./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec7_product25.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec7_product25.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 6fd6d1c71ba5dc2d3b9a29abb89e94ab4329c839d1f475ee44ea6eb34f32fbde --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:02:00,276 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:02:00,277 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:02:00,296 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:02:00,297 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:02:00,297 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:02:00,298 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:02:00,299 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:02:00,301 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:02:00,301 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:02:00,302 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:02:00,303 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:02:00,303 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:02:00,304 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:02:00,304 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:02:00,305 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:02:00,306 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:02:00,306 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:02:00,307 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:02:00,308 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:02:00,309 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:02:00,310 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:02:00,311 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:02:00,311 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:02:00,313 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:02:00,313 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:02:00,313 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:02:00,314 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:02:00,314 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:02:00,315 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:02:00,315 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:02:00,316 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:02:00,316 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:02:00,317 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:02:00,317 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:02:00,318 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:02:00,318 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:02:00,318 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:02:00,319 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:02:00,319 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:02:00,320 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:02:00,320 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:02:00,337 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:02:00,338 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:02:00,338 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:02:00,338 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:02:00,339 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:02:00,339 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:02:00,339 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:02:00,339 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:02:00,340 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:02:00,340 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:02:00,340 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:02:00,340 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:02:00,340 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:02:00,341 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:02:00,341 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:02:00,341 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:02:00,341 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:02:00,341 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:02:00,342 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:02:00,342 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:02:00,342 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:02:00,342 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:02:00,342 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:02:00,343 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:02:00,343 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:02:00,343 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:02:00,343 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:02:00,343 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:02:00,344 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:02:00,344 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:02:00,344 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:02:00,344 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:02:00,344 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:02:00,345 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 6fd6d1c71ba5dc2d3b9a29abb89e94ab4329c839d1f475ee44ea6eb34f32fbde [2022-02-20 18:02:00,531 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:02:00,545 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:02:00,546 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:02:00,547 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:02:00,563 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:02:00,564 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec7_product25.cil.c [2022-02-20 18:02:00,623 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/0f8bb89eb/acf9a4872bd34cddba46d81c5373815c/FLAG09633f22f [2022-02-20 18:02:01,090 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:02:01,091 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product25.cil.c [2022-02-20 18:02:01,109 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/0f8bb89eb/acf9a4872bd34cddba46d81c5373815c/FLAG09633f22f [2022-02-20 18:02:01,122 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/0f8bb89eb/acf9a4872bd34cddba46d81c5373815c [2022-02-20 18:02:01,125 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:02:01,126 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:02:01,127 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:02:01,127 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:02:01,129 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:02:01,130 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,131 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@38787628 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01, skipping insertion in model container [2022-02-20 18:02:01,131 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,136 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:02:01,190 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:02:01,417 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product25.cil.c[8804,8817] [2022-02-20 18:02:01,613 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:02:01,624 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:02:01,649 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product25.cil.c[8804,8817] [2022-02-20 18:02:01,712 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:02:01,732 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:02:01,733 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01 WrapperNode [2022-02-20 18:02:01,733 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:02:01,734 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:02:01,734 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:02:01,734 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:02:01,739 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,768 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,824 INFO L137 Inliner]: procedures = 130, calls = 215, calls flagged for inlining = 61, calls inlined = 58, statements flattened = 1068 [2022-02-20 18:02:01,825 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:02:01,825 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:02:01,825 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:02:01,825 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:02:01,836 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,836 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,840 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,840 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,878 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,901 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,905 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,910 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:02:01,924 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:02:01,924 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:02:01,924 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:02:01,925 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (1/1) ... [2022-02-20 18:02:01,935 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:02:01,944 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:01,975 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:02:01,986 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:02:02,005 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:02:02,005 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:02:02,005 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:02:02,005 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:02:02,005 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Keys [2022-02-20 18:02:02,005 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Keys [2022-02-20 18:02:02,006 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:02:02,006 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:02:02,006 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:02:02,006 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:02:02,006 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:02:02,006 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:02:02,006 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:02:02,006 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:02:02,007 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:02:02,007 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:02:02,007 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:02:02,007 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:02:02,007 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:02:02,007 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:02:02,007 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:02:02,007 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:02:02,008 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:02:02,008 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:02:02,008 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:02:02,008 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:02:02,008 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:02:02,008 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:02:02,008 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:02:02,008 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:02:02,009 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:02:02,009 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:02:02,009 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:02:02,018 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:02:02,018 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:02:02,018 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:02:02,018 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:02:02,018 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:02:02,018 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:02:02,018 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:02:02,019 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:02:02,019 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:02:02,019 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:02:02,019 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:02:02,019 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:02:02,019 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:02:02,019 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:02:02,247 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:02:02,248 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:02:03,013 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:02:03,021 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:02:03,022 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:02:03,023 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:02:03 BoogieIcfgContainer [2022-02-20 18:02:03,023 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:02:03,024 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:02:03,024 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:02:03,027 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:02:03,027 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:02:01" (1/3) ... [2022-02-20 18:02:03,028 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7e01bde3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:02:03, skipping insertion in model container [2022-02-20 18:02:03,028 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:01" (2/3) ... [2022-02-20 18:02:03,029 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7e01bde3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:02:03, skipping insertion in model container [2022-02-20 18:02:03,029 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:02:03" (3/3) ... [2022-02-20 18:02:03,030 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec7_product25.cil.c [2022-02-20 18:02:03,033 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:02:03,034 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:02:03,076 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:02:03,081 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:02:03,082 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:02:03,102 INFO L276 IsEmpty]: Start isEmpty. Operand has 379 states, 302 states have (on average 1.5695364238410596) internal successors, (474), 305 states have internal predecessors, (474), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (54), 53 states have call predecessors, (54), 54 states have call successors, (54) [2022-02-20 18:02:03,112 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 96 [2022-02-20 18:02:03,112 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:03,113 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:03,113 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:03,116 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:03,117 INFO L85 PathProgramCache]: Analyzing trace with hash 673658076, now seen corresponding path program 1 times [2022-02-20 18:02:03,123 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:03,123 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1478302129] [2022-02-20 18:02:03,123 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:03,124 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:03,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,390 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:03,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,410 INFO L290 TraceCheckUtils]: 0: Hoare triple {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,411 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,411 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,411 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {382#true} #1197#return; {382#true} is VALID [2022-02-20 18:02:03,418 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:03,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,433 INFO L290 TraceCheckUtils]: 0: Hoare triple {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,433 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,434 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {382#true} #1199#return; {382#true} is VALID [2022-02-20 18:02:03,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:03,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,462 INFO L290 TraceCheckUtils]: 0: Hoare triple {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {434#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,462 INFO L290 TraceCheckUtils]: 1: Hoare triple {434#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {435#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:03,463 INFO L290 TraceCheckUtils]: 2: Hoare triple {435#(= |setClientId_#in~handle| 1)} assume true; {435#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:03,463 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {435#(= |setClientId_#in~handle| 1)} {392#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1201#return; {383#false} is VALID [2022-02-20 18:02:03,464 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:03,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,486 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,486 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {383#false} #1203#return; {383#false} is VALID [2022-02-20 18:02:03,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:03,489 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {383#false} #1205#return; {383#false} is VALID [2022-02-20 18:02:03,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:03,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,496 INFO L290 TraceCheckUtils]: 0: Hoare triple {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,497 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,497 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {383#false} #1207#return; {383#false} is VALID [2022-02-20 18:02:03,504 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:02:03,505 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,507 INFO L290 TraceCheckUtils]: 0: Hoare triple {436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,508 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {383#false} #1157#return; {383#false} is VALID [2022-02-20 18:02:03,515 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:02:03,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,518 INFO L290 TraceCheckUtils]: 0: Hoare triple {437#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,519 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {383#false} #1159#return; {383#false} is VALID [2022-02-20 18:02:03,519 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:02:03,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,522 INFO L290 TraceCheckUtils]: 0: Hoare triple {382#true} ~handle := #in~handle;havoc ~retValue_acc~11; {382#true} is VALID [2022-02-20 18:02:03,523 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {382#true} is VALID [2022-02-20 18:02:03,523 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,523 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {383#false} #1139#return; {383#false} is VALID [2022-02-20 18:02:03,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:02:03,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,545 INFO L290 TraceCheckUtils]: 0: Hoare triple {436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,545 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,545 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,545 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {383#false} #1163#return; {383#false} is VALID [2022-02-20 18:02:03,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:02:03,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,549 INFO L290 TraceCheckUtils]: 0: Hoare triple {382#true} ~handle := #in~handle;havoc ~retValue_acc~32; {382#true} is VALID [2022-02-20 18:02:03,550 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {382#true} is VALID [2022-02-20 18:02:03,550 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,550 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {382#true} {383#false} #1165#return; {383#false} is VALID [2022-02-20 18:02:03,550 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:02:03,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {382#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {382#true} is VALID [2022-02-20 18:02:03,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,569 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {382#true} {383#false} #1167#return; {383#false} is VALID [2022-02-20 18:02:03,570 INFO L290 TraceCheckUtils]: 0: Hoare triple {382#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {382#true} is VALID [2022-02-20 18:02:03,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {382#true} is VALID [2022-02-20 18:02:03,570 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {382#true} is VALID [2022-02-20 18:02:03,570 INFO L290 TraceCheckUtils]: 3: Hoare triple {382#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {382#true} is VALID [2022-02-20 18:02:03,571 INFO L290 TraceCheckUtils]: 4: Hoare triple {382#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {382#true} is VALID [2022-02-20 18:02:03,571 INFO L290 TraceCheckUtils]: 5: Hoare triple {382#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {382#true} is VALID [2022-02-20 18:02:03,572 INFO L272 TraceCheckUtils]: 6: Hoare triple {382#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,572 INFO L290 TraceCheckUtils]: 7: Hoare triple {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,572 INFO L290 TraceCheckUtils]: 8: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,573 INFO L290 TraceCheckUtils]: 9: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,573 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {382#true} {382#true} #1197#return; {382#true} is VALID [2022-02-20 18:02:03,573 INFO L290 TraceCheckUtils]: 11: Hoare triple {382#true} assume { :end_inline_setup_bob__wrappee__Base } true; {382#true} is VALID [2022-02-20 18:02:03,574 INFO L272 TraceCheckUtils]: 12: Hoare triple {382#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:03,574 INFO L290 TraceCheckUtils]: 13: Hoare triple {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,574 INFO L290 TraceCheckUtils]: 14: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,574 INFO L290 TraceCheckUtils]: 15: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,574 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {382#true} {382#true} #1199#return; {382#true} is VALID [2022-02-20 18:02:03,575 INFO L290 TraceCheckUtils]: 17: Hoare triple {382#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {392#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:03,576 INFO L272 TraceCheckUtils]: 18: Hoare triple {392#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,576 INFO L290 TraceCheckUtils]: 19: Hoare triple {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {434#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:03,577 INFO L290 TraceCheckUtils]: 20: Hoare triple {434#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {435#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:03,577 INFO L290 TraceCheckUtils]: 21: Hoare triple {435#(= |setClientId_#in~handle| 1)} assume true; {435#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:03,578 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {435#(= |setClientId_#in~handle| 1)} {392#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1201#return; {383#false} is VALID [2022-02-20 18:02:03,578 INFO L290 TraceCheckUtils]: 23: Hoare triple {383#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {383#false} is VALID [2022-02-20 18:02:03,578 INFO L272 TraceCheckUtils]: 24: Hoare triple {383#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:03,578 INFO L290 TraceCheckUtils]: 25: Hoare triple {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,579 INFO L290 TraceCheckUtils]: 26: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,579 INFO L290 TraceCheckUtils]: 27: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,580 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {382#true} {383#false} #1203#return; {383#false} is VALID [2022-02-20 18:02:03,580 INFO L290 TraceCheckUtils]: 29: Hoare triple {383#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {383#false} is VALID [2022-02-20 18:02:03,580 INFO L272 TraceCheckUtils]: 30: Hoare triple {383#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:03,581 INFO L290 TraceCheckUtils]: 31: Hoare triple {432#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,581 INFO L290 TraceCheckUtils]: 32: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,581 INFO L290 TraceCheckUtils]: 33: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,581 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {382#true} {383#false} #1205#return; {383#false} is VALID [2022-02-20 18:02:03,581 INFO L290 TraceCheckUtils]: 35: Hoare triple {383#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {383#false} is VALID [2022-02-20 18:02:03,581 INFO L272 TraceCheckUtils]: 36: Hoare triple {383#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:03,582 INFO L290 TraceCheckUtils]: 37: Hoare triple {433#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,582 INFO L290 TraceCheckUtils]: 38: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,584 INFO L290 TraceCheckUtils]: 39: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,584 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {382#true} {383#false} #1207#return; {383#false} is VALID [2022-02-20 18:02:03,585 INFO L290 TraceCheckUtils]: 41: Hoare triple {383#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {383#false} is VALID [2022-02-20 18:02:03,585 INFO L290 TraceCheckUtils]: 42: Hoare triple {383#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {383#false} is VALID [2022-02-20 18:02:03,585 INFO L290 TraceCheckUtils]: 43: Hoare triple {383#false} assume !true; {383#false} is VALID [2022-02-20 18:02:03,585 INFO L290 TraceCheckUtils]: 44: Hoare triple {383#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {383#false} is VALID [2022-02-20 18:02:03,586 INFO L272 TraceCheckUtils]: 45: Hoare triple {383#false} call sendEmail(~bob~0, ~rjh~0); {383#false} is VALID [2022-02-20 18:02:03,586 INFO L290 TraceCheckUtils]: 46: Hoare triple {383#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {383#false} is VALID [2022-02-20 18:02:03,586 INFO L272 TraceCheckUtils]: 47: Hoare triple {383#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:03,586 INFO L290 TraceCheckUtils]: 48: Hoare triple {436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,586 INFO L290 TraceCheckUtils]: 49: Hoare triple {382#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,586 INFO L290 TraceCheckUtils]: 50: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,587 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {382#true} {383#false} #1157#return; {383#false} is VALID [2022-02-20 18:02:03,587 INFO L272 TraceCheckUtils]: 52: Hoare triple {383#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {437#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:03,587 INFO L290 TraceCheckUtils]: 53: Hoare triple {437#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,587 INFO L290 TraceCheckUtils]: 54: Hoare triple {382#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,587 INFO L290 TraceCheckUtils]: 55: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,587 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {382#true} {383#false} #1159#return; {383#false} is VALID [2022-02-20 18:02:03,588 INFO L290 TraceCheckUtils]: 57: Hoare triple {383#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {383#false} is VALID [2022-02-20 18:02:03,588 INFO L290 TraceCheckUtils]: 58: Hoare triple {383#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {383#false} is VALID [2022-02-20 18:02:03,588 INFO L272 TraceCheckUtils]: 59: Hoare triple {383#false} call outgoing(~sender#1, ~email~0#1); {383#false} is VALID [2022-02-20 18:02:03,588 INFO L290 TraceCheckUtils]: 60: Hoare triple {383#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {383#false} is VALID [2022-02-20 18:02:03,588 INFO L290 TraceCheckUtils]: 61: Hoare triple {383#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {383#false} is VALID [2022-02-20 18:02:03,588 INFO L290 TraceCheckUtils]: 62: Hoare triple {383#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {383#false} is VALID [2022-02-20 18:02:03,588 INFO L290 TraceCheckUtils]: 63: Hoare triple {383#false} assume 0 == sign_~privkey~0#1; {383#false} is VALID [2022-02-20 18:02:03,589 INFO L290 TraceCheckUtils]: 64: Hoare triple {383#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {383#false} is VALID [2022-02-20 18:02:03,589 INFO L272 TraceCheckUtils]: 65: Hoare triple {383#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {382#true} is VALID [2022-02-20 18:02:03,589 INFO L290 