18:02:43,784 INFO L290 TraceCheckUtils]: 44: Hoare triple {26157#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,784 INFO L290 TraceCheckUtils]: 45: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,784 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {26157#true} {26173#(not (= ~rjh~0 1))} #1161#return; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,784 INFO L290 TraceCheckUtils]: 47: Hoare triple {26173#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,785 INFO L290 TraceCheckUtils]: 48: Hoare triple {26173#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,785 INFO L290 TraceCheckUtils]: 49: Hoare triple {26173#(not (= ~rjh~0 1))} assume !false; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,785 INFO L290 TraceCheckUtils]: 50: Hoare triple {26173#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,785 INFO L290 TraceCheckUtils]: 51: Hoare triple {26173#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,786 INFO L290 TraceCheckUtils]: 52: Hoare triple {26173#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,786 INFO L290 TraceCheckUtils]: 53: Hoare triple {26173#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,786 INFO L290 TraceCheckUtils]: 54: Hoare triple {26173#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {26173#(not (= ~rjh~0 1))} is VALID [2022-02-20 18:02:43,786 INFO L290 TraceCheckUtils]: 55: Hoare triple {26173#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {26191#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 18:02:43,787 INFO L290 TraceCheckUtils]: 56: Hoare triple {26191#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {26158#false} is VALID [2022-02-20 18:02:43,787 INFO L290 TraceCheckUtils]: 57: Hoare triple {26158#false} assume { :end_inline_setClientAutoResponse } true; {26158#false} is VALID [2022-02-20 18:02:43,787 INFO L290 TraceCheckUtils]: 58: Hoare triple {26158#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {26158#false} is VALID [2022-02-20 18:02:43,787 INFO L290 TraceCheckUtils]: 59: Hoare triple {26158#false} assume !false; {26158#false} is VALID [2022-02-20 18:02:43,787 INFO L290 TraceCheckUtils]: 60: Hoare triple {26158#false} assume !(test_~splverifierCounter~0#1 < 4); {26158#false} is VALID [2022-02-20 18:02:43,787 INFO L290 TraceCheckUtils]: 61: Hoare triple {26158#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {26158#false} is VALID [2022-02-20 18:02:43,787 INFO L272 TraceCheckUtils]: 62: Hoare triple {26158#false} call sendEmail(~bob~0, ~rjh~0); {26158#false} is VALID [2022-02-20 18:02:43,787 INFO L290 TraceCheckUtils]: 63: Hoare triple {26158#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {26158#false} is VALID [2022-02-20 18:02:43,788 INFO L272 TraceCheckUtils]: 64: Hoare triple {26158#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:43,788 INFO L290 TraceCheckUtils]: 65: Hoare triple {26219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,788 INFO L290 TraceCheckUtils]: 66: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,788 INFO L290 TraceCheckUtils]: 67: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,788 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {26157#true} {26158#false} #1119#return; {26158#false} is VALID [2022-02-20 18:02:43,788 INFO L272 TraceCheckUtils]: 69: Hoare triple {26158#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26220#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:43,788 INFO L290 TraceCheckUtils]: 70: Hoare triple {26220#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,788 INFO L290 TraceCheckUtils]: 71: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,788 INFO L290 TraceCheckUtils]: 72: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,788 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {26157#true} {26158#false} #1121#return; {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L290 TraceCheckUtils]: 74: Hoare triple {26158#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L290 TraceCheckUtils]: 75: Hoare triple {26158#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L272 TraceCheckUtils]: 76: Hoare triple {26158#false} call outgoing(~sender#1, ~email~0#1); {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L290 TraceCheckUtils]: 77: Hoare triple {26158#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L290 TraceCheckUtils]: 78: Hoare triple {26158#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L290 TraceCheckUtils]: 79: Hoare triple {26158#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L290 TraceCheckUtils]: 80: Hoare triple {26158#false} assume 0 == sign_~privkey~0#1; {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L290 TraceCheckUtils]: 81: Hoare triple {26158#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {26158#false} is VALID [2022-02-20 18:02:43,789 INFO L272 TraceCheckUtils]: 82: Hoare triple {26158#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {26157#true} is VALID [2022-02-20 18:02:43,790 INFO L290 TraceCheckUtils]: 83: Hoare triple {26157#true} ~handle := #in~handle;havoc ~retValue_acc~25; {26157#true} is VALID [2022-02-20 18:02:43,790 INFO L290 TraceCheckUtils]: 84: Hoare triple {26157#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {26157#true} is VALID [2022-02-20 18:02:43,794 INFO L290 TraceCheckUtils]: 85: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,795 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {26157#true} {26158#false} #1101#return; {26158#false} is VALID [2022-02-20 18:02:43,795 