TraceCheckUtils]: 66: Hoare triple {382#true} ~handle := #in~handle;havoc ~retValue_acc~11; {382#true} is VALID [2022-02-20 18:02:03,589 INFO L290 TraceCheckUtils]: 67: Hoare triple {382#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {382#true} is VALID [2022-02-20 18:02:03,589 INFO L290 TraceCheckUtils]: 68: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,589 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {382#true} {383#false} #1139#return; {383#false} is VALID [2022-02-20 18:02:03,589 INFO L290 TraceCheckUtils]: 70: Hoare triple {383#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {383#false} is VALID [2022-02-20 18:02:03,589 INFO L290 TraceCheckUtils]: 71: Hoare triple {383#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {383#false} is VALID [2022-02-20 18:02:03,589 INFO L272 TraceCheckUtils]: 72: Hoare triple {383#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {383#false} is VALID [2022-02-20 18:02:03,590 INFO L290 TraceCheckUtils]: 73: Hoare triple {383#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {383#false} is VALID [2022-02-20 18:02:03,590 INFO L290 TraceCheckUtils]: 74: Hoare triple {383#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {383#false} is VALID [2022-02-20 18:02:03,590 INFO L290 TraceCheckUtils]: 75: Hoare triple {383#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {383#false} is VALID [2022-02-20 18:02:03,590 INFO L272 TraceCheckUtils]: 76: Hoare triple {383#false} call setEmailFrom(~msg#1, ~tmp~1#1); {436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:03,590 INFO L290 TraceCheckUtils]: 77: Hoare triple {436#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:03,590 INFO L290 TraceCheckUtils]: 78: Hoare triple {382#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:03,590 INFO L290 TraceCheckUtils]: 79: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,590 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {382#true} {383#false} #1163#return; {383#false} is VALID [2022-02-20 18:02:03,590 INFO L290 TraceCheckUtils]: 81: Hoare triple {383#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {383#false} is VALID [2022-02-20 18:02:03,591 INFO L272 TraceCheckUtils]: 82: Hoare triple {383#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {382#true} is VALID [2022-02-20 18:02:03,591 INFO L290 TraceCheckUtils]: 83: Hoare triple {382#true} ~handle := #in~handle;havoc ~retValue_acc~32; {382#true} is VALID [2022-02-20 18:02:03,591 INFO L290 TraceCheckUtils]: 84: Hoare triple {382#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {382#true} is VALID [2022-02-20 18:02:03,591 INFO L290 TraceCheckUtils]: 85: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,591 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {382#true} {383#false} #1165#return; {383#false} is VALID [2022-02-20 18:02:03,591 INFO L290 TraceCheckUtils]: 87: Hoare triple {383#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {383#false} is VALID [2022-02-20 18:02:03,592 INFO L272 TraceCheckUtils]: 88: Hoare triple {383#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {382#true} is VALID [2022-02-20 18:02:03,592 INFO L290 TraceCheckUtils]: 89: Hoare triple {382#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {382#true} is VALID [2022-02-20 18:02:03,592 INFO L290 TraceCheckUtils]: 90: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:03,592 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {382#true} {383#false} #1167#return; {383#false} is VALID [2022-02-20 18:02:03,592 INFO L290 TraceCheckUtils]: 92: Hoare triple {383#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {383#false} is VALID [2022-02-20 18:02:03,592 INFO L290 TraceCheckUtils]: 93: Hoare triple {383#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {383#false} is VALID [2022-02-20 18:02:03,593 INFO L290 TraceCheckUtils]: 94: Hoare triple {383#false} assume !false; {383#false} is VALID [2022-02-20 18:02:03,593 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:02:03,594 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:03,594 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1478302129] [2022-02-20 18:02:03,594 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1478302129] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:03,595 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1669936710] [2022-02-20 18:02:03,595 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:03,595 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:03,595 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:03,597 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:03,597 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:02:03,889 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,894 INFO L263 TraceCheckSpWp]: Trace formula consists of 1037 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:02:03,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:03,984 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:04,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {382#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {382#true} is VALID [2022-02-20 18:02:04,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {382#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {382#true} is VALID [2022-02-20 18:02:04,233 INFO L290 TraceCheckUtils]: 2: Hoare triple {382#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {382#true} is VALID [2022-02-20 18:02:04,233 INFO L290 TraceCheckUtils]: 3: Hoare triple {382#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {382#true} is VALID [2022-02-20 18:02:04,233 INFO L290 TraceCheckUtils]: 4: Hoare triple {382#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {382#true} is VALID [2022-02-20 18:02:04,233 INFO L290 TraceCheckUtils]: 5: Hoare triple {382#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {382#true} is VALID [2022-02-20 18:02:04,233 INFO L272 TraceCheckUtils]: 6: Hoare triple {382#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {382#true} is VALID [2022-02-20 18:02:04,234 INFO L290 TraceCheckUtils]: 7: Hoare triple {382#true} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:04,234 INFO L290 TraceCheckUtils]: 8: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:04,234 INFO L290 TraceCheckUtils]: 9: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:04,234 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {382#true} {382#true} #1197#return; {382#true} is VALID [2022-02-20 18:02:04,234 INFO L290 TraceCheckUtils]: 11: Hoare triple {382#true} assume { :end_inline_setup_bob__wrappee__Base } true; {382#true} is VALID [2022-02-20 18:02:04,234 INFO L272 TraceCheckUtils]: 12: Hoare triple {382#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {382#true} is VALID [2022-02-20 18:02:04,235 INFO L290 TraceCheckUtils]: 13: Hoare triple {382#true} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:04,235 INFO L290 TraceCheckUtils]: 14: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:04,235 INFO L290 TraceCheckUtils]: 15: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:04,236 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {382#true} {382#true} #1199#return; {382#true} is VALID [2022-02-20 18:02:04,236 INFO L290 TraceCheckUtils]: 17: Hoare triple {382#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {382#true} is VALID [2022-02-20 18:02:04,236 INFO L272 TraceCheckUtils]: 18: Hoare triple {382#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {382#true} is VALID [2022-02-20 18:02:04,236 INFO L290 TraceCheckUtils]: 19: Hoare triple {382#true} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:04,237 INFO L290 TraceCheckUtils]: 20: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:04,237 INFO L290 TraceCheckUtils]: 21: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:04,238 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {382#true} {382#true} #1201#return; {382#true} is VALID [2022-02-20 18:02:04,238 INFO L290 TraceCheckUtils]: 23: Hoare triple {382#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {382#true} is VALID [2022-02-20 18:02:04,238 INFO L272 TraceCheckUtils]: 24: Hoare triple {382#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {382#true} is VALID [2022-02-20 18:02:04,238 INFO L290 TraceCheckUtils]: 25: Hoare triple {382#true} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:04,238 INFO L290 TraceCheckUtils]: 26: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:04,239 INFO L290 TraceCheckUtils]: 27: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:04,239 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {382#true} {382#true} #1203#return; {382#true} is VALID [2022-02-20 18:02:04,239 INFO L290 TraceCheckUtils]: 29: Hoare triple {382#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {382#true} is VALID [2022-02-20 18:02:04,240 INFO L272 TraceCheckUtils]: 30: Hoare triple {382#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {382#true} is VALID [2022-02-20 18:02:04,240 INFO L290 TraceCheckUtils]: 31: Hoare triple {382#true} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:04,245 INFO L290 TraceCheckUtils]: 32: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:04,245 INFO L290 TraceCheckUtils]: 33: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:04,247 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {382#true} {382#true} #1205#return; {382#true} is VALID [2022-02-20 18:02:04,247 INFO L290 TraceCheckUtils]: 35: Hoare triple {382#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {382#true} is VALID [2022-02-20 18:02:04,247 INFO L272 TraceCheckUtils]: 36: Hoare triple {382#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {382#true} is VALID [2022-02-20 18:02:04,248 INFO L290 TraceCheckUtils]: 37: Hoare triple {382#true} ~handle := #in~handle;~value := #in~value; {382#true} is VALID [2022-02-20 18:02:04,248 INFO L290 TraceCheckUtils]: 38: Hoare triple {382#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {382#true} is VALID [2022-02-20 18:02:04,248 INFO L290 TraceCheckUtils]: 39: Hoare triple {382#true} assume true; {382#true} is VALID [2022-02-20 18:02:04,248 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {382#true} {382#true} #1207#return; {382#true} is VALID [2022-02-20 18:02:04,248 INFO L290 TraceCheckUtils]: 41: Hoare triple {382#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {382#true} is VALID [2022-02-20 18:02:04,248 INFO L290 TraceCheckUtils]: 42: Hoare triple {382#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {382#true} is VALID [2022-02-20 18:02:04,249 INFO L290 TraceCheckUtils]: 43: Hoare triple {382#true} assume !true; {383#false} is VALID [2022-02-20 18:02:04,249 INFO L290 TraceCheckUtils]: 44: Hoare triple {383#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {383#false} is VALID [2022-02-20 18:02:04,250 INFO L272 TraceCheckUtils]: 45: Hoare triple {383#false} call sendEmail(~bob~0, ~rjh~0); {383#false} is VALID [2022-02-20 18:02:04,250 INFO L290 TraceCheckUtils]: 46: Hoare triple {383#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {383#false} is VALID [2022-02-20 18:02:04,250 INFO L272 TraceCheckUtils]: 47: Hoare triple {383#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {383#false} is VALID [2022-02-20 18:02:04,250 INFO L290 TraceCheckUtils]: 48: Hoare triple {383#false} ~handle := #in~handle;~value := #in~value; {383#false} is VALID [2022-02-20 18:02:04,250 INFO L290 TraceCheckUtils]: 49: Hoare triple {383#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {383#false} is VALID [2022-02-20 18:02:04,250 INFO L290 TraceCheckUtils]: 50: Hoare triple {383#false} assume true; {383#false} is VALID [2022-02-20 18:02:04,250 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {383#false} {383#false} #1157#return; {383#false} is VALID [2022-02-20 18:02:04,250 INFO L272 TraceCheckUtils]: 52: Hoare triple {383#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {383#false} is VALID [2022-02-20 18:02:04,251 INFO L290 TraceCheckUtils]: 53: Hoare triple {383#false} ~handle := #in~handle;~value := #in~value; {383#false} is VALID [2022-02-20 18:02:04,251 INFO L290 TraceCheckUtils]: 54: Hoare triple {383#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {383#false} is VALID [2022-02-20 18:02:04,251 INFO L290 TraceCheckUtils]: 55: Hoare triple {383#false} assume true; {383#false} is VALID [2022-02-20 18:02:04,252 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {383#false} {383#false} #1159#return; {383#false} is VALID [2022-02-20 18:02:04,252 INFO L290 TraceCheckUtils]: 57: Hoare triple {383#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {383#false} is VALID [2022-02-20 18:02:04,252 INFO L290 TraceCheckUtils]: 58: Hoare triple {383#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {383#false} is VALID [2022-02-20 18:02:04,252 INFO L272 TraceCheckUtils]: 59: Hoare triple {383#false} call outgoing(~sender#1, ~email~0#1); {383#false} is VALID [2022-02-20 18:02:04,252 INFO L290 TraceCheckUtils]: 60: Hoare triple {383#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {383#false} is VALID [2022-02-20 18:02:04,253 INFO L290 TraceCheckUtils]: 61: Hoare triple {383#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {383#false} is VALID [2022-02-20 18:02:04,253 INFO L290 TraceCheckUtils]: 62: Hoare triple {383#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {383#false} is VALID [2022-02-20 18:02:04,253 INFO L290 TraceCheckUtils]: 63: Hoare triple {383#false} assume 0 == sign_~privkey~0#1; {383#false} is VALID [2022-02-20 18:02:04,253 INFO L290 TraceCheckUtils]: 64: Hoare triple {383#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {383#false} is VALID [2022-02-20 18:02:04,253 INFO L272 TraceCheckUtils]: 65: Hoare triple {383#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {383#false} is VALID [2022-02-20 18:02:04,253 INFO L290 TraceCheckUtils]: 66: Hoare triple {383#false} ~handle := #in~handle;havoc ~retValue_acc~11; {383#false} is VALID [2022-02-20 18:02:04,254 INFO L290 TraceCheckUtils]: 67: Hoare triple {383#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {383#false} is VALID [2022-02-20 18:02:04,254 INFO L290 TraceCheckUtils]: 68: Hoare triple {383#false} assume true; {383#false} is VALID [2022-02-20 18:02:04,255 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {383#false} {383#false} #1139#return; {383#false} is VALID [2022-02-20 18:02:04,255 INFO L290 TraceCheckUtils]: 70: Hoare triple {383#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {383#false} is VALID [2022-02-20 18:02:04,256 INFO L290 TraceCheckUtils]: 71: Hoare triple {383#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {383#false} is VALID [2022-02-20 18:02:04,256 INFO L272 TraceCheckUtils]: 72: Hoare triple {383#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {383#false} is VALID [2022-02-20 18:02:04,256 INFO L290 TraceCheckUtils]: 73: Hoare triple {383#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {383#false} is VALID [2022-02-20 18:02:04,256 INFO L290 TraceCheckUtils]: 74: Hoare triple {383#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {383#false} is VALID [2022-02-20 18:02:04,261 INFO L290 TraceCheckUtils]: 75: Hoare triple {383#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {383#false} is VALID [2022-02-20 18:02:04,262 INFO L272 TraceCheckUtils]: 76: Hoare triple {383#false} call setEmailFrom(~msg#1, ~tmp~1#1); {383#false} is VALID [2022-02-20 18:02:04,262 INFO L290 TraceCheckUtils]: 77: Hoare triple {383#false} ~handle := #in~handle;~value := #in~value; {383#false} is VALID [2022-02-20 18:02:04,262 INFO L290 TraceCheckUtils]: 78: Hoare triple {383#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {383#false} is VALID [2022-02-20 18:02:04,262 INFO L290 TraceCheckUtils]: 79: Hoare triple {383#false} assume true; {383#false} is VALID [2022-02-20 18:02:04,262 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {383#false} {383#false} #1163#return; {383#false} is VALID [2022-02-20 18:02:04,263 INFO L290 TraceCheckUtils]: 81: Hoare triple {383#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {383#false} is VALID [2022-02-20 18:02:04,263 INFO L272 TraceCheckUtils]: 82: Hoare triple {383#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {383#false} is VALID [2022-02-20 18:02:04,263 INFO L290 TraceCheckUtils]: 83: Hoare triple {383#false} ~handle := #in~handle;havoc ~retValue_acc~32; {383#false} is VALID [2022-02-20 18:02:04,263 INFO L290 TraceCheckUtils]: 84: Hoare triple {383#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {383#false} is VALID [2022-02-20 18:02:04,263 INFO L290 TraceCheckUtils]: 85: Hoare triple {383#false} assume true; {383#false} is VALID [2022-02-20 18:02:04,263 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {383#false} {383#false} #1165#return; {383#false} is VALID [2022-02-20 18:02:04,264 INFO L290 TraceCheckUtils]: 87: Hoare triple {383#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {383#false} is VALID [2022-02-20 18:02:04,264 INFO L272 TraceCheckUtils]: 88: Hoare triple {383#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {383#false} is VALID [2022-02-20 18:02:04,264 INFO L290 TraceCheckUtils]: 89: Hoare triple {383#false} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {383#false} is VALID [2022-02-20 18:02:04,264 INFO L290 TraceCheckUtils]: 90: Hoare triple {383#false} assume true; {383#false} is VALID [2022-02-20 18:02:04,264 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {383#false} {383#false} #1167#return; {383#false} is VALID [2022-02-20 18:02:04,264 INFO L290 TraceCheckUtils]: 92: Hoare triple {383#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {383#false} is VALID [2022-02-20 18:02:04,265 INFO L290 TraceCheckUtils]: 93: Hoare triple {383#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {383#false} is VALID [2022-02-20 18:02:04,265 INFO L290 TraceCheckUtils]: 94: Hoare triple {383#false} assume !false; {383#false} is VALID [2022-02-20 18:02:04,265 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:02:04,265 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:04,266 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1669936710] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:04,266 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:04,266 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:02:04,268 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [871455738] [2022-02-20 18:02:04,268 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:04,272 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 95 [2022-02-20 18:02:04,274 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:04,277 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:04,343 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 80 edges. 80 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:04,343 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:02:04,343 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:04,356 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:02:04,357 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:04,360 INFO L87 Difference]: Start difference. First operand has 379 states, 302 states have (on average 1.5695364238410596) internal successors, (474), 305 states have internal predecessors, (474), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (54), 53 states have call predecessors, (54), 54 states have call successors, (54) Second operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:04,754 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:04,755 INFO L93 Difference]: Finished difference Result 565 states and 854 transitions. [2022-02-20 18:02:04,756 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:02:04,756 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 95 [2022-02-20 18:02:04,757 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:04,758 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:04,793 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 854 transitions. [2022-02-20 18:02:04,794 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:04,807 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 854 transitions. [2022-02-20 18:02:04,807 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 854 transitions. [2022-02-20 18:02:05,441 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 854 edges. 854 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:05,463 INFO L225 Difference]: With dead ends: 565 [2022-02-20 18:02:05,463 INFO L226 Difference]: Without dead ends: 372 [2022-02-20 18:02:05,467 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 122 GetRequests, 115 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:05,470 INFO L933 BasicCegarLoop]: 578 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 578 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:05,470 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 578 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:05,483 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 372 states. [2022-02-20 18:02:05,505 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 372 to 372. [2022-02-20 18:02:05,505 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:05,507 INFO L82 GeneralOperation]: Start isEquivalent. First operand 372 states. Second operand has 372 states, 296 states have (on average 1.5641891891891893) internal successors, (463), 298 states have internal predecessors, (463), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:02:05,509 INFO L74 IsIncluded]: Start isIncluded. First operand 372 states. Second operand has 372 states, 296 states have (on average 1.5641891891891893) internal successors, (463), 298 states have internal predecessors, (463), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:02:05,510 INFO L87 Difference]: Start difference. First operand 372 states. Second operand has 372 states, 296 states have (on average 1.5641891891891893) internal successors, (463), 298 states have internal predecessors, (463), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:02:05,528 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:05,528 INFO L93 Difference]: Finished difference Result 372 states and 570 transitions. [2022-02-20 18:02:05,529 INFO L276 IsEmpty]: Start isEmpty. Operand 372 states and 570 transitions. [2022-02-20 18:02:05,531 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:05,531 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:05,533 INFO L74 IsIncluded]: Start isIncluded. First operand has 372 states, 296 states have (on average 1.5641891891891893) internal successors, (463), 298 states have internal predecessors, (463), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) Second operand 372 states. [2022-02-20 18:02:05,533 INFO L87 Difference]: Start difference. First operand has 372 states, 296 states have (on average 1.5641891891891893) internal successors, (463), 298 states have internal predecessors, (463), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) Second operand 372 states. [2022-02-20 18:02:05,549 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:05,549 INFO L93 Difference]: Finished difference Result 372 states and 570 transitions. [2022-02-20 18:02:05,550 INFO L276 IsEmpty]: Start isEmpty. Operand 372 states and 570 transitions. [2022-02-20 18:02:05,551 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:05,551 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:05,551 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:05,551 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:05,553 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 372 states, 296 states have (on average 1.5641891891891893) internal successors, (463), 298 states have internal predecessors, (463), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:02:05,568 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 372 states to 372 states and 570 transitions. [2022-02-20 18:02:05,570 INFO L78 Accepts]: Start accepts. Automaton has 372 states and 570 transitions. Word has length 95 [2022-02-20 18:02:05,570 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:05,570 INFO L470 AbstractCegarLoop]: Abstraction has 372 states and 570 transitions. [2022-02-20 18:02:05,571 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 26.5) internal successors, (53), 2 states have internal predecessors, (53), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:05,571 INFO L276 IsEmpty]: Start isEmpty. Operand 372 states and 570 transitions. [2022-02-20 18:02:05,573 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-02-20 18:02:05,573 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:05,573 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:05,603 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:02:05,792 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:02:05,793 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:05,794 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:05,794 INFO L85 PathProgramCache]: Analyzing trace with hash 1259497428, now seen corresponding path program 1 times [2022-02-20 18:02:05,794 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:05,794 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1096805054] [2022-02-20 18:02:05,794 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:05,795 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:05,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,882 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:05,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,887 INFO L290 TraceCheckUtils]: 0: Hoare triple {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,887 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2757#true} #1197#return; {2757#true} is VALID [2022-02-20 18:02:05,895 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:05,897 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,900 INFO L290 TraceCheckUtils]: 0: Hoare triple {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,901 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,906 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2757#true} #1199#return; {2757#true} is VALID [2022-02-20 18:02:05,906 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:05,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2809#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:05,921 INFO L290 TraceCheckUtils]: 1: Hoare triple {2809#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2810#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:05,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {2810#(= |setClientId_#in~handle| 1)} assume true; {2810#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:05,922 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2810#(= |setClientId_#in~handle| 1)} {2767#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1201#return; {2758#false} is VALID [2022-02-20 18:02:05,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:05,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,926 INFO L290 TraceCheckUtils]: 0: Hoare triple {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,926 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,926 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,926 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2758#false} #1203#return; {2758#false} is VALID [2022-02-20 18:02:05,927 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:05,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,931 INFO L290 TraceCheckUtils]: 0: Hoare triple {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,931 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,931 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,931 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2758#false} #1205#return; {2758#false} is VALID [2022-02-20 18:02:05,931 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:05,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,936 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,936 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2758#false} #1207#return; {2758#false} is VALID [2022-02-20 18:02:05,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:02:05,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {2811#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,952 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,952 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2758#false} #1157#return; {2758#false} is VALID [2022-02-20 18:02:05,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:02:05,959 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {2812#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,963 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,963 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2758#false} #1159#return; {2758#false} is VALID [2022-02-20 18:02:05,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:02:05,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {2757#true} ~handle := #in~handle;havoc ~retValue_acc~11; {2757#true} is VALID [2022-02-20 18:02:05,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {2757#true} is VALID [2022-02-20 18:02:05,968 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,968 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2758#false} #1139#return; {2758#false} is VALID [2022-02-20 18:02:05,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:02:05,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {2811#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,986 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,986 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,986 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2758#false} #1163#return; {2758#false} is VALID [2022-02-20 18:02:05,986 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:02:05,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,989 INFO L290 TraceCheckUtils]: 0: Hoare triple {2757#true} ~handle := #in~handle;havoc ~retValue_acc~32; {2757#true} is VALID [2022-02-20 18:02:05,989 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {2757#true} is VALID [2022-02-20 18:02:05,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,989 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2757#true} {2758#false} #1165#return; {2758#false} is VALID [2022-02-20 18:02:05,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:02:05,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:05,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {2757#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {2757#true} is VALID [2022-02-20 18:02:05,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,994 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2757#true} {2758#false} #1167#return; {2758#false} is VALID [2022-02-20 18:02:05,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {2757#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2757#true} is VALID [2022-02-20 18:02:05,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {2757#true} is VALID [2022-02-20 18:02:05,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2757#true} is VALID [2022-02-20 18:02:05,995 INFO L290 TraceCheckUtils]: 3: Hoare triple {2757#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {2757#true} is VALID [2022-02-20 18:02:05,995 INFO L290 TraceCheckUtils]: 4: Hoare triple {2757#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2757#true} is VALID [2022-02-20 18:02:05,997 INFO L290 TraceCheckUtils]: 5: Hoare triple {2757#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2757#true} is VALID [2022-02-20 18:02:05,999 INFO L272 TraceCheckUtils]: 6: Hoare triple {2757#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:05,999 INFO L290 TraceCheckUtils]: 7: Hoare triple {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:05,999 INFO L290 TraceCheckUtils]: 8: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:05,999 INFO L290 TraceCheckUtils]: 9: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:05,999 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2757#true} {2757#true} #1197#return; {2757#true} is VALID [2022-02-20 18:02:05,999 INFO L290 TraceCheckUtils]: 11: Hoare triple {2757#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2757#true} is VALID [2022-02-20 18:02:06,002 INFO L272 TraceCheckUtils]: 12: Hoare triple {2757#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:06,002 INFO L290 TraceCheckUtils]: 13: Hoare triple {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,002 INFO L290 TraceCheckUtils]: 14: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,002 INFO L290 TraceCheckUtils]: 15: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,002 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2757#true} {2757#true} #1199#return; {2757#true} is VALID [2022-02-20 18:02:06,003 INFO L290 TraceCheckUtils]: 17: Hoare triple {2757#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2767#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:06,004 INFO L272 TraceCheckUtils]: 18: Hoare triple {2767#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:06,004 INFO L290 TraceCheckUtils]: 19: Hoare triple {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2809#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:06,005 INFO L290 TraceCheckUtils]: 20: Hoare triple {2809#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2810#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:06,005 INFO L290 TraceCheckUtils]: 21: Hoare triple {2810#(= |setClientId_#in~handle| 1)} assume true; {2810#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:06,005 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2810#(= |setClientId_#in~handle| 1)} {2767#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1201#return; {2758#false} is VALID [2022-02-20 18:02:06,005 INFO L290 TraceCheckUtils]: 23: Hoare triple {2758#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2758#false} is VALID [2022-02-20 18:02:06,006 INFO L272 TraceCheckUtils]: 24: Hoare triple {2758#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 25: Hoare triple {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 26: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 27: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,006 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2757#true} {2758#false} #1203#return; {2758#false} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 29: Hoare triple {2758#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2758#false} is VALID [2022-02-20 18:02:06,006 INFO L272 TraceCheckUtils]: 30: Hoare triple {2758#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 31: Hoare triple {2807#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 32: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 33: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,006 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2757#true} {2758#false} #1205#return; {2758#false} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 35: Hoare triple {2758#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2758#false} is VALID [2022-02-20 18:02:06,006 INFO L272 TraceCheckUtils]: 36: Hoare triple {2758#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 37: Hoare triple {2808#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,006 INFO L290 TraceCheckUtils]: 38: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 39: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,007 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2757#true} {2758#false} #1207#return; {2758#false} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 41: Hoare triple {2758#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {2758#false} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 42: Hoare triple {2758#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2758#false} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 43: Hoare triple {2758#false} assume !false; {2758#false} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 44: Hoare triple {2758#false} assume !(test_~splverifierCounter~0#1 < 4); {2758#false} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 45: Hoare triple {2758#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {2758#false} is VALID [2022-02-20 18:02:06,007 INFO L272 TraceCheckUtils]: 46: Hoare triple {2758#false} call sendEmail(~bob~0, ~rjh~0); {2758#false} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 47: Hoare triple {2758#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2758#false} is VALID [2022-02-20 18:02:06,007 INFO L272 TraceCheckUtils]: 48: Hoare triple {2758#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2811#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 49: Hoare triple {2811#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 50: Hoare triple {2757#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,007 INFO L290 TraceCheckUtils]: 51: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,008 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2757#true} {2758#false} #1157#return; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L272 TraceCheckUtils]: 53: Hoare triple {2758#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2812#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 54: Hoare triple {2812#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 55: Hoare triple {2757#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 56: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,008 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2757#true} {2758#false} #1159#return; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 58: Hoare triple {2758#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 59: Hoare triple {2758#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L272 TraceCheckUtils]: 60: Hoare triple {2758#false} call outgoing(~sender#1, ~email~0#1); {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 61: Hoare triple {2758#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 62: Hoare triple {2758#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 63: Hoare triple {2758#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 64: Hoare triple {2758#false} assume 0 == sign_~privkey~0#1; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L290 TraceCheckUtils]: 65: Hoare triple {2758#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {2758#false} is VALID [2022-02-20 18:02:06,008 INFO L272 TraceCheckUtils]: 66: Hoare triple {2758#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2757#true} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 67: Hoare triple {2757#true} ~handle := #in~handle;havoc ~retValue_acc~11; {2757#true} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 68: Hoare triple {2757#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {2757#true} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 69: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,009 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {2757#true} {2758#false} #1139#return; {2758#false} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 71: Hoare triple {2758#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {2758#false} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 72: Hoare triple {2758#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {2758#false} is VALID [2022-02-20 18:02:06,009 INFO L272 TraceCheckUtils]: 73: Hoare triple {2758#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2758#false} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 74: Hoare triple {2758#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {2758#false} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 75: Hoare triple {2758#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {2758#false} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 76: Hoare triple {2758#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {2758#false} is VALID [2022-02-20 18:02:06,009 INFO L272 TraceCheckUtils]: 77: Hoare triple {2758#false} call setEmailFrom(~msg#1, ~tmp~1#1); {2811#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 78: Hoare triple {2811#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 79: Hoare triple {2757#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,009 INFO L290 TraceCheckUtils]: 80: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,010 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2757#true} {2758#false} #1163#return; {2758#false} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 82: Hoare triple {2758#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {2758#false} is VALID [2022-02-20 18:02:06,010 INFO L272 TraceCheckUtils]: 83: Hoare triple {2758#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {2757#true} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 84: Hoare triple {2757#true} ~handle := #in~handle;havoc ~retValue_acc~32; {2757#true} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 85: Hoare triple {2757#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {2757#true} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 86: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,010 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {2757#true} {2758#false} #1165#return; {2758#false} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 88: Hoare triple {2758#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {2758#false} is VALID [2022-02-20 18:02:06,010 INFO L272 TraceCheckUtils]: 89: Hoare triple {2758#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {2757#true} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 90: Hoare triple {2757#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {2757#true} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 91: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,010 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {2757#true} {2758#false} #1167#return; {2758#false} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 93: Hoare triple {2758#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {2758#false} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 94: Hoare triple {2758#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {2758#false} is VALID [2022-02-20 18:02:06,010 INFO L290 TraceCheckUtils]: 95: Hoare triple {2758#false} assume !false; {2758#false} is VALID [2022-02-20 18:02:06,011 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:02:06,011 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:06,011 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1096805054] [2022-02-20 18:02:06,011 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1096805054] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:06,011 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [450895580] [2022-02-20 18:02:06,011 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:06,011 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:06,012 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:06,013 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:06,018 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:02:06,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:06,238 INFO L263 TraceCheckSpWp]: Trace formula consists of 1038 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:02:06,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:06,287 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:06,488 INFO L290 TraceCheckUtils]: 0: Hoare triple {2757#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2757#true} is VALID [2022-02-20 18:02:06,489 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {2757#true} is VALID [2022-02-20 18:02:06,489 INFO L290 TraceCheckUtils]: 2: Hoare triple {2757#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2757#true} is VALID [2022-02-20 18:02:06,489 INFO L290 TraceCheckUtils]: 3: Hoare triple {2757#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {2757#true} is VALID [2022-02-20 18:02:06,489 INFO L290 TraceCheckUtils]: 4: Hoare triple {2757#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2757#true} is VALID [2022-02-20 18:02:06,489 INFO L290 TraceCheckUtils]: 5: Hoare triple {2757#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2757#true} is VALID [2022-02-20 18:02:06,489 INFO L272 TraceCheckUtils]: 6: Hoare triple {2757#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2757#true} is VALID [2022-02-20 18:02:06,489 INFO L290 TraceCheckUtils]: 7: Hoare triple {2757#true} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,490 INFO L290 TraceCheckUtils]: 8: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,490 INFO L290 TraceCheckUtils]: 9: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,490 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2757#true} {2757#true} #1197#return; {2757#true} is VALID [2022-02-20 18:02:06,490 INFO L290 TraceCheckUtils]: 11: Hoare triple {2757#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2757#true} is VALID [2022-02-20 18:02:06,490 INFO L272 TraceCheckUtils]: 12: Hoare triple {2757#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2757#true} is VALID [2022-02-20 18:02:06,490 INFO L290 TraceCheckUtils]: 13: Hoare triple {2757#true} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,490 INFO L290 TraceCheckUtils]: 14: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,490 INFO L290 TraceCheckUtils]: 15: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,491 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2757#true} {2757#true} #1199#return; {2757#true} is VALID [2022-02-20 18:02:06,491 INFO L290 TraceCheckUtils]: 17: Hoare triple {2757#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2757#true} is VALID [2022-02-20 18:02:06,491 INFO L272 TraceCheckUtils]: 18: Hoare triple {2757#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2757#true} is VALID [2022-02-20 18:02:06,491 INFO L290 TraceCheckUtils]: 19: Hoare triple {2757#true} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,491 INFO L290 TraceCheckUtils]: 20: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,491 INFO L290 TraceCheckUtils]: 21: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,491 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2757#true} {2757#true} #1201#return; {2757#true} is VALID [2022-02-20 18:02:06,492 INFO L290 TraceCheckUtils]: 23: Hoare triple {2757#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2757#true} is VALID [2022-02-20 18:02:06,492 INFO L272 TraceCheckUtils]: 24: Hoare triple {2757#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2757#true} is VALID [2022-02-20 18:02:06,492 INFO L290 TraceCheckUtils]: 25: Hoare triple {2757#true} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,492 INFO L290 TraceCheckUtils]: 26: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,492 INFO L290 TraceCheckUtils]: 27: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,492 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2757#true} {2757#true} #1203#return; {2757#true} is VALID [2022-02-20 18:02:06,492 INFO L290 TraceCheckUtils]: 29: Hoare triple {2757#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2757#true} is VALID [2022-02-20 18:02:06,492 INFO L272 TraceCheckUtils]: 30: Hoare triple {2757#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2757#true} is VALID [2022-02-20 18:02:06,493 INFO L290 TraceCheckUtils]: 31: Hoare triple {2757#true} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,493 INFO L290 TraceCheckUtils]: 32: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,493 INFO L290 TraceCheckUtils]: 33: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,493 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2757#true} {2757#true} #1205#return; {2757#true} is VALID [2022-02-20 18:02:06,493 INFO L290 TraceCheckUtils]: 35: Hoare triple {2757#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2757#true} is VALID [2022-02-20 18:02:06,493 INFO L272 TraceCheckUtils]: 36: Hoare triple {2757#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2757#true} is VALID [2022-02-20 18:02:06,493 INFO L290 TraceCheckUtils]: 37: Hoare triple {2757#true} ~handle := #in~handle;~value := #in~value; {2757#true} is VALID [2022-02-20 18:02:06,493 INFO L290 TraceCheckUtils]: 38: Hoare triple {2757#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2757#true} is VALID [2022-02-20 18:02:06,494 INFO L290 TraceCheckUtils]: 39: Hoare triple {2757#true} assume true; {2757#true} is VALID [2022-02-20 18:02:06,494 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2757#true} {2757#true} #1207#return; {2757#true} is VALID [2022-02-20 18:02:06,494 INFO L290 TraceCheckUtils]: 41: Hoare triple {2757#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {2757#true} is VALID [2022-02-20 18:02:06,494 INFO L290 TraceCheckUtils]: 42: Hoare triple {2757#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2942#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:06,495 INFO L290 TraceCheckUtils]: 43: Hoare triple {2942#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2942#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:06,495 INFO L290 TraceCheckUtils]: 44: Hoare triple {2942#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2758#false} is VALID [2022-02-20 18:02:06,495 INFO L290 TraceCheckUtils]: 45: Hoare triple {2758#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {2758#false} is VALID [2022-02-20 18:02:06,495 INFO L272 TraceCheckUtils]: 46: Hoare triple {2758#false} call sendEmail(~bob~0, ~rjh~0); {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L290 TraceCheckUtils]: 47: Hoare triple {2758#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L272 TraceCheckUtils]: 48: Hoare triple {2758#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L290 TraceCheckUtils]: 49: Hoare triple {2758#false} ~handle := #in~handle;~value := #in~value; {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L290 TraceCheckUtils]: 50: Hoare triple {2758#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L290 TraceCheckUtils]: 51: Hoare triple {2758#false} assume true; {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2758#false} {2758#false} #1157#return; {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L272 TraceCheckUtils]: 53: Hoare triple {2758#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L290 TraceCheckUtils]: 54: Hoare triple {2758#false} ~handle := #in~handle;~value := #in~value; {2758#false} is VALID [2022-02-20 18:02:06,496 INFO L290 TraceCheckUtils]: 55: Hoare triple {2758#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 56: Hoare triple {2758#false} assume true; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2758#false} {2758#false} #1159#return; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 58: Hoare triple {2758#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 59: Hoare triple {2758#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L272 TraceCheckUtils]: 60: Hoare triple {2758#false} call outgoing(~sender#1, ~email~0#1); {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 61: Hoare triple {2758#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 62: Hoare triple {2758#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 63: Hoare triple {2758#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 64: Hoare triple {2758#false} assume 0 == sign_~privkey~0#1; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 65: Hoare triple {2758#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L272 TraceCheckUtils]: 66: Hoare triple {2758#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 67: Hoare triple {2758#false} ~handle := #in~handle;havoc ~retValue_acc~11; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 68: Hoare triple {2758#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 69: Hoare triple {2758#false} assume true; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {2758#false} {2758#false} #1139#return; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 71: Hoare triple {2758#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {2758#false} is VALID [2022-02-20 18:02:06,497 INFO L290 TraceCheckUtils]: 72: Hoare triple {2758#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L272 TraceCheckUtils]: 73: Hoare triple {2758#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L290 TraceCheckUtils]: 74: Hoare triple {2758#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L290 TraceCheckUtils]: 75: Hoare triple {2758#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L290 TraceCheckUtils]: 76: Hoare triple {2758#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L272 TraceCheckUtils]: 77: Hoare triple {2758#false} call setEmailFrom(~msg#1, ~tmp~1#1); {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L290 TraceCheckUtils]: 78: Hoare triple {2758#false} ~handle := #in~handle;~value := #in~value; {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L290 TraceCheckUtils]: 79: Hoare triple {2758#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L290 TraceCheckUtils]: 80: Hoare triple {2758#false} assume true; {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2758#false} {2758#false} #1163#return; {2758#false} is VALID [2022-02-20 18:02:06,498 INFO L290 TraceCheckUtils]: 82: Hoare triple {2758#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L272 TraceCheckUtils]: 83: Hoare triple {2758#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L290 TraceCheckUtils]: 84: Hoare triple {2758#false} ~handle := #in~handle;havoc ~retValue_acc~32; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L290 TraceCheckUtils]: 85: Hoare triple {2758#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L290 TraceCheckUtils]: 86: Hoare triple {2758#false} assume true; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {2758#false} {2758#false} #1165#return; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L290 TraceCheckUtils]: 88: Hoare triple {2758#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L272 TraceCheckUtils]: 89: Hoare triple {2758#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L290 TraceCheckUtils]: 90: Hoare triple {2758#false} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L290 TraceCheckUtils]: 91: Hoare triple {2758#false} assume true; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {2758#false} {2758#false} #1167#return; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L290 TraceCheckUtils]: 93: Hoare triple {2758#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {2758#false} is VALID [2022-02-20 18:02:06,499 INFO L290 TraceCheckUtils]: 94: Hoare triple {2758#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {2758#false} is VALID [2022-02-20 18:02:06,500 INFO L290 TraceCheckUtils]: 95: Hoare triple {2758#false} assume !false; {2758#false} is VALID [2022-02-20 18:02:06,500 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:02:06,500 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:06,500 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [450895580] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:06,500 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:06,500 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:02:06,501 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2098652274] [2022-02-20 18:02:06,501 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:06,503 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 96 [2022-02-20 18:02:06,504 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:06,504 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:06,567 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:06,567 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:02:06,568 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:06,568 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:02:06,568 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:06,569 INFO L87 Difference]: Start difference. First operand 372 states and 570 transitions. Second operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:07,051 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:07,051 INFO L93 Difference]: Finished difference Result 555 states and 832 transitions. [2022-02-20 18:02:07,052 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:07,052 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 96 [2022-02-20 18:02:07,053 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:07,054 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:07,061 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 832 transitions. [2022-02-20 18:02:07,062 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:07,071 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 832 transitions. [2022-02-20 18:02:07,072 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 832 transitions. [2022-02-20 18:02:07,646 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 832 edges. 832 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:07,663 INFO L225 Difference]: With dead ends: 555 [2022-02-20 18:02:07,663 INFO L226 Difference]: Without dead ends: 375 [2022-02-20 18:02:07,665 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 123 GetRequests, 115 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:07,666 INFO L933 BasicCegarLoop]: 568 mSDtfsCounter, 1 mSDsluCounter, 566 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1134 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:07,668 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1134 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:07,669 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 375 states. [2022-02-20 18:02:07,682 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 375 to 374. [2022-02-20 18:02:07,690 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:07,691 INFO L82 GeneralOperation]: Start isEquivalent. First operand 375 states. Second operand has 374 states, 298 states have (on average 1.5604026845637584) internal successors, (465), 300 states have internal predecessors, (465), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:02:07,691 INFO L74 IsIncluded]: Start isIncluded. First operand 375 states. Second operand has 374 states, 298 states have (on average 1.5604026845637584) internal successors, (465), 300 states have internal predecessors, (465), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:02:07,692 INFO L87 Difference]: Start difference. First operand 375 states. Second operand has 374 states, 298 states have (on average 1.5604026845637584) internal successors, (465), 300 states have internal predecessors, (465), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:02:07,703 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:07,704 INFO L93 Difference]: Finished difference Result 375 states and 573 transitions. [2022-02-20 18:02:07,704 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 573 transitions. [2022-02-20 18:02:07,705 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:07,705 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:07,706 INFO L74 IsIncluded]: Start isIncluded. First operand has 374 states, 298 states have (on average 1.5604026845637584) internal successors, (465), 300 states have internal predecessors, (465), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) Second operand 375 states. [2022-02-20 18:02:07,707 INFO L87 Difference]: Start difference. First operand has 374 states, 298 states have (on average 1.5604026845637584) internal successors, (465), 300 states have internal predecessors, (465), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) Second operand 375 states. [2022-02-20 18:02:07,720 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:07,720 INFO L93 Difference]: Finished difference Result 375 states and 573 transitions. [2022-02-20 18:02:07,720 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 573 transitions. [2022-02-20 18:02:07,721 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:07,721 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:07,721 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:07,721 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:07,722 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 374 states, 298 states have (on average 1.5604026845637584) internal successors, (465), 300 states have internal predecessors, (465), 54 states have call successors, (54), 21 states have call predecessors, (54), 21 states have return successors, (53), 52 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 18:02:07,735 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 374 states to 374 states and 572 transitions. [2022-02-20 18:02:07,735 INFO L78 Accepts]: Start accepts. Automaton has 374 states and 572 transitions. Word has length 96 [2022-02-20 18:02:07,736 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:07,736 INFO L470 AbstractCegarLoop]: Abstraction has 374 states and 572 transitions. [2022-02-20 18:02:07,736 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.0) internal successors, (54), 3 states have internal predecessors, (54), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:07,736 INFO L276 IsEmpty]: Start isEmpty. Operand 374 states and 572 transitions. [2022-02-20 18:02:07,751 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 18:02:07,752 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:07,752 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:07,772 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:07,967 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:02:07,967 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:07,968 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:07,968 INFO L85 PathProgramCache]: Analyzing trace with hash -822068995, now seen corresponding path program 1 times [2022-02-20 18:02:07,968 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:07,968 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [723756174] [2022-02-20 18:02:07,968 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:07,968 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:07,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:08,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,050 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5129#true} #1197#return; {5129#true} is VALID [2022-02-20 18:02:08,055 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:08,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,058 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5129#true} #1199#return; {5129#true} is VALID [2022-02-20 18:02:08,059 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:08,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,077 INFO L290 TraceCheckUtils]: 0: Hoare triple {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5181#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:08,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {5181#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5182#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:08,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {5182#(= |setClientId_#in~handle| 1)} assume true; {5182#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:08,078 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5182#(= |setClientId_#in~handle| 1)} {5139#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1201#return; {5130#false} is VALID [2022-02-20 18:02:08,080 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:08,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,084 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,084 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,084 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5130#false} #1203#return; {5130#false} is VALID [2022-02-20 18:02:08,084 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:08,086 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,089 INFO L290 TraceCheckUtils]: 0: Hoare triple {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,089 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,089 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,089 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5130#false} #1205#return; {5130#false} is VALID [2022-02-20 18:02:08,089 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:08,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,093 INFO L290 TraceCheckUtils]: 0: Hoare triple {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,094 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,094 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5130#false} #1207#return; {5130#false} is VALID [2022-02-20 18:02:08,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 18:02:08,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,108 INFO L290 TraceCheckUtils]: 0: Hoare triple {5183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,111 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,112 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5130#false} #1157#return; {5130#false} is VALID [2022-02-20 18:02:08,120 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:02:08,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,123 INFO L290 TraceCheckUtils]: 0: Hoare triple {5184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,123 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,123 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,124 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5130#false} #1159#return; {5130#false} is VALID [2022-02-20 18:02:08,124 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:02:08,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {5129#true} ~handle := #in~handle;havoc ~retValue_acc~11; {5129#true} is VALID [2022-02-20 18:02:08,128 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {5129#true} is VALID [2022-02-20 18:02:08,128 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,128 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5130#false} #1139#return; {5130#false} is VALID [2022-02-20 18:02:08,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:02:08,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,131 INFO L290 TraceCheckUtils]: 0: Hoare triple {5183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,131 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,131 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,131 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5130#false} #1163#return; {5130#false} is VALID [2022-02-20 18:02:08,132 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:02:08,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {5129#true} ~handle := #in~handle;havoc ~retValue_acc~32; {5129#true} is VALID [2022-02-20 18:02:08,134 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5129#true} is VALID [2022-02-20 18:02:08,134 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,135 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5129#true} {5130#false} #1165#return; {5130#false} is VALID [2022-02-20 18:02:08,135 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:02:08,135 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,137 INFO L290 TraceCheckUtils]: 0: Hoare triple {5129#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {5129#true} is VALID [2022-02-20 18:02:08,137 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,137 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5129#true} {5130#false} #1167#return; {5130#false} is VALID [2022-02-20 18:02:08,137 INFO L290 TraceCheckUtils]: 0: Hoare triple {5129#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5129#true} is VALID [2022-02-20 18:02:08,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {5129#true} is VALID [2022-02-20 18:02:08,138 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5129#true} is VALID [2022-02-20 18:02:08,138 INFO L290 TraceCheckUtils]: 3: Hoare triple {5129#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {5129#true} is VALID [2022-02-20 18:02:08,138 INFO L290 TraceCheckUtils]: 4: Hoare triple {5129#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {5129#true} is VALID [2022-02-20 18:02:08,138 INFO L290 TraceCheckUtils]: 5: Hoare triple {5129#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5129#true} is VALID [2022-02-20 18:02:08,156 INFO L272 TraceCheckUtils]: 6: Hoare triple {5129#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:08,156 INFO L290 TraceCheckUtils]: 7: Hoare triple {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,156 INFO L290 TraceCheckUtils]: 8: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,156 INFO L290 TraceCheckUtils]: 9: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,156 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5129#true} {5129#true} #1197#return; {5129#true} is VALID [2022-02-20 18:02:08,156 INFO L290 TraceCheckUtils]: 11: Hoare triple {5129#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5129#true} is VALID [2022-02-20 18:02:08,157 INFO L272 TraceCheckUtils]: 12: Hoare triple {5129#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:08,157 INFO L290 TraceCheckUtils]: 13: Hoare triple {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,157 INFO L290 TraceCheckUtils]: 14: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,157 INFO L290 TraceCheckUtils]: 15: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,158 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5129#true} {5129#true} #1199#return; {5129#true} is VALID [2022-02-20 18:02:08,158 INFO L290 TraceCheckUtils]: 17: Hoare triple {5129#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5139#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:08,159 INFO L272 TraceCheckUtils]: 18: Hoare triple {5139#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:08,159 INFO L290 TraceCheckUtils]: 19: Hoare triple {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5181#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:08,160 INFO L290 TraceCheckUtils]: 20: Hoare triple {5181#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5182#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:08,160 INFO L290 TraceCheckUtils]: 21: Hoare triple {5182#(= |setClientId_#in~handle| 1)} assume true; {5182#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:08,161 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5182#(= |setClientId_#in~handle| 1)} {5139#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1201#return; {5130#false} is VALID [2022-02-20 18:02:08,161 INFO L290 TraceCheckUtils]: 23: Hoare triple {5130#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5130#false} is VALID [2022-02-20 18:02:08,161 INFO L272 TraceCheckUtils]: 24: Hoare triple {5130#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:08,161 INFO L290 TraceCheckUtils]: 25: Hoare triple {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,161 INFO L290 TraceCheckUtils]: 26: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,161 INFO L290 TraceCheckUtils]: 27: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,161 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5129#true} {5130#false} #1203#return; {5130#false} is VALID [2022-02-20 18:02:08,161 INFO L290 TraceCheckUtils]: 29: Hoare triple {5130#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5130#false} is VALID [2022-02-20 18:02:08,161 INFO L272 TraceCheckUtils]: 30: Hoare triple {5130#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:08,161 INFO L290 TraceCheckUtils]: 31: Hoare triple {5179#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,162 INFO L290 TraceCheckUtils]: 32: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,162 INFO L290 TraceCheckUtils]: 33: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,162 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5129#true} {5130#false} #1205#return; {5130#false} is VALID [2022-02-20 18:02:08,162 INFO L290 TraceCheckUtils]: 35: Hoare triple {5130#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5130#false} is VALID [2022-02-20 18:02:08,162 INFO L272 TraceCheckUtils]: 36: Hoare triple {5130#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:08,162 INFO L290 TraceCheckUtils]: 37: Hoare triple {5180#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,162 INFO L290 TraceCheckUtils]: 38: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,162 INFO L290 TraceCheckUtils]: 39: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,162 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5129#true} {5130#false} #1207#return; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 41: Hoare triple {5130#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 42: Hoare triple {5130#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 43: Hoare triple {5130#false} assume !false; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 44: Hoare triple {5130#false} assume test_~splverifierCounter~0#1 < 4; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 45: Hoare triple {5130#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 46: Hoare triple {5130#false} assume !(0 == test_~op1~0#1); {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 47: Hoare triple {5130#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 48: Hoare triple {5130#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 49: Hoare triple {5130#false} assume !false; {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 50: Hoare triple {5130#false} assume !(test_~splverifierCounter~0#1 < 4); {5130#false} is VALID [2022-02-20 18:02:08,163 INFO L290 TraceCheckUtils]: 51: Hoare triple {5130#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {5130#false} is VALID [2022-02-20 18:02:08,164 INFO L272 TraceCheckUtils]: 52: Hoare triple {5130#false} call sendEmail(~bob~0, ~rjh~0); {5130#false} is VALID [2022-02-20 18:02:08,164 INFO L290 TraceCheckUtils]: 53: Hoare triple {5130#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5130#false} is VALID [2022-02-20 18:02:08,164 INFO L272 TraceCheckUtils]: 54: Hoare triple {5130#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:08,164 INFO L290 TraceCheckUtils]: 55: Hoare triple {5183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,164 INFO L290 TraceCheckUtils]: 56: Hoare triple {5129#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,165 INFO L290 TraceCheckUtils]: 57: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,165 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5129#true} {5130#false} #1157#return; {5130#false} is VALID [2022-02-20 18:02:08,165 INFO L272 TraceCheckUtils]: 59: Hoare triple {5130#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:08,165 INFO L290 TraceCheckUtils]: 60: Hoare triple {5184#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,165 INFO L290 TraceCheckUtils]: 61: Hoare triple {5129#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,165 INFO L290 TraceCheckUtils]: 62: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,166 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5129#true} {5130#false} #1159#return; {5130#false} is VALID [2022-02-20 18:02:08,166 INFO L290 TraceCheckUtils]: 64: Hoare triple {5130#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {5130#false} is VALID [2022-02-20 18:02:08,166 INFO L290 TraceCheckUtils]: 65: Hoare triple {5130#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {5130#false} is VALID [2022-02-20 18:02:08,166 INFO L272 TraceCheckUtils]: 66: Hoare triple {5130#false} call outgoing(~sender#1, ~email~0#1); {5130#false} is VALID [2022-02-20 18:02:08,166 INFO L290 TraceCheckUtils]: 67: Hoare triple {5130#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {5130#false} is VALID [2022-02-20 18:02:08,167 INFO L290 TraceCheckUtils]: 68: Hoare triple {5130#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {5130#false} is VALID [2022-02-20 18:02:08,167 INFO L290 TraceCheckUtils]: 69: Hoare triple {5130#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {5130#false} is VALID [2022-02-20 18:02:08,167 INFO L290 TraceCheckUtils]: 70: Hoare triple {5130#false} assume 0 == sign_~privkey~0#1; {5130#false} is VALID [2022-02-20 18:02:08,167 INFO L290 TraceCheckUtils]: 71: Hoare triple {5130#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {5130#false} is VALID [2022-02-20 18:02:08,167 INFO L272 TraceCheckUtils]: 72: Hoare triple {5130#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5129#true} is VALID [2022-02-20 18:02:08,167 INFO L290 TraceCheckUtils]: 73: Hoare triple {5129#true} ~handle := #in~handle;havoc ~retValue_acc~11; {5129#true} is VALID [2022-02-20 18:02:08,167 INFO L290 TraceCheckUtils]: 74: Hoare triple {5129#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {5129#true} is VALID [2022-02-20 18:02:08,168 INFO L290 TraceCheckUtils]: 75: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,168 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {5129#true} {5130#false} #1139#return; {5130#false} is VALID [2022-02-20 18:02:08,168 INFO L290 TraceCheckUtils]: 77: Hoare triple {5130#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {5130#false} is VALID [2022-02-20 18:02:08,168 INFO L290 TraceCheckUtils]: 78: Hoare triple {5130#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5130#false} is VALID [2022-02-20 18:02:08,168 INFO L272 TraceCheckUtils]: 79: Hoare triple {5130#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5130#false} is VALID [2022-02-20 18:02:08,168 INFO L290 TraceCheckUtils]: 80: Hoare triple {5130#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {5130#false} is VALID [2022-02-20 18:02:08,168 INFO L290 TraceCheckUtils]: 81: Hoare triple {5130#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {5130#false} is VALID [2022-02-20 18:02:08,169 INFO L290 TraceCheckUtils]: 82: Hoare triple {5130#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {5130#false} is VALID [2022-02-20 18:02:08,169 INFO L272 TraceCheckUtils]: 83: Hoare triple {5130#false} call setEmailFrom(~msg#1, ~tmp~1#1); {5183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:08,169 INFO L290 TraceCheckUtils]: 84: Hoare triple {5183#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,169 INFO L290 TraceCheckUtils]: 85: Hoare triple {5129#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,169 INFO L290 TraceCheckUtils]: 86: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,169 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {5129#true} {5130#false} #1163#return; {5130#false} is VALID [2022-02-20 18:02:08,170 INFO L290 TraceCheckUtils]: 88: Hoare triple {5130#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {5130#false} is VALID [2022-02-20 18:02:08,170 INFO L272 TraceCheckUtils]: 89: Hoare triple {5130#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {5129#true} is VALID [2022-02-20 18:02:08,170 INFO L290 TraceCheckUtils]: 90: Hoare triple {5129#true} ~handle := #in~handle;havoc ~retValue_acc~32; {5129#true} is VALID [2022-02-20 18:02:08,170 INFO L290 TraceCheckUtils]: 91: Hoare triple {5129#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5129#true} is VALID [2022-02-20 18:02:08,170 INFO L290 TraceCheckUtils]: 92: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,170 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {5129#true} {5130#false} #1165#return; {5130#false} is VALID [2022-02-20 18:02:08,170 INFO L290 TraceCheckUtils]: 94: Hoare triple {5130#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {5130#false} is VALID [2022-02-20 18:02:08,171 INFO L272 TraceCheckUtils]: 95: Hoare triple {5130#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {5129#true} is VALID [2022-02-20 18:02:08,171 INFO L290 TraceCheckUtils]: 96: Hoare triple {5129#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {5129#true} is VALID [2022-02-20 18:02:08,171 INFO L290 TraceCheckUtils]: 97: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,172 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {5129#true} {5130#false} #1167#return; {5130#false} is VALID [2022-02-20 18:02:08,172 INFO L290 TraceCheckUtils]: 99: Hoare triple {5130#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {5130#false} is VALID [2022-02-20 18:02:08,172 INFO L290 TraceCheckUtils]: 100: Hoare triple {5130#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {5130#false} is VALID [2022-02-20 18:02:08,172 INFO L290 TraceCheckUtils]: 101: Hoare triple {5130#false} assume !false; {5130#false} is VALID [2022-02-20 18:02:08,173 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:02:08,173 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:08,174 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [723756174] [2022-02-20 18:02:08,176 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [723756174] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:08,176 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1078390767] [2022-02-20 18:02:08,176 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:08,176 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:08,176 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:08,192 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:08,193 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:02:08,424 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,427 INFO L263 TraceCheckSpWp]: Trace formula consists of 1052 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:02:08,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:08,474 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:08,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {5129#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5129#true} is VALID [2022-02-20 18:02:08,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {5129#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {5129#true} is VALID [2022-02-20 18:02:08,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {5129#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5129#true} is VALID [2022-02-20 18:02:08,688 INFO L290 TraceCheckUtils]: 3: Hoare triple {5129#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {5129#true} is VALID [2022-02-20 18:02:08,688 INFO L290 TraceCheckUtils]: 4: Hoare triple {5129#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {5129#true} is VALID [2022-02-20 18:02:08,688 INFO L290 TraceCheckUtils]: 5: Hoare triple {5129#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5129#true} is VALID [2022-02-20 18:02:08,688 INFO L272 TraceCheckUtils]: 6: Hoare triple {5129#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5129#true} is VALID [2022-02-20 18:02:08,691 INFO L290 TraceCheckUtils]: 7: Hoare triple {5129#true} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,691 INFO L290 TraceCheckUtils]: 8: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 9: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5129#true} {5129#true} #1197#return; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 11: Hoare triple {5129#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L272 TraceCheckUtils]: 12: Hoare triple {5129#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 13: Hoare triple {5129#true} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 14: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 15: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5129#true} {5129#true} #1199#return; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 17: Hoare triple {5129#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L272 TraceCheckUtils]: 18: Hoare triple {5129#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 19: Hoare triple {5129#true} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 20: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 21: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5129#true} {5129#true} #1201#return; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 23: Hoare triple {5129#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L272 TraceCheckUtils]: 24: Hoare triple {5129#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 25: Hoare triple {5129#true} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,692 INFO L290 TraceCheckUtils]: 26: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L290 TraceCheckUtils]: 27: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5129#true} {5129#true} #1203#return; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L290 TraceCheckUtils]: 29: Hoare triple {5129#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L272 TraceCheckUtils]: 30: Hoare triple {5129#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L290 TraceCheckUtils]: 31: Hoare triple {5129#true} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L290 TraceCheckUtils]: 32: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L290 TraceCheckUtils]: 33: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5129#true} {5129#true} #1205#return; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L290 TraceCheckUtils]: 35: Hoare triple {5129#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L272 TraceCheckUtils]: 36: Hoare triple {5129#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L290 TraceCheckUtils]: 37: Hoare triple {5129#true} ~handle := #in~handle;~value := #in~value; {5129#true} is VALID [2022-02-20 18:02:08,693 INFO L290 TraceCheckUtils]: 38: Hoare triple {5129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5129#true} is VALID [2022-02-20 18:02:08,694 INFO L290 TraceCheckUtils]: 39: Hoare triple {5129#true} assume true; {5129#true} is VALID [2022-02-20 18:02:08,694 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5129#true} {5129#true} #1207#return; {5129#true} is VALID [2022-02-20 18:02:08,694 INFO L290 TraceCheckUtils]: 41: Hoare triple {5129#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {5129#true} is VALID [2022-02-20 18:02:08,694 INFO L290 TraceCheckUtils]: 42: Hoare triple {5129#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5314#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:08,695 INFO L290 TraceCheckUtils]: 43: Hoare triple {5314#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5314#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:08,695 INFO L290 TraceCheckUtils]: 44: Hoare triple {5314#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5314#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:08,695 INFO L290 TraceCheckUtils]: 45: Hoare triple {5314#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5314#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:08,695 INFO L290 TraceCheckUtils]: 46: Hoare triple {5314#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 47: Hoare triple {5130#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 48: Hoare triple {5130#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 49: Hoare triple {5130#false} assume !false; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 50: Hoare triple {5130#false} assume !