INFO L290 TraceCheckUtils]: 87: Hoare triple {26158#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {26158#false} is VALID [2022-02-20 18:02:43,795 INFO L290 TraceCheckUtils]: 88: Hoare triple {26158#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {26158#false} is VALID [2022-02-20 18:02:43,796 INFO L272 TraceCheckUtils]: 89: Hoare triple {26158#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {26158#false} is VALID [2022-02-20 18:02:43,797 INFO L290 TraceCheckUtils]: 90: Hoare triple {26158#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {26158#false} is VALID [2022-02-20 18:02:43,797 INFO L290 TraceCheckUtils]: 91: Hoare triple {26158#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {26158#false} is VALID [2022-02-20 18:02:43,799 INFO L290 TraceCheckUtils]: 92: Hoare triple {26158#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {26158#false} is VALID [2022-02-20 18:02:43,799 INFO L272 TraceCheckUtils]: 93: Hoare triple {26158#false} call setEmailFrom(~msg#1, ~tmp~1#1); {26219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:43,799 INFO L290 TraceCheckUtils]: 94: Hoare triple {26219#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:43,801 INFO L290 TraceCheckUtils]: 95: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:43,802 INFO L290 TraceCheckUtils]: 96: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,802 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {26157#true} {26158#false} #1133#return; {26158#false} is VALID [2022-02-20 18:02:43,802 INFO L290 TraceCheckUtils]: 98: Hoare triple {26158#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {26158#false} is VALID [2022-02-20 18:02:43,806 INFO L272 TraceCheckUtils]: 99: Hoare triple {26158#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {26157#true} is VALID [2022-02-20 18:02:43,806 INFO L290 TraceCheckUtils]: 100: Hoare triple {26157#true} ~handle := #in~handle;havoc ~retValue_acc~12; {26157#true} is VALID [2022-02-20 18:02:43,806 INFO L290 TraceCheckUtils]: 101: Hoare triple {26157#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {26157#true} is VALID [2022-02-20 18:02:43,808 INFO L290 TraceCheckUtils]: 102: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,808 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {26157#true} {26158#false} #1135#return; {26158#false} is VALID [2022-02-20 18:02:43,808 INFO L290 TraceCheckUtils]: 104: Hoare triple {26158#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {26158#false} is VALID [2022-02-20 18:02:43,809 INFO L272 TraceCheckUtils]: 105: Hoare triple {26158#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {26157#true} is VALID [2022-02-20 18:02:43,809 INFO L290 TraceCheckUtils]: 106: Hoare triple {26157#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {26157#true} is VALID [2022-02-20 18:02:43,809 INFO L290 TraceCheckUtils]: 107: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:43,809 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {26157#true} {26158#false} #1137#return; {26158#false} is VALID [2022-02-20 18:02:43,809 INFO L290 TraceCheckUtils]: 109: Hoare triple {26158#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {26158#false} is VALID [2022-02-20 18:02:43,809 INFO L290 TraceCheckUtils]: 110: Hoare triple {26158#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {26158#false} is VALID [2022-02-20 18:02:43,809 INFO L290 TraceCheckUtils]: 111: Hoare triple {26158#false} assume !false; {26158#false} is VALID [2022-02-20 18:02:43,809 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-02-20 18:02:43,810 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:43,810 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [268124568] [2022-02-20 18:02:43,810 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [268124568] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:43,810 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1699280564] [2022-02-20 18:02:43,810 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:43,810 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:43,811 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:43,812 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:43,813 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:02:43,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,001 INFO L263 TraceCheckSpWp]: Trace formula consists of 1078 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:02:44,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:44,042 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:44,281 INFO L290 TraceCheckUtils]: 0: Hoare triple {26157#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {26157#true} is VALID [2022-02-20 18:02:44,281 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {26157#true} is VALID [2022-02-20 18:02:44,283 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 3: Hoare triple {26157#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 4: Hoare triple {26157#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 5: Hoare triple {26157#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L272 TraceCheckUtils]: 6: Hoare triple {26157#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 7: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 8: Hoare triple {26157#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 9: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {26157#true} {26157#true} #1151#return; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 11: Hoare triple {26157#true} assume { :end_inline_setup_bob__wrappee__Base } true; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L272 TraceCheckUtils]: 12: Hoare triple {26157#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 13: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 14: Hoare triple {26157#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 15: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {26157#true} {26157#true} #1153#return; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 17: Hoare triple {26157#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L272 TraceCheckUtils]: 18: Hoare triple {26157#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 19: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 20: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 21: Hoare triple {26157#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,284 INFO L290 TraceCheckUtils]: 22: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {26157#true} {26157#true} #1155#return; {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L290 TraceCheckUtils]: 24: Hoare triple {26157#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L272 TraceCheckUtils]: 25: Hoare triple {26157#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L290 TraceCheckUtils]: 26: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L290 TraceCheckUtils]: 27: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L290 TraceCheckUtils]: 28: Hoare triple {26157#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L290 TraceCheckUtils]: 29: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {26157#true} {26157#true} #1157#return; {26157#true} is VALID [2022-02-20 18:02:44,285 INFO L290 TraceCheckUtils]: 31: Hoare triple {26157#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26157#true} is VALID [2022-02-20 18:02:44,290 INFO L272 TraceCheckUtils]: 32: Hoare triple {26157#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26157#true} is VALID [2022-02-20 18:02:44,290 INFO L290 TraceCheckUtils]: 33: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,290 INFO L290 TraceCheckUtils]: 34: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,290 INFO L290 TraceCheckUtils]: 35: Hoare triple {26157#true} assume !(2 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 36: Hoare triple {26157#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 37: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26157#true} {26157#true} #1159#return; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 39: Hoare triple {26157#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L272 TraceCheckUtils]: 40: Hoare triple {26157#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 41: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 42: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 43: Hoare triple {26157#true} assume !(2 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 44: Hoare triple {26157#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 45: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {26157#true} {26157#true} #1161#return; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 47: Hoare triple {26157#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {26157#true} is VALID [2022-02-20 18:02:44,291 INFO L290 TraceCheckUtils]: 48: Hoare triple {26157#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26368#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:44,292 INFO L290 TraceCheckUtils]: 49: Hoare triple {26368#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {26368#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:44,292 INFO L290 TraceCheckUtils]: 50: Hoare triple {26368#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {26368#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:44,292 INFO L290 TraceCheckUtils]: 51: Hoare triple {26368#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,293 INFO L290 TraceCheckUtils]: 52: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,293 INFO L290 TraceCheckUtils]: 53: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,293 INFO L290 TraceCheckUtils]: 54: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,293 INFO L290 TraceCheckUtils]: 55: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,294 INFO L290 TraceCheckUtils]: 56: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,294 INFO L290 TraceCheckUtils]: 57: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,294 INFO L290 TraceCheckUtils]: 58: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,294 INFO L290 TraceCheckUtils]: 59: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 60: Hoare triple {26378#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 61: Hoare triple {26158#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L272 TraceCheckUtils]: 62: Hoare triple {26158#false} call sendEmail(~bob~0, ~rjh~0); {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 63: Hoare triple {26158#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L272 TraceCheckUtils]: 64: Hoare triple {26158#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 65: Hoare triple {26158#false} ~handle := #in~handle;~value := #in~value; {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 66: Hoare triple {26158#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 67: Hoare triple {26158#false} assume true; {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {26158#false} {26158#false} #1119#return; {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L272 TraceCheckUtils]: 69: Hoare triple {26158#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 70: Hoare triple {26158#false} ~handle := #in~handle;~value := #in~value; {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 71: Hoare triple {26158#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26158#false} is VALID [2022-02-20 18:02:44,295 INFO L290 TraceCheckUtils]: 72: Hoare triple {26158#false} assume true; {26158#false} is VALID [2022-02-20 18:02:44,296 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {26158#false} {26158#false} #1121#return; {26158#false} is VALID [2022-02-20 18:02:44,296 INFO L290 TraceCheckUtils]: 74: Hoare triple {26158#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {26158#false} is VALID [2022-02-20 18:02:44,296 INFO L290 TraceCheckUtils]: 75: Hoare triple {26158#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {26158#false} is VALID [2022-02-20 18:02:44,296 INFO L272 TraceCheckUtils]: 76: Hoare triple {26158#false} call outgoing(~sender#1, ~email~0#1); {26158#false} is VALID [2022-02-20 18:02:44,296 INFO L290 TraceCheckUtils]: 77: Hoare triple {26158#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {26158#false} is VALID [2022-02-20 18:02:44,296 INFO L290 TraceCheckUtils]: 78: Hoare triple {26158#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {26158#false} is VALID [2022-02-20 18:02:44,297 INFO L290 TraceCheckUtils]: 79: Hoare triple {26158#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {26158#false} is VALID [2022-02-20 18:02:44,297 INFO L290 TraceCheckUtils]: 80: Hoare triple {26158#false} assume 0 == sign_~privkey~0#1; {26158#false} is VALID [2022-02-20 18:02:44,297 INFO L290 TraceCheckUtils]: 81: Hoare triple {26158#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {26158#false} is VALID [2022-02-20 18:02:44,297 INFO L272 TraceCheckUtils]: 82: Hoare triple {26158#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {26158#false} is VALID [2022-02-20 18:02:44,306 INFO L290 TraceCheckUtils]: 83: Hoare triple {26158#false} ~handle := #in~handle;havoc ~retValue_acc~25; {26158#false} is VALID [2022-02-20 18:02:44,306 INFO L290 TraceCheckUtils]: 84: Hoare triple {26158#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {26158#false} is VALID [2022-02-20 18:02:44,306 INFO L290 TraceCheckUtils]: 85: Hoare triple {26158#false} assume true; {26158#false} is VALID [2022-02-20 18:02:44,306 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {26158#false} {26158#false} #1101#return; {26158#false} is VALID [2022-02-20 18:02:44,306 INFO L290 TraceCheckUtils]: 87: Hoare triple {26158#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {26158#false} is VALID [2022-02-20 18:02:44,306 INFO L290 TraceCheckUtils]: 88: Hoare triple {26158#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L272 TraceCheckUtils]: 89: Hoare triple {26158#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L290 TraceCheckUtils]: 90: Hoare triple {26158#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L290 TraceCheckUtils]: 91: Hoare triple {26158#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L290 TraceCheckUtils]: 92: Hoare triple {26158#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L272 TraceCheckUtils]: 93: Hoare triple {26158#false} call setEmailFrom(~msg#1, ~tmp~1#1); {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L290 TraceCheckUtils]: 94: Hoare triple {26158#false} ~handle := #in~handle;~value := #in~value; {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L290 TraceCheckUtils]: 95: Hoare triple {26158#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L290 TraceCheckUtils]: 96: Hoare triple {26158#false} assume true; {26158#false} is VALID [2022-02-20 18:02:44,307 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {26158#false} {26158#false} #1133#return; {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L290 TraceCheckUtils]: 98: Hoare triple {26158#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L272 TraceCheckUtils]: 99: Hoare triple {26158#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L290 TraceCheckUtils]: 100: Hoare triple {26158#false} ~handle := #in~handle;havoc ~retValue_acc~12; {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L290 TraceCheckUtils]: 101: Hoare triple {26158#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L290 TraceCheckUtils]: 102: Hoare triple {26158#false} assume true; {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {26158#false} {26158#false} #1135#return; {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L290 TraceCheckUtils]: 104: Hoare triple {26158#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L272 TraceCheckUtils]: 105: Hoare triple {26158#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {26158#false} is VALID [2022-02-20 18:02:44,308 INFO L290 TraceCheckUtils]: 106: Hoare triple {26158#false} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {26158#false} is VALID [2022-02-20 18:02:44,309 INFO L290 TraceCheckUtils]: 107: Hoare triple {26158#false} assume true; {26158#false} is VALID [2022-02-20 18:02:44,309 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {26158#false} {26158#false} #1137#return; {26158#false} is VALID [2022-02-20 18:02:44,309 INFO L290 TraceCheckUtils]: 109: Hoare triple {26158#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {26158#false} is VALID [2022-02-20 18:02:44,309 INFO L290 TraceCheckUtils]: 110: Hoare triple {26158#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {26158#false} is VALID [2022-02-20 18:02:44,309 INFO