(test_~splverifierCounter~0#1 < 4); {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 51: Hoare triple {5130#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L272 TraceCheckUtils]: 52: Hoare triple {5130#false} call sendEmail(~bob~0, ~rjh~0); {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 53: Hoare triple {5130#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L272 TraceCheckUtils]: 54: Hoare triple {5130#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 55: Hoare triple {5130#false} ~handle := #in~handle;~value := #in~value; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 56: Hoare triple {5130#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 57: Hoare triple {5130#false} assume true; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5130#false} {5130#false} #1157#return; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L272 TraceCheckUtils]: 59: Hoare triple {5130#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 60: Hoare triple {5130#false} ~handle := #in~handle;~value := #in~value; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 61: Hoare triple {5130#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 62: Hoare triple {5130#false} assume true; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5130#false} {5130#false} #1159#return; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 64: Hoare triple {5130#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {5130#false} is VALID [2022-02-20 18:02:08,696 INFO L290 TraceCheckUtils]: 65: Hoare triple {5130#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L272 TraceCheckUtils]: 66: Hoare triple {5130#false} call outgoing(~sender#1, ~email~0#1); {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L290 TraceCheckUtils]: 67: Hoare triple {5130#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L290 TraceCheckUtils]: 68: Hoare triple {5130#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L290 TraceCheckUtils]: 69: Hoare triple {5130#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L290 TraceCheckUtils]: 70: Hoare triple {5130#false} assume 0 == sign_~privkey~0#1; {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L290 TraceCheckUtils]: 71: Hoare triple {5130#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L272 TraceCheckUtils]: 72: Hoare triple {5130#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L290 TraceCheckUtils]: 73: Hoare triple {5130#false} ~handle := #in~handle;havoc ~retValue_acc~11; {5130#false} is VALID [2022-02-20 18:02:08,697 INFO L290 TraceCheckUtils]: 74: Hoare triple {5130#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 75: Hoare triple {5130#false} assume true; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {5130#false} {5130#false} #1139#return; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 77: Hoare triple {5130#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 78: Hoare triple {5130#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L272 TraceCheckUtils]: 79: Hoare triple {5130#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 80: Hoare triple {5130#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 81: Hoare triple {5130#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 82: Hoare triple {5130#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L272 TraceCheckUtils]: 83: Hoare triple {5130#false} call setEmailFrom(~msg#1, ~tmp~1#1); {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 84: Hoare triple {5130#false} ~handle := #in~handle;~value := #in~value; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 85: Hoare triple {5130#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 86: Hoare triple {5130#false} assume true; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {5130#false} {5130#false} #1163#return; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 88: Hoare triple {5130#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L272 TraceCheckUtils]: 89: Hoare triple {5130#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 90: Hoare triple {5130#false} ~handle := #in~handle;havoc ~retValue_acc~32; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 91: Hoare triple {5130#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {5130#false} is VALID [2022-02-20 18:02:08,698 INFO L290 TraceCheckUtils]: 92: Hoare triple {5130#false} assume true; {5130#false} is VALID [2022-02-20 18:02:08,699 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {5130#false} {5130#false} #1165#return; {5130#false} is VALID [2022-02-20 18:02:08,699 INFO L290 TraceCheckUtils]: 94: Hoare triple {5130#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {5130#false} is VALID [2022-02-20 18:02:08,699 INFO L272 TraceCheckUtils]: 95: Hoare triple {5130#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {5130#false} is VALID [2022-02-20 18:02:08,699 INFO L290 TraceCheckUtils]: 96: Hoare triple {5130#false} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {5130#false} is VALID [2022-02-20 18:02:08,699 INFO L290 TraceCheckUtils]: 97: Hoare triple {5130#false} assume true; {5130#false} is VALID [2022-02-20 18:02:08,699 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {5130#false} {5130#false} #1167#return; {5130#false} is VALID [2022-02-20 18:02:08,699 INFO L290 TraceCheckUtils]: 99: Hoare triple {5130#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {5130#false} is VALID [2022-02-20 18:02:08,700 INFO L290 TraceCheckUtils]: 100: Hoare triple {5130#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {5130#false} is VALID [2022-02-20 18:02:08,700 INFO L290 TraceCheckUtils]: 101: Hoare triple {5130#false} assume !false; {5130#false} is VALID [2022-02-20 18:02:08,700 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:02:08,700 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:08,700 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1078390767] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:08,700 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:08,701 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:02:08,701 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [656530698] [2022-02-20 18:02:08,701 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:08,702 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 102 [2022-02-20 18:02:08,703 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:08,703 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:08,759 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:08,760 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:02:08,760 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:08,760 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:02:08,760 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:08,761 INFO L87 Difference]: Start difference. First operand 374 states and 572 transitions. Second operand has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:09,374 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:09,374 INFO L93 Difference]: Finished difference Result 796 states and 1236 transitions. [2022-02-20 18:02:09,374 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:09,374 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 102 [2022-02-20 18:02:09,375 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:09,375 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:09,390 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1234 transitions. [2022-02-20 18:02:09,390 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:09,409 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1234 transitions. [2022-02-20 18:02:09,409 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1234 transitions. [2022-02-20 18:02:10,152 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1234 edges. 1234 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:10,165 INFO L225 Difference]: With dead ends: 796 [2022-02-20 18:02:10,166 INFO L226 Difference]: Without dead ends: 449 [2022-02-20 18:02:10,167 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 129 GetRequests, 121 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:10,169 INFO L933 BasicCegarLoop]: 594 mSDtfsCounter, 134 mSDsluCounter, 524 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1118 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:10,172 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 1118 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:10,174 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 449 states. [2022-02-20 18:02:10,199 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 449 to 441. [2022-02-20 18:02:10,199 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:10,200 INFO L82 GeneralOperation]: Start isEquivalent. First operand 449 states. Second operand has 441 states, 351 states have (on average 1.5783475783475784) internal successors, (554), 353 states have internal predecessors, (554), 68 states have call successors, (68), 21 states have call predecessors, (68), 21 states have return successors, (67), 66 states have call predecessors, (67), 67 states have call successors, (67) [2022-02-20 18:02:10,201 INFO L74 IsIncluded]: Start isIncluded. First operand 449 states. Second operand has 441 states, 351 states have (on average 1.5783475783475784) internal successors, (554), 353 states have internal predecessors, (554), 68 states have call successors, (68), 21 states have call predecessors, (68), 21 states have return successors, (67), 66 states have call predecessors, (67), 67 states have call successors, (67) [2022-02-20 18:02:10,202 INFO L87 Difference]: Start difference. First operand 449 states. Second operand has 441 states, 351 states have (on average 1.5783475783475784) internal successors, (554), 353 states have internal predecessors, (554), 68 states have call successors, (68), 21 states have call predecessors, (68), 21 states have return successors, (67), 66 states have call predecessors, (67), 67 states have call successors, (67) [2022-02-20 18:02:10,215 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:10,215 INFO L93 Difference]: Finished difference Result 449 states and 698 transitions. [2022-02-20 18:02:10,216 INFO L276 IsEmpty]: Start isEmpty. Operand 449 states and 698 transitions. [2022-02-20 18:02:10,217 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:10,217 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:10,218 INFO L74 IsIncluded]: Start isIncluded. First operand has 441 states, 351 states have (on average 1.5783475783475784) internal successors, (554), 353 states have internal predecessors, (554), 68 states have call successors, (68), 21 states have call predecessors, (68), 21 states have return successors, (67), 66 states have call predecessors, (67), 67 states have call successors, (67) Second operand 449 states. [2022-02-20 18:02:10,219 INFO L87 Difference]: Start difference. First operand has 441 states, 351 states have (on average 1.5783475783475784) internal successors, (554), 353 states have internal predecessors, (554), 68 states have call successors, (68), 21 states have call predecessors, (68), 21 states have return successors, (67), 66 states have call predecessors, (67), 67 states have call successors, (67) Second operand 449 states. [2022-02-20 18:02:10,231 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:10,231 INFO L93 Difference]: Finished difference Result 449 states and 698 transitions. [2022-02-20 18:02:10,231 INFO L276 IsEmpty]: Start isEmpty. Operand 449 states and 698 transitions. [2022-02-20 18:02:10,233 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:10,233 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:10,233 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:10,233 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:10,234 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 441 states, 351 states have (on average 1.5783475783475784) internal successors, (554), 353 states have internal predecessors, (554), 68 states have call successors, (68), 21 states have call predecessors, (68), 21 states have return successors, (67), 66 states have call predecessors, (67), 67 states have call successors, (67) [2022-02-20 18:02:10,248 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 441 states to 441 states and 689 transitions. [2022-02-20 18:02:10,248 INFO L78 Accepts]: Start accepts. Automaton has 441 states and 689 transitions. Word has length 102 [2022-02-20 18:02:10,248 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:10,248 INFO L470 AbstractCegarLoop]: Abstraction has 441 states and 689 transitions. [2022-02-20 18:02:10,249 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 20.0) internal successors, (60), 3 states have internal predecessors, (60), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:02:10,249 INFO L276 IsEmpty]: Start isEmpty. Operand 441 states and 689 transitions. [2022-02-20 18:02:10,250 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 104 [2022-02-20 18:02:10,250 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:10,250 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:10,269 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:10,459 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:10,460 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:10,460 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:10,460 INFO L85 PathProgramCache]: Analyzing trace with hash 967185357, now seen corresponding path program 1 times [2022-02-20 18:02:10,460 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:10,462 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [338755857] [2022-02-20 18:02:10,462 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:10,462 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:10,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,515 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:10,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,520 INFO L290 TraceCheckUtils]: 0: Hoare triple {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,520 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,521 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,521 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8102#true} #1197#return; {8102#true} is VALID [2022-02-20 18:02:10,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:10,529 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,536 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,536 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8102#true} #1199#return; {8102#true} is VALID [2022-02-20 18:02:10,537 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:10,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,572 INFO L290 TraceCheckUtils]: 0: Hoare triple {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8154#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:10,572 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8155#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:10,572 INFO L290 TraceCheckUtils]: 2: Hoare triple {8155#(= |setClientId_#in~handle| 1)} assume true; {8155#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:10,573 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8155#(= |setClientId_#in~handle| 1)} {8112#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1201#return; {8103#false} is VALID [2022-02-20 18:02:10,573 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:10,575 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,577 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,577 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,577 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8103#false} #1203#return; {8103#false} is VALID [2022-02-20 18:02:10,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:10,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,582 INFO L290 TraceCheckUtils]: 0: Hoare triple {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,582 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,582 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,582 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8103#false} #1205#return; {8103#false} is VALID [2022-02-20 18:02:10,583 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:10,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,586 INFO L290 TraceCheckUtils]: 0: Hoare triple {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,587 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,587 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,587 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8103#false} #1207#return; {8103#false} is VALID [2022-02-20 18:02:10,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:02:10,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {8156#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,598 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,598 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8103#false} #1157#return; {8103#false} is VALID [2022-02-20 18:02:10,606 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:02:10,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,609 INFO L290 TraceCheckUtils]: 0: Hoare triple {8157#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,610 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,610 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,610 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8103#false} #1159#return; {8103#false} is VALID [2022-02-20 18:02:10,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:02:10,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,613 INFO L290 TraceCheckUtils]: 0: Hoare triple {8102#true} ~handle := #in~handle;havoc ~retValue_acc~11; {8102#true} is VALID [2022-02-20 18:02:10,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {8102#true} is VALID [2022-02-20 18:02:10,614 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,614 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8103#false} #1139#return; {8103#false} is VALID [2022-02-20 18:02:10,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:02:10,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {8156#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8103#false} #1163#return; {8103#false} is VALID [2022-02-20 18:02:10,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:02:10,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {8102#true} ~handle := #in~handle;havoc ~retValue_acc~32; {8102#true} is VALID [2022-02-20 18:02:10,626 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8102#true} is VALID [2022-02-20 18:02:10,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,626 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8102#true} {8103#false} #1165#return; {8103#false} is VALID [2022-02-20 18:02:10,626 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:10,627 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,629 INFO L290 TraceCheckUtils]: 0: Hoare triple {8102#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {8102#true} is VALID [2022-02-20 18:02:10,629 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,629 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8102#true} {8103#false} #1167#return; {8103#false} is VALID [2022-02-20 18:02:10,629 INFO L290 TraceCheckUtils]: 0: Hoare triple {8102#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {8102#true} is VALID [2022-02-20 18:02:10,629 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {8102#true} is VALID [2022-02-20 18:02:10,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8102#true} is VALID [2022-02-20 18:02:10,630 INFO L290 TraceCheckUtils]: 3: Hoare triple {8102#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {8102#true} is VALID [2022-02-20 18:02:10,630 INFO L290 TraceCheckUtils]: 4: Hoare triple {8102#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {8102#true} is VALID [2022-02-20 18:02:10,630 INFO L290 TraceCheckUtils]: 5: Hoare triple {8102#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8102#true} is VALID [2022-02-20 18:02:10,630 INFO L272 TraceCheckUtils]: 6: Hoare triple {8102#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,631 INFO L290 TraceCheckUtils]: 7: Hoare triple {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,631 INFO L290 TraceCheckUtils]: 8: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,631 INFO L290 TraceCheckUtils]: 9: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,631 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8102#true} {8102#true} #1197#return; {8102#true} is VALID [2022-02-20 18:02:10,631 INFO L290 TraceCheckUtils]: 11: Hoare triple {8102#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8102#true} is VALID [2022-02-20 18:02:10,631 INFO L272 TraceCheckUtils]: 12: Hoare triple {8102#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:10,631 INFO L290 TraceCheckUtils]: 13: Hoare triple {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,632 INFO L290 TraceCheckUtils]: 14: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,632 INFO L290 TraceCheckUtils]: 15: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,632 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8102#true} {8102#true} #1199#return; {8102#true} is VALID [2022-02-20 18:02:10,632 INFO L290 TraceCheckUtils]: 17: Hoare triple {8102#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8112#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:10,633 INFO L272 TraceCheckUtils]: 18: Hoare triple {8112#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,633 INFO L290 TraceCheckUtils]: 19: Hoare triple {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8154#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:10,633 INFO L290 TraceCheckUtils]: 20: Hoare triple {8154#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8155#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:10,634 INFO L290 TraceCheckUtils]: 21: Hoare triple {8155#(= |setClientId_#in~handle| 1)} assume true; {8155#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:10,634 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8155#(= |setClientId_#in~handle| 1)} {8112#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1201#return; {8103#false} is VALID [2022-02-20 18:02:10,634 INFO L290 TraceCheckUtils]: 23: Hoare triple {8103#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8103#false} is VALID [2022-02-20 18:02:10,634 INFO L272 TraceCheckUtils]: 24: Hoare triple {8103#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:10,634 INFO L290 TraceCheckUtils]: 25: Hoare triple {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,635 INFO L290 TraceCheckUtils]: 26: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,635 INFO L290 TraceCheckUtils]: 27: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,635 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8102#true} {8103#false} #1203#return; {8103#false} is VALID [2022-02-20 18:02:10,635 INFO L290 TraceCheckUtils]: 29: Hoare triple {8103#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8103#false} is VALID [2022-02-20 18:02:10,635 INFO L272 TraceCheckUtils]: 30: Hoare triple {8103#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:10,635 INFO L290 TraceCheckUtils]: 31: Hoare triple {8152#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,635 INFO L290 TraceCheckUtils]: 32: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,635 INFO L290 TraceCheckUtils]: 33: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,635 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8102#true} {8103#false} #1205#return; {8103#false} is VALID [2022-02-20 18:02:10,636 INFO L290 TraceCheckUtils]: 35: Hoare triple {8103#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8103#false} is VALID [2022-02-20 18:02:10,636 INFO L272 TraceCheckUtils]: 36: Hoare triple {8103#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:10,636 INFO L290 TraceCheckUtils]: 37: Hoare triple {8153#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,636 INFO L290 TraceCheckUtils]: 38: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,636 INFO L290 TraceCheckUtils]: 39: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,636 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8102#true} {8103#false} #1207#return; {8103#false} is VALID [2022-02-20 18:02:10,636 INFO L290 TraceCheckUtils]: 41: Hoare triple {8103#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {8103#false} is VALID [2022-02-20 18:02:10,636 INFO L290 TraceCheckUtils]: 42: Hoare triple {8103#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8103#false} is VALID [2022-02-20 18:02:10,637 INFO L290 TraceCheckUtils]: 43: Hoare triple {8103#false} assume !false; {8103#false} is VALID [2022-02-20 18:02:10,637 INFO L290 TraceCheckUtils]: 44: Hoare triple {8103#false} assume test_~splverifierCounter~0#1 < 4; {8103#false} is VALID [2022-02-20 18:02:10,637 INFO L290 TraceCheckUtils]: 45: Hoare triple {8103#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8103#false} is VALID [2022-02-20 18:02:10,637 INFO L290 TraceCheckUtils]: 46: Hoare triple {8103#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {8103#false} is VALID [2022-02-20 18:02:10,637 INFO L290 TraceCheckUtils]: 47: Hoare triple {8103#false} assume !(0 != test_~tmp___9~0#1); {8103#false} is VALID [2022-02-20 18:02:10,637 INFO L290 TraceCheckUtils]: 48: Hoare triple {8103#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {8103#false} is VALID [2022-02-20 18:02:10,637 INFO L290 TraceCheckUtils]: 49: Hoare triple {8103#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8103#false} is VALID [2022-02-20 18:02:10,637 INFO L290 TraceCheckUtils]: 50: Hoare triple {8103#false} assume !false; {8103#false} is VALID [2022-02-20 18:02:10,638 INFO L290 TraceCheckUtils]: 51: Hoare triple {8103#false} assume !(test_~splverifierCounter~0#1 < 4); {8103#false} is VALID [2022-02-20 18:02:10,638 INFO L290 TraceCheckUtils]: 52: Hoare triple {8103#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {8103#false} is VALID [2022-02-20 18:02:10,638 INFO L272 TraceCheckUtils]: 53: Hoare triple {8103#false} call sendEmail(~bob~0, ~rjh~0); {8103#false} is VALID [2022-02-20 18:02:10,638 INFO L290 TraceCheckUtils]: 54: Hoare triple {8103#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8103#false} is VALID [2022-02-20 18:02:10,638 INFO L272 TraceCheckUtils]: 55: Hoare triple {8103#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8156#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:10,638 INFO L290 TraceCheckUtils]: 56: Hoare triple {8156#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,638 INFO L290 TraceCheckUtils]: 57: Hoare triple {8102#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,638 INFO L290 TraceCheckUtils]: 58: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,638 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8102#true} {8103#false} #1157#return; {8103#false} is VALID [2022-02-20 18:02:10,639 INFO L272 TraceCheckUtils]: 60: Hoare triple {8103#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8157#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:10,639 INFO L290 TraceCheckUtils]: 61: Hoare triple {8157#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,639 INFO L290 TraceCheckUtils]: 62: Hoare triple {8102#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,639 INFO L290 TraceCheckUtils]: 63: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,639 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {8102#true} {8103#false} #1159#return; {8103#false} is VALID [2022-02-20 18:02:10,639 INFO L290 TraceCheckUtils]: 65: Hoare triple {8103#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {8103#false} is VALID [2022-02-20 18:02:10,639 INFO L290 TraceCheckUtils]: 66: Hoare triple {8103#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {8103#false} is VALID [2022-02-20 18:02:10,639 INFO L272 TraceCheckUtils]: 67: Hoare triple {8103#false} call outgoing(~sender#1, ~email~0#1); {8103#false} is VALID [2022-02-20 18:02:10,639 INFO L290 TraceCheckUtils]: 68: Hoare triple {8103#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {8103#false} is VALID [2022-02-20 18:02:10,640 INFO L290 TraceCheckUtils]: 69: Hoare triple {8103#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {8103#false} is VALID [2022-02-20 18:02:10,640 INFO L290 TraceCheckUtils]: 70: Hoare triple {8103#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {8103#false} is VALID [2022-02-20 18:02:10,640 INFO L290 TraceCheckUtils]: 71: Hoare triple {8103#false} assume 0 == sign_~privkey~0#1; {8103#false} is VALID [2022-02-20 18:02:10,640 INFO L290 TraceCheckUtils]: 72: Hoare triple {8103#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {8103#false} is VALID [2022-02-20 18:02:10,640 INFO L272 TraceCheckUtils]: 73: Hoare triple {8103#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {8102#true} is VALID [2022-02-20 18:02:10,640 INFO L290 TraceCheckUtils]: 74: Hoare triple {8102#true} ~handle := #in~handle;havoc ~retValue_acc~11; {8102#true} is VALID [2022-02-20 18:02:10,640 INFO L290 TraceCheckUtils]: 75: Hoare triple {8102#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {8102#true} is VALID [2022-02-20 18:02:10,640 INFO L290 TraceCheckUtils]: 76: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,640 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {8102#true} {8103#false} #1139#return; {8103#false} is VALID [2022-02-20 18:02:10,641 INFO L290 TraceCheckUtils]: 78: Hoare triple {8103#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {8103#false} is VALID [2022-02-20 18:02:10,641 INFO L290 TraceCheckUtils]: 79: Hoare triple {8103#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {8103#false} is VALID [2022-02-20 18:02:10,641 INFO L272 TraceCheckUtils]: 80: Hoare triple {8103#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {8103#false} is VALID [2022-02-20 18:02:10,641 INFO L290 TraceCheckUtils]: 81: Hoare triple {8103#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {8103#false} is VALID [2022-02-20 18:02:10,641 INFO L290 TraceCheckUtils]: 82: Hoare triple {8103#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {8103#false} is VALID [2022-02-20 18:02:10,641 INFO L290 TraceCheckUtils]: 83: Hoare triple {8103#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {8103#false} is VALID [2022-02-20 18:02:10,641 INFO L272 TraceCheckUtils]: 84: Hoare triple {8103#false} call setEmailFrom(~msg#1, ~tmp~1#1); {8156#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:10,641 INFO L290 TraceCheckUtils]: 85: Hoare triple {8156#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:10,641 INFO L290 TraceCheckUtils]: 86: Hoare triple {8102#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:10,642 INFO L290 TraceCheckUtils]: 87: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,642 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {8102#true} {8103#false} #1163#return; {8103#false} is VALID [2022-02-20 18:02:10,642 INFO L290 TraceCheckUtils]: 89: Hoare triple {8103#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {8103#false} is VALID [2022-02-20 18:02:10,642 INFO L272 TraceCheckUtils]: 90: Hoare triple {8103#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {8102#true} is VALID [2022-02-20 18:02:10,642 INFO L290 TraceCheckUtils]: 91: Hoare triple {8102#true} ~handle := #in~handle;havoc ~retValue_acc~32; {8102#true} is VALID [2022-02-20 18:02:10,642 INFO L290 TraceCheckUtils]: 92: Hoare triple {8102#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8102#true} is VALID [2022-02-20 18:02:10,642 INFO L290 TraceCheckUtils]: 93: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,642 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {8102#true} {8103#false} #1165#return; {8103#false} is VALID [2022-02-20 18:02:10,642 INFO L290 TraceCheckUtils]: 95: Hoare triple {8103#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {8103#false} is VALID [2022-02-20 18:02:10,643 INFO L272 TraceCheckUtils]: 96: Hoare triple {8103#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {8102#true} is VALID [2022-02-20 18:02:10,643 INFO L290 TraceCheckUtils]: 97: Hoare triple {8102#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {8102#true} is VALID [2022-02-20 18:02:10,643 INFO L290 TraceCheckUtils]: 98: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:10,643 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {8102#true} {8103#false} #1167#return; {8103#false} is VALID [2022-02-20 18:02:10,643 INFO L290 TraceCheckUtils]: 100: Hoare triple {8103#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {8103#false} is VALID [2022-02-20 18:02:10,643 INFO L290 TraceCheckUtils]: 101: Hoare triple {8103#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {8103#false} is VALID [2022-02-20 18:02:10,643 INFO L290 TraceCheckUtils]: 102: Hoare triple {8103#false} assume !false; {8103#false} is VALID [2022-02-20 18:02:10,644 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:02:10,644 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:10,644 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [338755857] [2022-02-20 18:02:10,644 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [338755857] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:10,644 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1970576590] [2022-02-20 18:02:10,644 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:10,645 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:10,645 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:10,646 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:10,647 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:02:10,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,855 INFO L263 TraceCheckSpWp]: Trace formula consists of 1059 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:02:10,912 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:10,914 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:11,175 INFO L290 TraceCheckUtils]: 0: Hoare triple {8102#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {8102#true} is VALID [2022-02-20 18:02:11,175 INFO L290 TraceCheckUtils]: 1: Hoare triple {8102#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {8102#true} is VALID [2022-02-20 18:02:11,175 INFO L290 TraceCheckUtils]: 2: Hoare triple {8102#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8102#true} is VALID [2022-02-20 18:02:11,175 INFO L290 TraceCheckUtils]: 3: Hoare triple {8102#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {8102#true} is VALID [2022-02-20 18:02:11,175 INFO L290 TraceCheckUtils]: 4: Hoare triple {8102#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {8102#true} is VALID [2022-02-20 18:02:11,175 INFO L290 TraceCheckUtils]: 5: Hoare triple {8102#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8102#true} is VALID [2022-02-20 18:02:11,175 INFO L272 TraceCheckUtils]: 6: Hoare triple {8102#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L290 TraceCheckUtils]: 7: Hoare triple {8102#true} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L290 TraceCheckUtils]: 8: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L290 TraceCheckUtils]: 9: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8102#true} {8102#true} #1197#return; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L290 TraceCheckUtils]: 11: Hoare triple {8102#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L272 TraceCheckUtils]: 12: Hoare triple {8102#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L290 TraceCheckUtils]: 13: Hoare triple {8102#true} ~handle := #in~handle;~value := #in~value; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L290 TraceCheckUtils]: 14: Hoare triple {8102#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L290 TraceCheckUtils]: 15: Hoare triple {8102#true} assume true; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8102#true} {8102#true} #1199#return; {8102#true} is VALID [2022-02-20 18:02:11,176 INFO L290 TraceCheckUtils]: 17: Hoare triple {8102#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8212#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:11,177 INFO L272 TraceCheckUtils]: 18: Hoare triple {8212#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8102#true} is VALID [2022-02-20 18:02:11,177 INFO L290 TraceCheckUtils]: 19: Hoare triple {8102#true} ~handle := #in~handle;~value := #in~value; {8219#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:02:11,177 INFO L290 TraceCheckUtils]: 20: Hoare triple {8219#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8223#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:11,177 INFO L290 TraceCheckUtils]: 21: Hoare triple {8223#(<= |setClientId_#in~handle| 1)} assume true; {8223#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:11,178 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8223#(<= |setClientId_#in~handle| 1)} {8212#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1201#return; {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L290 TraceCheckUtils]: 23: Hoare triple {8103#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L272 TraceCheckUtils]: 24: Hoare triple {8103#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L290 TraceCheckUtils]: 25: Hoare triple {8103#false} ~handle := #in~handle;~value := #in~value; {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L290 TraceCheckUtils]: 26: Hoare triple {8103#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L290 TraceCheckUtils]: 27: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8103#false} {8103#false} #1203#return; {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L290 TraceCheckUtils]: 29: Hoare triple {8103#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L272 TraceCheckUtils]: 30: Hoare triple {8103#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8103#false} is VALID [2022-02-20 18:02:11,178 INFO L290 TraceCheckUtils]: 31: Hoare triple {8103#false} ~handle := #in~handle;~value := #in~value; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 32: Hoare triple {8103#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 33: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8103#false} {8103#false} #1205#return; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 35: Hoare triple {8103#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L272 TraceCheckUtils]: 36: Hoare triple {8103#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 37: Hoare triple {8103#false} ~handle := #in~handle;~value := #in~value; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 38: Hoare triple {8103#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 39: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8103#false} {8103#false} #1207#return; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 41: Hoare triple {8103#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 42: Hoare triple {8103#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 43: Hoare triple {8103#false} assume !false; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 44: Hoare triple {8103#false} assume test_~splverifierCounter~0#1 < 4; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 45: Hoare triple {8103#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 46: Hoare triple {8103#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 47: Hoare triple {8103#false} assume !(0 != test_~tmp___9~0#1); {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 48: Hoare triple {8103#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 49: Hoare triple {8103#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 50: Hoare triple {8103#false} assume !false; {8103#false} is VALID [2022-02-20 18:02:11,179 INFO L290 TraceCheckUtils]: 51: Hoare triple {8103#false} assume !(test_~splverifierCounter~0#1 < 4); {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 52: Hoare triple {8103#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L272 TraceCheckUtils]: 53: Hoare triple {8103#false} call sendEmail(~bob~0, ~rjh~0); {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 54: Hoare triple {8103#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L272 TraceCheckUtils]: 55: Hoare triple {8103#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 56: Hoare triple {8103#false} ~handle := #in~handle;~value := #in~value; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 57: Hoare triple {8103#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 58: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8103#false} {8103#false} #1157#return; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L272 TraceCheckUtils]: 60: Hoare triple {8103#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 61: Hoare triple {8103#false} ~handle := #in~handle;~value := #in~value; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 62: Hoare triple {8103#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 63: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {8103#false} {8103#false} #1159#return; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 65: Hoare triple {8103#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 66: Hoare triple {8103#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L272 TraceCheckUtils]: 67: Hoare triple {8103#false} call outgoing(~sender#1, ~email~0#1); {8103#false} is VALID [2022-02-20 18:02:11,180 INFO L290 TraceCheckUtils]: 68: Hoare triple {8103#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 69: Hoare triple {8103#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 70: Hoare triple {8103#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 71: Hoare triple {8103#false} assume 0 == sign_~privkey~0#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 72: Hoare triple {8103#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L272 TraceCheckUtils]: 73: Hoare triple {8103#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 74: Hoare triple {8103#false} ~handle := #in~handle;havoc ~retValue_acc~11; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 75: Hoare triple {8103#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 76: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {8103#false} {8103#false} #1139#return; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 78: Hoare triple {8103#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 79: Hoare triple {8103#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L272 TraceCheckUtils]: 80: Hoare triple {8103#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 81: Hoare triple {8103#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 82: Hoare triple {8103#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 83: Hoare triple {8103#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L272 TraceCheckUtils]: 84: Hoare triple {8103#false} call setEmailFrom(~msg#1, ~tmp~1#1); {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 85: Hoare triple {8103#false} ~handle := #in~handle;~value := #in~value; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 86: Hoare triple {8103#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L290 TraceCheckUtils]: 87: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,181 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {8103#false} {8103#false} #1163#return; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 89: Hoare triple {8103#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L272 TraceCheckUtils]: 90: Hoare triple {8103#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 91: Hoare triple {8103#false} ~handle := #in~handle;havoc ~retValue_acc~32; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 92: Hoare triple {8103#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 93: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {8103#false} {8103#false} #1165#return; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 95: Hoare triple {8103#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L272 TraceCheckUtils]: 96: Hoare triple {8103#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 97: Hoare triple {8103#false} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 98: Hoare triple {8103#false} assume true; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {8103#false} {8103#false} #1167#return; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 100: Hoare triple {8103#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 101: Hoare triple {8103#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L290 TraceCheckUtils]: 102: Hoare triple {8103#false} assume !false; {8103#false} is VALID [2022-02-20 18:02:11,182 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:02:11,182 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:11,183 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1970576590] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:11,183 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:11,183 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:02:11,183 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [748111519] [2022-02-20 18:02:11,183 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:11,183 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 103 [2022-02-20 18:02:11,184 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:11,184 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:11,253 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:11,253 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:11,253 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:11,254 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:11,254 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:11,254 INFO L87 Difference]: Start difference. First operand 441 states and 689 transitions. Second operand has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:12,374 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:12,374 INFO L93 Difference]: Finished difference Result 873 states and 1368 transitions. [2022-02-20 18:02:12,374 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:02:12,375 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 103 [2022-02-20 18:02:12,375 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:12,375 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:12,382 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1130 transitions. [2022-02-20 18:02:12,383 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:12,390 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1130 transitions. [2022-02-20 18:02:12,390 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1130 transitions. [2022-02-20 18:02:13,040 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1130 edges. 1130 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:13,052 INFO L225 Difference]: With dead ends: 873 [2022-02-20 18:02:13,052 INFO L226 Difference]: Without dead ends: 443 [2022-02-20 18:02:13,054 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 120 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:13,056 INFO L933 BasicCegarLoop]: 561 mSDtfsCounter, 152 mSDsluCounter, 1509 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 175 SdHoareTripleChecker+Valid, 2070 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:13,058 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [175 Valid, 2070 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:13,059 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 443 states. [2022-02-20 18:02:13,107 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 443 to 443. [2022-02-20 18:02:13,107 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:13,112 INFO L82 GeneralOperation]: Start isEquivalent. First operand 443 states. Second operand has 443 states, 352 states have (on average 1.5767045454545454) internal successors, (555), 355 states have internal predecessors, (555), 68 states have call successors, (68), 21 states have call predecessors, (68), 22 states have return successors, (69), 66 states have call predecessors, (69), 67 states have call successors, (69) [2022-02-20 18:02:13,113 INFO L74 IsIncluded]: Start isIncluded. First operand 443 states. Second operand has 443 states, 352 states have (on average 1.5767045454545454) internal successors, (555), 355 states have internal predecessors, (555), 68 states have call successors, (68), 21 states have call predecessors, (68), 22 states have return successors, (69), 66 states have call predecessors, (69), 67 states have call successors, (69) [2022-02-20 18:02:13,115 INFO L87 Difference]: Start difference. First operand 443 states. Second operand has 443 states, 352 states have (on average 1.5767045454545454) internal successors, (555), 355 states have internal predecessors, (555), 68 states have call successors, (68), 21 states have call predecessors, (68), 22 states have return successors, (69), 66 states have call predecessors, (69), 67 states have call successors, (69) [2022-02-20 18:02:13,126 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:13,127 INFO L93 Difference]: Finished difference Result 443 states and 692 transitions. [2022-02-20 18:02:13,127 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 692 transitions. [2022-02-20 18:02:13,128 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:13,128 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:13,129 INFO L74 IsIncluded]: Start isIncluded. First operand has 443 states, 352 states have (on average 1.5767045454545454) internal successors, (555), 355 states have internal predecessors, (555), 68 states have call successors, (68), 21 states have call predecessors, (68), 22 states have return successors, (69), 66 states have call predecessors, (69), 67 states have call successors, (69) Second operand 443 states. [2022-02-20 18:02:13,130 INFO L87 Difference]: Start difference. First operand has 443 states, 352 states have (on average 1.5767045454545454) internal successors, (555), 355 states have internal predecessors, (555), 68 states have call successors, (68), 21 states have call predecessors, (68), 22 states have return successors, (69), 66 states have call predecessors, (69), 67 states have call successors, (69) Second operand 443 states. [2022-02-20 18:02:13,143 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:13,143 INFO L93 Difference]: Finished difference Result 443 states and 692 transitions. [2022-02-20 18:02:13,143 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 692 transitions. [2022-02-20 18:02:13,145 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:13,145 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:13,145 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:13,145 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:13,146 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 443 states, 352 states have (on average 1.5767045454545454) internal successors, (555), 355 states have internal predecessors, (555), 68 states have call successors, (68), 21 states have call predecessors, (68), 22 states have return successors, (69), 66 states have call predecessors, (69), 67 states have call successors, (69) [2022-02-20 18:02:13,159 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 443 states to 443 states and 692 transitions. [2022-02-20 18:02:13,160 INFO L78 Accepts]: Start accepts. Automaton has 443 states and 692 transitions. Word has length 103 [2022-02-20 18:02:13,160 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:13,160 INFO L470 AbstractCegarLoop]: Abstraction has 443 states and 692 transitions. [2022-02-20 18:02:13,160 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 17.25) internal successors, (69), 5 states have internal predecessors, (69), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:13,160 INFO L276 IsEmpty]: Start isEmpty. Operand 443 states and 692 transitions. [2022-02-20 18:02:13,163 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 105 [2022-02-20 18:02:13,164 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:13,164 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:13,182 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:13,382 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:13,383 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:13,383 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:13,383 INFO L85 PathProgramCache]: Analyzing trace with hash -1568444971, now seen corresponding path program 1 times [2022-02-20 18:02:13,383 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:13,383 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2138218629] [2022-02-20 18:02:13,383 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:13,383 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:13,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,520 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:13,522 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,525 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,525 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11187#true} #1197#return; {11187#true} is VALID [2022-02-20 18:02:13,530 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:13,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,535 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,535 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,536 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11187#true} #1199#return; {11187#true} is VALID [2022-02-20 18:02:13,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:13,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,553 INFO L290 TraceCheckUtils]: 0: Hoare triple {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11241#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:13,553 INFO L290 TraceCheckUtils]: 1: Hoare triple {11241#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11241#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:13,554 INFO L290 TraceCheckUtils]: 2: Hoare triple {11241#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11242#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:13,554 INFO L290 TraceCheckUtils]: 3: Hoare triple {11242#(= 2 |setClientId_#in~handle|)} assume true; {11242#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:13,554 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11242#(= 2 |setClientId_#in~handle|)} {11197#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1201#return; {11203#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:13,555 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:13,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,575 INFO L290 TraceCheckUtils]: 0: Hoare triple {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11243#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:13,576 INFO L290 TraceCheckUtils]: 1: Hoare triple {11243#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11244#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:13,576 INFO L290 TraceCheckUtils]: 2: Hoare triple {11244#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11244#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:13,577 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11244#(= |setClientPrivateKey_#in~handle| 1)} {11203#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1203#return; {11188#false} is VALID [2022-02-20 18:02:13,577 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:02:13,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,582 INFO L290 TraceCheckUtils]: 0: Hoare triple {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,582 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,582 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,582 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11188#false} #1205#return; {11188#false} is VALID [2022-02-20 18:02:13,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:02:13,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,587 INFO L290 TraceCheckUtils]: 0: Hoare triple {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,587 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,587 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,587 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11188#false} #1207#return; {11188#false} is VALID [2022-02-20 18:02:13,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:02:13,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {11245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,604 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11188#false} #1157#return; {11188#false} is VALID [2022-02-20 18:02:13,613 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:13,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {11246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11188#false} #1159#return; {11188#false} is VALID [2022-02-20 18:02:13,617 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:02:13,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {11187#true} ~handle := #in~handle;havoc ~retValue_acc~11; {11187#true} is VALID [2022-02-20 18:02:13,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {11187#true} is VALID [2022-02-20 18:02:13,620 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,620 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11188#false} #1139#return; {11188#false} is VALID [2022-02-20 18:02:13,620 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:02:13,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {11245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,625 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,625 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11188#false} #1163#return; {11188#false} is VALID [2022-02-20 18:02:13,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:02:13,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {11187#true} ~handle := #in~handle;havoc ~retValue_acc~32; {11187#true} is VALID [2022-02-20 18:02:13,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {11187#true} is VALID [2022-02-20 18:02:13,628 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,628 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11187#true} {11188#false} #1165#return; {11188#false} is VALID [2022-02-20 18:02:13,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:02:13,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {11187#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {11187#true} is VALID [2022-02-20 18:02:13,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,630 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {11187#true} {11188#false} #1167#return; {11188#false} is VALID [2022-02-20 18:02:13,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {11187#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {11187#true} is VALID [2022-02-20 18:02:13,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {11187#true} is VALID [2022-02-20 18:02:13,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11187#true} is VALID [2022-02-20 18:02:13,630 INFO L290 TraceCheckUtils]: 3: Hoare triple {11187#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {11187#true} is VALID [2022-02-20 18:02:13,630 INFO L290 TraceCheckUtils]: 4: Hoare triple {11187#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {11187#true} is VALID [2022-02-20 18:02:13,630 INFO L290 TraceCheckUtils]: 5: Hoare triple {11187#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11187#true} is VALID [2022-02-20 18:02:13,631 INFO L272 TraceCheckUtils]: 6: Hoare triple {11187#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:13,631 INFO L290 TraceCheckUtils]: 7: Hoare triple {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,631 INFO L290 TraceCheckUtils]: 8: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,631 INFO L290 TraceCheckUtils]: 9: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,631 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11187#true} {11187#true} #1197#return; {11187#true} is VALID [2022-02-20 18:02:13,631 INFO L290 TraceCheckUtils]: 11: Hoare triple {11187#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11187#true} is VALID [2022-02-20 18:02:13,632 INFO L272 TraceCheckUtils]: 12: Hoare triple {11187#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:13,632 INFO L290 TraceCheckUtils]: 13: Hoare triple {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,632 INFO L290 TraceCheckUtils]: 14: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,632 INFO L290 TraceCheckUtils]: 15: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,632 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11187#true} {11187#true} #1199#return; {11187#true} is VALID [2022-02-20 18:02:13,632 INFO L290 TraceCheckUtils]: 17: Hoare triple {11187#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11197#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:13,633 INFO L272 TraceCheckUtils]: 18: Hoare triple {11197#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:13,633 INFO L290 TraceCheckUtils]: 19: Hoare triple {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11241#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:13,633 INFO L290 TraceCheckUtils]: 20: Hoare triple {11241#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11241#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:13,634 INFO L290 TraceCheckUtils]: 21: Hoare triple {11241#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11242#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:13,634 INFO L290 TraceCheckUtils]: 22: Hoare triple {11242#(= 2 |setClientId_#in~handle|)} assume true; {11242#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:13,634 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11242#(= 2 |setClientId_#in~handle|)} {11197#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1201#return; {11203#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:13,634 INFO L290 TraceCheckUtils]: 24: Hoare triple {11203#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11203#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:13,635 INFO L272 TraceCheckUtils]: 25: Hoare triple {11203#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:13,635 INFO L290 TraceCheckUtils]: 26: Hoare triple {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11243#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:13,636 INFO L290 TraceCheckUtils]: 27: Hoare triple {11243#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11244#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:13,636 INFO L290 TraceCheckUtils]: 28: Hoare triple {11244#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11244#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:13,636 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11244#(= |setClientPrivateKey_#in~handle| 1)} {11203#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1203#return; {11188#false} is VALID [2022-02-20 18:02:13,636 INFO L290 TraceCheckUtils]: 30: Hoare triple {11188#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11188#false} is VALID [2022-02-20 18:02:13,636 INFO L272 TraceCheckUtils]: 31: Hoare triple {11188#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:13,636 INFO L290 TraceCheckUtils]: 32: Hoare triple {11239#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,636 INFO L290 TraceCheckUtils]: 33: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 34: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,637 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11187#true} {11188#false} #1205#return; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 36: Hoare triple {11188#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L272 TraceCheckUtils]: 37: Hoare triple {11188#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 38: Hoare triple {11240#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 39: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 40: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,637 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11187#true} {11188#false} #1207#return; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 42: Hoare triple {11188#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 43: Hoare triple {11188#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 44: Hoare triple {11188#false} assume !false; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 45: Hoare triple {11188#false} assume test_~splverifierCounter~0#1 < 4; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 46: Hoare triple {11188#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 47: Hoare triple {11188#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 48: Hoare triple {11188#false} assume !(0 != test_~tmp___9~0#1); {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 49: Hoare triple {11188#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 50: Hoare triple {11188#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 51: Hoare triple {11188#false} assume !false; {11188#false} is VALID [2022-02-20 18:02:13,637 INFO L290 TraceCheckUtils]: 52: Hoare triple {11188#false} assume !(test_~splverifierCounter~0#1 < 4); {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 53: Hoare triple {11188#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L272 TraceCheckUtils]: 54: Hoare triple {11188#false} call sendEmail(~bob~0, ~rjh~0); {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 55: Hoare triple {11188#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L272 TraceCheckUtils]: 56: Hoare triple {11188#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 57: Hoare triple {11245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 58: Hoare triple {11187#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 59: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,638 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {11187#true} {11188#false} #1157#return; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L272 TraceCheckUtils]: 61: Hoare triple {11188#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 62: Hoare triple {11246#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 63: Hoare triple {11187#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 64: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,638 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {11187#true} {11188#false} #1159#return; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 66: Hoare triple {11188#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 67: Hoare triple {11188#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L272 TraceCheckUtils]: 68: Hoare triple {11188#false} call outgoing(~sender#1, ~email~0#1); {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 69: Hoare triple {11188#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 70: Hoare triple {11188#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 71: Hoare triple {11188#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {11188#false} is VALID [2022-02-20 18:02:13,638 INFO L290 TraceCheckUtils]: 72: Hoare triple {11188#false} assume 0 == sign_~privkey~0#1; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 73: Hoare triple {11188#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L272 TraceCheckUtils]: 74: Hoare triple {11188#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {11187#true} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 75: Hoare triple {11187#true} ~handle := #in~handle;havoc ~retValue_acc~11; {11187#true} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 76: Hoare triple {11187#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {11187#true} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 77: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,639 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {11187#true} {11188#false} #1139#return; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 79: Hoare triple {11188#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 80: Hoare triple {11188#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L272 TraceCheckUtils]: 81: Hoare triple {11188#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 82: Hoare triple {11188#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 83: Hoare triple {11188#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 84: Hoare triple {11188#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L272 TraceCheckUtils]: 85: Hoare triple {11188#false} call setEmailFrom(~msg#1, ~tmp~1#1); {11245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 86: Hoare triple {11245#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 87: Hoare triple {11187#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 88: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,639 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {11187#true} {11188#false} #1163#return; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 90: Hoare triple {11188#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {11188#false} is VALID [2022-02-20 18:02:13,639 INFO L272 TraceCheckUtils]: 91: Hoare triple {11188#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {11187#true} is VALID [2022-02-20 18:02:13,639 INFO L290 TraceCheckUtils]: 92: Hoare triple {11187#true} ~handle := #in~handle;havoc ~retValue_acc~32; {11187#true} is VALID [2022-02-20 18:02:13,640 INFO L290 TraceCheckUtils]: 93: Hoare triple {11187#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {11187#true} is VALID [2022-02-20 18:02:13,640 INFO L290 TraceCheckUtils]: 94: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,640 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {11187#true} {11188#false} #1165#return; {11188#false} is VALID [2022-02-20 18:02:13,640 INFO L290 TraceCheckUtils]: 96: Hoare triple {11188#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {11188#false} is VALID [2022-02-20 18:02:13,640 INFO L272 TraceCheckUtils]: 97: Hoare triple {11188#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {11187#true} is VALID [2022-02-20 18:02:13,640 INFO L290 TraceCheckUtils]: 98: Hoare triple {11187#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {11187#true} is VALID [2022-02-20 18:02:13,640 INFO L290 TraceCheckUtils]: 99: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:13,640 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {11187#true} {11188#false} #1167#return; {11188#false} is VALID [2022-02-20 18:02:13,640 INFO L290 TraceCheckUtils]: 101: Hoare triple {11188#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {11188#false} is VALID [2022-02-20 18:02:13,640 INFO L290 TraceCheckUtils]: 102: Hoare triple {11188#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {11188#false} is VALID [2022-02-20 18:02:13,640 INFO L290 TraceCheckUtils]: 103: Hoare triple {11188#false} assume !false; {11188#false} is VALID [2022-02-20 18:02:13,640 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:02:13,640 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:13,640 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2138218629] [2022-02-20 18:02:13,640 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2138218629] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:13,641 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [225891982] [2022-02-20 18:02:13,641 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:13,641 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:13,641 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:13,642 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:13,644 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:02:13,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,835 INFO L263 TraceCheckSpWp]: Trace formula consists of 1060 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:02:13,879 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:13,883 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:14,142 INFO L290 TraceCheckUtils]: 0: Hoare triple {11187#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {11187#true} is VALID [2022-02-20 18:02:14,142 INFO L290 TraceCheckUtils]: 1: Hoare triple {11187#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {11187#true} is VALID [2022-02-20 18:02:14,142 INFO L290 TraceCheckUtils]: 2: Hoare triple {11187#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11187#true} is VALID [2022-02-20 18:02:14,142 INFO L290 TraceCheckUtils]: 3: Hoare triple {11187#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {11187#true} is VALID [2022-02-20 18:02:14,142 INFO L290 TraceCheckUtils]: 4: Hoare triple {11187#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {11187#true} is VALID [2022-02-20 18:02:14,142 INFO L290 TraceCheckUtils]: 5: Hoare triple {11187#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11187#true} is VALID [2022-02-20 18:02:14,142 INFO L272 TraceCheckUtils]: 6: Hoare triple {11187#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11187#true} is VALID [2022-02-20 18:02:14,142 INFO L290 TraceCheckUtils]: 7: Hoare triple {11187#true} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L290 TraceCheckUtils]: 8: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L290 TraceCheckUtils]: 9: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11187#true} {11187#true} #1197#return; {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L290 TraceCheckUtils]: 11: Hoare triple {11187#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L272 TraceCheckUtils]: 12: Hoare triple {11187#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L290 TraceCheckUtils]: 13: Hoare triple {11187#true} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L290 TraceCheckUtils]: 14: Hoare triple {11187#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L290 TraceCheckUtils]: 15: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:14,143 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11187#true} {11187#true} #1199#return; {11187#true} is VALID [2022-02-20 18:02:14,159 INFO L290 TraceCheckUtils]: 17: Hoare triple {11187#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11301#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:14,159 INFO L272 TraceCheckUtils]: 18: Hoare triple {11301#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11187#true} is VALID [2022-02-20 18:02:14,160 INFO L290 TraceCheckUtils]: 19: Hoare triple {11187#true} ~handle := #in~handle;~value := #in~value; {11187#true} is VALID [2022-02-20 18:02:14,160 INFO L290 TraceCheckUtils]: 20: Hoare triple {11187#true} assume !(1 == ~handle); {11187#true} is VALID [2022-02-20 18:02:14,160 INFO L290 TraceCheckUtils]: 21: Hoare triple {11187#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11187#true} is VALID [2022-02-20 18:02:14,160 INFO L290 TraceCheckUtils]: 22: Hoare triple {11187#true} assume true; {11187#true} is VALID [2022-02-20 18:02:14,160 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11187#true} {11301#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1201#return; {11301#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:14,161 INFO L290 TraceCheckUtils]: 24: Hoare triple {11301#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11301#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:14,161 INFO L272 TraceCheckUtils]: 25: Hoare triple {11301#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11187#true} is VALID [2022-02-20 18:02:14,161 INFO L290 TraceCheckUtils]: 26: Hoare triple {11187#true} ~handle := #in~handle;~value := #in~value; {11329#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:02:14,162 INFO L290 TraceCheckUtils]: 27: Hoare triple {11329#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11333#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:14,162 INFO L290 TraceCheckUtils]: 28: Hoare triple {11333#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11333#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:14,163 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11333#(<= |setClientPrivateKey_#in~handle| 1)} {11301#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1203#return; {11188#false} is VALID [2022-02-20 18:02:14,163 INFO L290 TraceCheckUtils]: 30: Hoare triple {11188#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11188#false} is VALID [2022-02-20 18:02:14,163 INFO L272 TraceCheckUtils]: 31: Hoare triple {11188#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11188#false} is VALID [2022-02-20 18:02:14,163 INFO L290 TraceCheckUtils]: 32: Hoare triple {11188#false} ~handle := #in~handle;~value := #in~value; {11188#false} is VALID [2022-02-20 18:02:14,163 INFO L290 TraceCheckUtils]: 33: Hoare triple {11188#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11188#false} is VALID [2022-02-20 18:02:14,163 INFO L290 TraceCheckUtils]: 34: Hoare triple {11188#false} assume true; {11188#false} is VALID [2022-02-20 18:02:14,163 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11188#false} {11188#false} #1205#return; {11188#false} is VALID [2022-02-20 18:02:14,163 INFO L290 TraceCheckUtils]: 36: Hoare triple {11188#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11188#false} is VALID [2022-02-20 18:02:14,163 INFO L272 TraceCheckUtils]: 37: Hoare triple {11188#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 38: Hoare triple {11188#false} ~handle := #in~handle;~value := #in~value; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 39: Hoare triple {11188#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 40: Hoare triple {11188#false} assume true; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11188#false} {11188#false} #1207#return; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 42: Hoare triple {11188#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 43: Hoare triple {11188#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 44: Hoare triple {11188#false} assume !false; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 45: Hoare triple {11188#false} assume test_~splverifierCounter~0#1 < 4; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 46: Hoare triple {11188#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 47: Hoare triple {11188#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 48: Hoare triple {11188#false} assume !(0 != test_~tmp___9~0#1); {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 49: Hoare triple {11188#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 50: Hoare triple {11188#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 51: Hoare triple {11188#false} assume !false; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 52: Hoare triple {11188#false} assume !(test_~splverifierCounter~0#1 < 4); {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 53: Hoare triple {11188#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L272 TraceCheckUtils]: 54: Hoare triple {11188#false} call sendEmail(~bob~0, ~rjh~0); {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 55: Hoare triple {11188#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L272 TraceCheckUtils]: 56: Hoare triple {11188#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11188#false} is VALID [2022-02-20 18:02:14,164 INFO L290 TraceCheckUtils]: 57: Hoare triple {11188#false} ~handle := #in~handle;~value := #in~value; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 58: Hoare triple {11188#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 59: Hoare triple {11188#false} assume true; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {11188#false} {11188#false} #1157#return; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L272 TraceCheckUtils]: 61: Hoare triple {11188#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 62: Hoare triple {11188#false} ~handle := #in~handle;~value := #in~value; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 63: Hoare triple {11188#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 64: Hoare triple {11188#false} assume true; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {11188#false} {11188#false} #1159#return; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 66: Hoare triple {11188#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 67: Hoare triple {11188#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L272 TraceCheckUtils]: 68: Hoare triple {11188#false} call outgoing(~sender#1, ~email~0#1); {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 69: Hoare triple {11188#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 70: Hoare triple {11188#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 71: Hoare triple {11188#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 72: Hoare triple {11188#false} assume 0 == sign_~privkey~0#1; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 73: Hoare triple {11188#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L272 TraceCheckUtils]: 74: Hoare triple {11188#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 75: Hoare triple {11188#false} ~handle := #in~handle;havoc ~retValue_acc~11; {11188#false} is VALID [2022-02-20 18:02:14,165 INFO L290 TraceCheckUtils]: 76: Hoare triple {11188#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 77: Hoare triple {11188#false} assume true; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {11188#false} {11188#false} #1139#return; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 79: Hoare triple {11188#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 80: Hoare triple {11188#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L272 TraceCheckUtils]: 81: Hoare triple {11188#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 82: Hoare triple {11188#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 83: Hoare triple {11188#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 84: Hoare triple {11188#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L272 TraceCheckUtils]: 85: Hoare triple {11188#false} call setEmailFrom(~msg#1, ~tmp~1#1); {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 86: Hoare triple {11188#false} ~handle := #in~handle;~value := #in~value; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 87: Hoare triple {11188#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 88: Hoare triple {11188#false} assume true; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {11188#false} {11188#false} #1163#return; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 90: Hoare triple {11188#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L272 TraceCheckUtils]: 91: Hoare triple {11188#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 92: Hoare triple {11188#false} ~handle := #in~handle;havoc ~retValue_acc~32; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 93: Hoare triple {11188#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 94: Hoare triple {11188#false} assume true; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {11188#false} {11188#false} #1165#return; {11188#false} is VALID [2022-02-20 18:02:14,166 INFO L290 TraceCheckUtils]: 96: Hoare triple {11188#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {11188#false} is VALID [2022-02-20 18:02:14,167 INFO L272 TraceCheckUtils]: 97: Hoare triple {11188#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {11188#false} is VALID [2022-02-20 18:02:14,167 INFO L290 TraceCheckUtils]: 98: Hoare triple {11188#false} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {11188#false} is VALID [2022-02-20 18:02:14,167 INFO L290 TraceCheckUtils]: 99: Hoare triple {11188#false} assume true; {11188#false} is VALID [2022-02-20 18:02:14,167 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {11188#false} {11188#false} #1167#return; {11188#false} is VALID [2022-02-20 18:02:14,167 INFO L290 TraceCheckUtils]: 101: Hoare triple {11188#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {11188#false} is VALID [2022-02-20 18:02:14,167 INFO L290 TraceCheckUtils]: 102: Hoare triple {11188#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {11188#false} is VALID [2022-02-20 18:02:14,167 INFO L290 TraceCheckUtils]: 103: Hoare triple {11188#false} assume !false; {11188#false} is VALID [2022-02-20 18:02:14,167 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:02:14,167 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:14,167 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [225891982] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:14,167 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:14,167 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:02:14,168 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1841227642] [2022-02-20 18:02:14,168 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:14,169 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 104 [2022-02-20 18:02:14,169 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:14,169 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:14,230 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:14,230 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:14,230 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:14,230 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:14,231 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:02:14,231 INFO L87 Difference]: Start difference. First operand 443 states and 692 transitions. Second operand has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:15,322 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:15,322 INFO L93 Difference]: Finished difference Result 875 states and 1373 transitions. [2022-02-20 18:02:15,322 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:02:15,323 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 104 [2022-02-20 18:02:15,323 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:15,323 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:15,330 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1129 transitions. [2022-02-20 18:02:15,330 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:15,337 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1129 transitions. [2022-02-20 18:02:15,337 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1129 transitions. [2022-02-20 18:02:16,025 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1129 edges. 