L290 TraceCheckUtils]: 111: Hoare triple {26158#false} assume !false; {26158#false} is VALID [2022-02-20 18:02:44,309 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:44,309 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:02:44,630 INFO L290 TraceCheckUtils]: 111: Hoare triple {26158#false} assume !false; {26158#false} is VALID [2022-02-20 18:02:44,631 INFO L290 TraceCheckUtils]: 110: Hoare triple {26158#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {26158#false} is VALID [2022-02-20 18:02:44,631 INFO L290 TraceCheckUtils]: 109: Hoare triple {26158#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret28#1 && __utac_acc__EncryptVerify_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret28#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1; {26158#false} is VALID [2022-02-20 18:02:44,631 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {26157#true} {26158#false} #1137#return; {26158#false} is VALID [2022-02-20 18:02:44,631 INFO L290 TraceCheckUtils]: 107: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,631 INFO L290 TraceCheckUtils]: 106: Hoare triple {26157#true} ~msg := #in~msg;havoc ~retValue_acc~6;~retValue_acc~6 := 1;#res := ~retValue_acc~6; {26157#true} is VALID [2022-02-20 18:02:44,631 INFO L272 TraceCheckUtils]: 105: Hoare triple {26158#false} call __utac_acc__EncryptVerify_spec__1_#t~ret28#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 104: Hoare triple {26158#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_#t~ret26#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~8#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~8#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret28#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {26157#true} {26158#false} #1135#return; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 102: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 101: Hoare triple {26157#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_to0~0;#res := ~retValue_acc~12; {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 100: Hoare triple {26157#true} ~handle := #in~handle;havoc ~retValue_acc~12; {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L272 TraceCheckUtils]: 99: Hoare triple {26158#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 98: Hoare triple {26158#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {26157#true} {26158#false} #1133#return; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 96: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 95: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 94: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L272 TraceCheckUtils]: 93: Hoare triple {26158#false} call setEmailFrom(~msg#1, ~tmp~1#1); {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 92: Hoare triple {26158#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 91: Hoare triple {26158#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 90: Hoare triple {26158#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L272 TraceCheckUtils]: 89: Hoare triple {26158#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 88: Hoare triple {26158#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 87: Hoare triple {26158#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {26157#true} {26158#false} #1101#return; {26158#false} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 85: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 84: Hoare triple {26157#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {26157#true} is VALID [2022-02-20 18:02:44,632 INFO L290 TraceCheckUtils]: 83: Hoare triple {26157#true} ~handle := #in~handle;havoc ~retValue_acc~25; {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L272 TraceCheckUtils]: 82: Hoare triple {26158#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 81: Hoare triple {26158#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 80: Hoare triple {26158#false} assume 0 == sign_~privkey~0#1; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 79: Hoare triple {26158#false} sign_#t~ret20#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret20#1 && sign_#t~ret20#1 <= 2147483647;sign_~tmp~7#1 := sign_#t~ret20#1;havoc sign_#t~ret20#1;sign_~privkey~0#1 := sign_~tmp~7#1; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 78: Hoare triple {26158#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~31#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~31#1; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 77: Hoare triple {26158#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret20#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~7#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~7#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~31#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~31#1; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L272 TraceCheckUtils]: 76: Hoare triple {26158#false} call outgoing(~sender#1, ~email~0#1); {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 75: Hoare triple {26158#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 74: Hoare triple {26158#false} createEmail_~retValue_acc~8#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~8#1; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {26157#true} {26158#false} #1121#return; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 72: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 71: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 70: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L272 TraceCheckUtils]: 69: Hoare triple {26158#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {26157#true} {26158#false} #1119#return; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 67: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 66: Hoare triple {26157#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 65: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L272 TraceCheckUtils]: 64: Hoare triple {26158#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26157#true} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 63: Hoare triple {26158#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~8#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~8#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L272 TraceCheckUtils]: 62: Hoare triple {26158#false} call sendEmail(~bob~0, ~rjh~0); {26158#false} is VALID [2022-02-20 18:02:44,633 INFO L290 TraceCheckUtils]: 61: Hoare triple {26158#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret69#1, bobToRjh_#t~ret70#1, bobToRjh_#t~ret71#1, bobToRjh_#t~ret72#1, bobToRjh_~tmp~18#1, bobToRjh_~tmp___0~4#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~18#1;havoc bobToRjh_~tmp___0~4#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret69#1 := puts(30, 0);assume -2147483648 <= bobToRjh_#t~ret69#1 && bobToRjh_#t~ret69#1 <= 2147483647;havoc bobToRjh_#t~ret69#1; {26158#false} is VALID [2022-02-20 18:02:44,634 INFO L290 TraceCheckUtils]: 60: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {26158#false} is VALID [2022-02-20 18:02:44,634 INFO L290 TraceCheckUtils]: 59: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,634 INFO L290 TraceCheckUtils]: 58: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,634 INFO L290 TraceCheckUtils]: 57: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,635 INFO L290 TraceCheckUtils]: 56: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,635 INFO L290 TraceCheckUtils]: 55: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,635 INFO L290 TraceCheckUtils]: 54: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet91#1 && test_#t~nondet91#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet91#1;havoc test_#t~nondet91#1; {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,635 INFO L290 TraceCheckUtils]: 53: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,636 INFO L290 TraceCheckUtils]: 52: Hoare triple {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet90#1 && test_#t~nondet90#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet90#1;havoc test_#t~nondet90#1; {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,636 INFO L290 TraceCheckUtils]: 51: Hoare triple {26740#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26712#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:44,636 INFO L290 TraceCheckUtils]: 50: Hoare triple {26740#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {26740#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 49: Hoare triple {26740#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {26740#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 48: Hoare triple {26157#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~6#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~6#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26740#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 47: Hoare triple {26157#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 34, 0;havoc setup_#t~nondet76#1; {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {26157#true} {26157#true} #1161#return; {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 45: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 44: Hoare triple {26157#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 43: Hoare triple {26157#true} assume !(2 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 42: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 41: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L272 TraceCheckUtils]: 40: Hoare triple {26157#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L290 TraceCheckUtils]: 39: Hoare triple {26157#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {26157#true} is VALID [2022-02-20 18:02:44,637 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26157#true} {26157#true} #1159#return; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 37: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 36: Hoare triple {26157#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 35: Hoare triple {26157#true} assume !(2 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 34: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 33: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L272 TraceCheckUtils]: 32: Hoare triple {26157#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 31: Hoare triple {26157#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 33, 0;havoc setup_#t~nondet75#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {26157#true} {26157#true} #1157#return; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 29: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 28: Hoare triple {26157#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 27: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 26: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L272 TraceCheckUtils]: 25: Hoare triple {26157#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 24: Hoare triple {26157#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {26157#true} {26157#true} #1155#return; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 22: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 21: Hoare triple {26157#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 20: Hoare triple {26157#true} assume !(1 == ~handle); {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 19: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L272 TraceCheckUtils]: 18: Hoare triple {26157#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 17: Hoare triple {26157#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 32, 0;havoc setup_#t~nondet74#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {26157#true} {26157#true} #1153#return; {26157#true} is VALID [2022-02-20 18:02:44,638 INFO L290 TraceCheckUtils]: 15: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 14: Hoare triple {26157#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 13: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L272 TraceCheckUtils]: 12: Hoare triple {26157#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 11: Hoare triple {26157#true} assume { :end_inline_setup_bob__wrappee__Base } true; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {26157#true} {26157#true} #1151#return; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 9: Hoare triple {26157#true} assume true; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 8: Hoare triple {26157#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 7: Hoare triple {26157#true} ~handle := #in~handle;~value := #in~value; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L272 TraceCheckUtils]: 6: Hoare triple {26157#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 5: Hoare triple {26157#true} assume 0 != main_~tmp~19#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet74#1, setup_#t~nondet75#1, setup_#t~nondet76#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 4: Hoare triple {26157#true} main_#t~ret78#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret78#1 && main_#t~ret78#1 <= 2147483647;main_~tmp~19#1 := main_#t~ret78#1;havoc main_#t~ret78#1; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 3: Hoare triple {26157#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~21#1;havoc valid_product_~retValue_acc~21#1;valid_product_~retValue_acc~21#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~21#1; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 2: Hoare triple {26157#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 1: Hoare triple {26157#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet77#1, main_#t~ret78#1, main_~retValue_acc~42#1, main_~tmp~19#1;assume -2147483648 <= main_#t~nondet77#1 && main_#t~nondet77#1 <= 2147483647;main_~retValue_acc~42#1 := main_#t~nondet77#1;havoc main_#t~nondet77#1;havoc main_~tmp~19#1;assume { :begin_inline_select_helpers } true; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {26157#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(10, 11);call #Ultimate.allocInit(12, 12);call #Ultimate.allocInit(10, 13);call #Ultimate.allocInit(18, 14);call #Ultimate.allocInit(13, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(21, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(21, 23);call #Ultimate.allocInit(30, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(25, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(25, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(44, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(11, 34);call #Ultimate.allocInit(19, 35);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(100, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {26157#true} is VALID [2022-02-20 18:02:44,639 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:44,640 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1699280564] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:02:44,640 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:02:44,640 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 18:02:44,640 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1824343370] [2022-02-20 18:02:44,640 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:02:44,640 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 8.928571428571429) internal successors, (125), 11 states have internal predecessors, (125), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) Word has length 112 [2022-02-20 18:02:44,659 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:44,660 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 14 states have (on average 8.928571428571429) internal successors, (125), 11 states have internal predecessors, (125), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22) [2022-02-20 18:02:44,755 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 177 edges. 177 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:44,755 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:02:44,755 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:44,756 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:02:44,756 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:02:44,756 INFO L87 Difference]: Start difference. First operand 432 states and 680 transitions. Second operand has 15 states, 14 states have (on average 8.928571428571429) internal successors, (125), 11 states have internal predecessors, (125), 4 states have call successors, (30), 6 states have call predecessors, (30), 3 states have return successors, (22), 3 states have call predecessors, (22), 4 states have call successors, (22)