1129 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:16,036 INFO L225 Difference]: With dead ends: 875 [2022-02-20 18:02:16,036 INFO L226 Difference]: Without dead ends: 445 [2022-02-20 18:02:16,037 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 120 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:02:16,037 INFO L933 BasicCegarLoop]: 559 mSDtfsCounter, 151 mSDsluCounter, 1500 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 174 SdHoareTripleChecker+Valid, 2059 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:16,038 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [174 Valid, 2059 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:16,038 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 445 states. [2022-02-20 18:02:16,112 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 445 to 445. [2022-02-20 18:02:16,113 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:16,114 INFO L82 GeneralOperation]: Start isEquivalent. First operand 445 states. Second operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2022-02-20 18:02:16,114 INFO L74 IsIncluded]: Start isIncluded. First operand 445 states. Second operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2022-02-20 18:02:16,115 INFO L87 Difference]: Start difference. First operand 445 states. Second operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2022-02-20 18:02:16,127 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:16,127 INFO L93 Difference]: Finished difference Result 445 states and 698 transitions. [2022-02-20 18:02:16,127 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 698 transitions. [2022-02-20 18:02:16,128 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:16,128 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:16,129 INFO L74 IsIncluded]: Start isIncluded. First operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) Second operand 445 states. [2022-02-20 18:02:16,130 INFO L87 Difference]: Start difference. First operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) Second operand 445 states. [2022-02-20 18:02:16,141 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:16,141 INFO L93 Difference]: Finished difference Result 445 states and 698 transitions. [2022-02-20 18:02:16,141 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 698 transitions. [2022-02-20 18:02:16,142 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:16,143 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:16,143 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:16,143 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:16,144 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2022-02-20 18:02:16,157 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 445 states to 445 states and 698 transitions. [2022-02-20 18:02:16,157 INFO L78 Accepts]: Start accepts. Automaton has 445 states and 698 transitions. Word has length 104 [2022-02-20 18:02:16,158 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:16,158 INFO L470 AbstractCegarLoop]: Abstraction has 445 states and 698 transitions. [2022-02-20 18:02:16,158 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 14.2) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:16,158 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 698 transitions. [2022-02-20 18:02:16,159 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2022-02-20 18:02:16,159 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:16,159 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:16,191 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Ended with exit code 0 [2022-02-20 18:02:16,377 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:16,377 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:16,378 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:16,378 INFO L85 PathProgramCache]: Analyzing trace with hash 589512434, now seen corresponding path program 1 times [2022-02-20 18:02:16,378 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:16,378 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [312381983] [2022-02-20 18:02:16,378 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:16,378 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:16,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,437 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:16,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,441 INFO L290 TraceCheckUtils]: 0: Hoare triple {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,441 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,441 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,441 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14285#true} {14285#true} #1197#return; {14285#true} is VALID [2022-02-20 18:02:16,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:16,447 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,450 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14285#true} {14285#true} #1199#return; {14285#true} is VALID [2022-02-20 18:02:16,450 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:16,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,453 INFO L290 TraceCheckUtils]: 0: Hoare triple {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume !(1 == ~handle); {14285#true} is VALID [2022-02-20 18:02:16,453 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,454 INFO L290 TraceCheckUtils]: 3: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,454 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14285#true} {14285#true} #1201#return; {14285#true} is VALID [2022-02-20 18:02:16,454 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:16,456 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,468 INFO L290 TraceCheckUtils]: 0: Hoare triple {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,468 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume !(1 == ~handle); {14285#true} is VALID [2022-02-20 18:02:16,469 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,469 INFO L290 TraceCheckUtils]: 3: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,469 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14285#true} {14285#true} #1203#return; {14285#true} is VALID [2022-02-20 18:02:16,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:16,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14339#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:16,486 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14340#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:16,486 INFO L290 TraceCheckUtils]: 2: Hoare triple {14340#(= |setClientId_#in~handle| 1)} assume true; {14340#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:16,486 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14340#(= |setClientId_#in~handle| 1)} {14305#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1205#return; {14286#false} is VALID [2022-02-20 18:02:16,487 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:16,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,491 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14285#true} {14286#false} #1207#return; {14286#false} is VALID [2022-02-20 18:02:16,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:02:16,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {14341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,500 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14285#true} {14286#false} #1157#return; {14286#false} is VALID [2022-02-20 18:02:16,507 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:02:16,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,511 INFO L290 TraceCheckUtils]: 0: Hoare triple {14342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,511 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,511 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,511 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14285#true} {14286#false} #1159#return; {14286#false} is VALID [2022-02-20 18:02:16,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:02:16,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,513 INFO L290 TraceCheckUtils]: 0: Hoare triple {14285#true} ~handle := #in~handle;havoc ~retValue_acc~11; {14285#true} is VALID [2022-02-20 18:02:16,513 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {14285#true} is VALID [2022-02-20 18:02:16,513 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,513 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14285#true} {14286#false} #1139#return; {14286#false} is VALID [2022-02-20 18:02:16,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:02:16,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,517 INFO L290 TraceCheckUtils]: 0: Hoare triple {14341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,517 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,517 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,518 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14285#true} {14286#false} #1163#return; {14286#false} is VALID [2022-02-20 18:02:16,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:02:16,518 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,520 INFO L290 TraceCheckUtils]: 0: Hoare triple {14285#true} ~handle := #in~handle;havoc ~retValue_acc~32; {14285#true} is VALID [2022-02-20 18:02:16,520 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {14285#true} is VALID [2022-02-20 18:02:16,520 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,520 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14285#true} {14286#false} #1165#return; {14286#false} is VALID [2022-02-20 18:02:16,521 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:02:16,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:16,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {14285#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {14285#true} is VALID [2022-02-20 18:02:16,526 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,526 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {14285#true} {14286#false} #1167#return; {14286#false} is VALID [2022-02-20 18:02:16,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {14285#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {14285#true} is VALID [2022-02-20 18:02:16,526 INFO L290 TraceCheckUtils]: 1: Hoare triple {14285#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {14285#true} is VALID [2022-02-20 18:02:16,526 INFO L290 TraceCheckUtils]: 2: Hoare triple {14285#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14285#true} is VALID [2022-02-20 18:02:16,527 INFO L290 TraceCheckUtils]: 3: Hoare triple {14285#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {14285#true} is VALID [2022-02-20 18:02:16,527 INFO L290 TraceCheckUtils]: 4: Hoare triple {14285#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {14285#true} is VALID [2022-02-20 18:02:16,527 INFO L290 TraceCheckUtils]: 5: Hoare triple {14285#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14285#true} is VALID [2022-02-20 18:02:16,527 INFO L272 TraceCheckUtils]: 6: Hoare triple {14285#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:16,527 INFO L290 TraceCheckUtils]: 7: Hoare triple {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,527 INFO L290 TraceCheckUtils]: 8: Hoare triple {14285#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,527 INFO L290 TraceCheckUtils]: 9: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,528 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14285#true} {14285#true} #1197#return; {14285#true} is VALID [2022-02-20 18:02:16,528 INFO L290 TraceCheckUtils]: 11: Hoare triple {14285#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14285#true} is VALID [2022-02-20 18:02:16,528 INFO L272 TraceCheckUtils]: 12: Hoare triple {14285#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:16,528 INFO L290 TraceCheckUtils]: 13: Hoare triple {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,528 INFO L290 TraceCheckUtils]: 14: Hoare triple {14285#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,528 INFO L290 TraceCheckUtils]: 15: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,528 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14285#true} {14285#true} #1199#return; {14285#true} is VALID [2022-02-20 18:02:16,529 INFO L290 TraceCheckUtils]: 17: Hoare triple {14285#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14285#true} is VALID [2022-02-20 18:02:16,529 INFO L272 TraceCheckUtils]: 18: Hoare triple {14285#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:16,529 INFO L290 TraceCheckUtils]: 19: Hoare triple {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,529 INFO L290 TraceCheckUtils]: 20: Hoare triple {14285#true} assume !(1 == ~handle); {14285#true} is VALID [2022-02-20 18:02:16,529 INFO L290 TraceCheckUtils]: 21: Hoare triple {14285#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,529 INFO L290 TraceCheckUtils]: 22: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,529 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14285#true} {14285#true} #1201#return; {14285#true} is VALID [2022-02-20 18:02:16,529 INFO L290 TraceCheckUtils]: 24: Hoare triple {14285#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14285#true} is VALID [2022-02-20 18:02:16,530 INFO L272 TraceCheckUtils]: 25: Hoare triple {14285#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:16,530 INFO L290 TraceCheckUtils]: 26: Hoare triple {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,530 INFO L290 TraceCheckUtils]: 27: Hoare triple {14285#true} assume !(1 == ~handle); {14285#true} is VALID [2022-02-20 18:02:16,530 INFO L290 TraceCheckUtils]: 28: Hoare triple {14285#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,530 INFO L290 TraceCheckUtils]: 29: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,530 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14285#true} {14285#true} #1203#return; {14285#true} is VALID [2022-02-20 18:02:16,531 INFO L290 TraceCheckUtils]: 31: Hoare triple {14285#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14305#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:16,531 INFO L272 TraceCheckUtils]: 32: Hoare triple {14305#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:16,532 INFO L290 TraceCheckUtils]: 33: Hoare triple {14337#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14339#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:16,532 INFO L290 TraceCheckUtils]: 34: Hoare triple {14339#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14340#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:16,532 INFO L290 TraceCheckUtils]: 35: Hoare triple {14340#(= |setClientId_#in~handle| 1)} assume true; {14340#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:16,533 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {14340#(= |setClientId_#in~handle| 1)} {14305#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1205#return; {14286#false} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 37: Hoare triple {14286#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {14286#false} is VALID [2022-02-20 18:02:16,533 INFO L272 TraceCheckUtils]: 38: Hoare triple {14286#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 39: Hoare triple {14338#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 40: Hoare triple {14285#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 41: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,533 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {14285#true} {14286#false} #1207#return; {14286#false} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 43: Hoare triple {14286#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {14286#false} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 44: Hoare triple {14286#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14286#false} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 45: Hoare triple {14286#false} assume !false; {14286#false} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 46: Hoare triple {14286#false} assume test_~splverifierCounter~0#1 < 4; {14286#false} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 47: Hoare triple {14286#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14286#false} is VALID [2022-02-20 18:02:16,533 INFO L290 TraceCheckUtils]: 48: Hoare triple {14286#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 49: Hoare triple {14286#false} assume !(0 != test_~tmp___9~0#1); {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 50: Hoare triple {14286#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 51: Hoare triple {14286#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 52: Hoare triple {14286#false} assume !false; {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 53: Hoare triple {14286#false} assume !(test_~splverifierCounter~0#1 < 4); {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 54: Hoare triple {14286#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L272 TraceCheckUtils]: 55: Hoare triple {14286#false} call sendEmail(~bob~0, ~rjh~0); {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 56: Hoare triple {14286#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L272 TraceCheckUtils]: 57: Hoare triple {14286#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 58: Hoare triple {14341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 59: Hoare triple {14285#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,534 INFO L290 TraceCheckUtils]: 60: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,534 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {14285#true} {14286#false} #1157#return; {14286#false} is VALID [2022-02-20 18:02:16,534 INFO L272 TraceCheckUtils]: 62: Hoare triple {14286#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 63: Hoare triple {14342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 64: Hoare triple {14285#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 65: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,535 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {14285#true} {14286#false} #1159#return; {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 67: Hoare triple {14286#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 68: Hoare triple {14286#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L272 TraceCheckUtils]: 69: Hoare triple {14286#false} call outgoing(~sender#1, ~email~0#1); {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 70: Hoare triple {14286#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 71: Hoare triple {14286#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 72: Hoare triple {14286#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 73: Hoare triple {14286#false} assume 0 == sign_~privkey~0#1; {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 74: Hoare triple {14286#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {14286#false} is VALID [2022-02-20 18:02:16,535 INFO L272 TraceCheckUtils]: 75: Hoare triple {14286#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {14285#true} is VALID [2022-02-20 18:02:16,535 INFO L290 TraceCheckUtils]: 76: Hoare triple {14285#true} ~handle := #in~handle;havoc ~retValue_acc~11; {14285#true} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 77: Hoare triple {14285#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {14285#true} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 78: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,536 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {14285#true} {14286#false} #1139#return; {14286#false} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 80: Hoare triple {14286#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {14286#false} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 81: Hoare triple {14286#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {14286#false} is VALID [2022-02-20 18:02:16,536 INFO L272 TraceCheckUtils]: 82: Hoare triple {14286#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {14286#false} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 83: Hoare triple {14286#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {14286#false} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 84: Hoare triple {14286#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {14286#false} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 85: Hoare triple {14286#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {14286#false} is VALID [2022-02-20 18:02:16,536 INFO L272 TraceCheckUtils]: 86: Hoare triple {14286#false} call setEmailFrom(~msg#1, ~tmp~1#1); {14341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 87: Hoare triple {14341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14285#true} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 88: Hoare triple {14285#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14285#true} is VALID [2022-02-20 18:02:16,536 INFO L290 TraceCheckUtils]: 89: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,536 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {14285#true} {14286#false} #1163#return; {14286#false} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 91: Hoare triple {14286#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {14286#false} is VALID [2022-02-20 18:02:16,537 INFO L272 TraceCheckUtils]: 92: Hoare triple {14286#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {14285#true} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 93: Hoare triple {14285#true} ~handle := #in~handle;havoc ~retValue_acc~32; {14285#true} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 94: Hoare triple {14285#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {14285#true} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 95: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,537 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {14285#true} {14286#false} #1165#return; {14286#false} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 97: Hoare triple {14286#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {14286#false} is VALID [2022-02-20 18:02:16,537 INFO L272 TraceCheckUtils]: 98: Hoare triple {14286#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {14285#true} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 99: Hoare triple {14285#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {14285#true} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 100: Hoare triple {14285#true} assume true; {14285#true} is VALID [2022-02-20 18:02:16,537 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {14285#true} {14286#false} #1167#return; {14286#false} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 102: Hoare triple {14286#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {14286#false} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 103: Hoare triple {14286#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {14286#false} is VALID [2022-02-20 18:02:16,537 INFO L290 TraceCheckUtils]: 104: Hoare triple {14286#false} assume !false; {14286#false} is VALID [2022-02-20 18:02:16,538 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:02:16,538 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:16,538 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [312381983] [2022-02-20 18:02:16,538 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [312381983] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:16,538 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:16,538 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:16,538 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1523340926] [2022-02-20 18:02:16,538 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:16,539 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 105 [2022-02-20 18:02:16,539 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:16,539 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:16,593 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 94 edges. 94 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:16,593 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:16,593 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:16,594 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:16,594 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:16,594 INFO L87 Difference]: Start difference. First operand 445 states and 698 transitions. Second operand has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:24,046 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:24,046 INFO L93 Difference]: Finished difference Result 1042 states and 1654 transitions. [2022-02-20 18:02:24,046 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:02:24,046 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 105 [2022-02-20 18:02:24,047 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:24,047 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:24,057 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1402 transitions. [2022-02-20 18:02:24,058 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:24,068 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1402 transitions. [2022-02-20 18:02:24,069 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1402 transitions. [2022-02-20 18:02:25,275 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1402 edges. 1402 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:25,295 INFO L225 Difference]: With dead ends: 1042 [2022-02-20 18:02:25,295 INFO L226 Difference]: Without dead ends: 620 [2022-02-20 18:02:25,297 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:25,297 INFO L933 BasicCegarLoop]: 699 mSDtfsCounter, 1402 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2361 mSolverCounterSat, 510 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1423 SdHoareTripleChecker+Valid, 1685 SdHoareTripleChecker+Invalid, 2871 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 510 IncrementalHoareTripleChecker+Valid, 2361 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.4s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:25,297 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1423 Valid, 1685 Invalid, 2871 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [510 Valid, 2361 Invalid, 0 Unknown, 0 Unchecked, 3.4s Time] [2022-02-20 18:02:25,298 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 620 states. [2022-02-20 18:02:25,402 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 620 to 445. [2022-02-20 18:02:25,402 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:25,403 INFO L82 GeneralOperation]: Start isEquivalent. First operand 620 states. Second operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (73), 66 states have call predecessors, (73), 67 states have call successors, (73) [2022-02-20 18:02:25,404 INFO L74 IsIncluded]: Start isIncluded. First operand 620 states. Second operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (73), 66 states have call predecessors, (73), 67 states have call successors, (73) [2022-02-20 18:02:25,405 INFO L87 Difference]: Start difference. First operand 620 states. Second operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (73), 66 states have call predecessors, (73), 67 states have call successors, (73) [2022-02-20 18:02:25,425 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:25,425 INFO L93 Difference]: Finished difference Result 620 states and 987 transitions. [2022-02-20 18:02:25,425 INFO L276 IsEmpty]: Start isEmpty. Operand 620 states and 987 transitions. [2022-02-20 18:02:25,428 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:25,428 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:25,430 INFO L74 IsIncluded]: Start isIncluded. First operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (73), 66 states have call predecessors, (73), 67 states have call successors, (73) Second operand 620 states. [2022-02-20 18:02:25,430 INFO L87 Difference]: Start difference. First operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (73), 66 states have call predecessors, (73), 67 states have call successors, (73) Second operand 620 states. [2022-02-20 18:02:25,450 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:25,451 INFO L93 Difference]: Finished difference Result 620 states and 987 transitions. [2022-02-20 18:02:25,451 INFO L276 IsEmpty]: Start isEmpty. Operand 620 states and 987 transitions. [2022-02-20 18:02:25,453 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:25,454 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:25,454 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:25,454 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:25,455 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 445 states, 353 states have (on average 1.575070821529745) internal successors, (556), 357 states have internal predecessors, (556), 68 states have call successors, (68), 21 states have call predecessors, (68), 23 states have return successors, (73), 66 states have call predecessors, (73), 67 states have call successors, (73) [2022-02-20 18:02:25,468 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 445 states to 445 states and 697 transitions. [2022-02-20 18:02:25,469 INFO L78 Accepts]: Start accepts. Automaton has 445 states and 697 transitions. Word has length 105 [2022-02-20 18:02:25,469 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:25,469 INFO L470 AbstractCegarLoop]: Abstraction has 445 states and 697 transitions. [2022-02-20 18:02:25,469 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.375) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:25,470 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 697 transitions. [2022-02-20 18:02:25,471 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 107 [2022-02-20 18:02:25,471 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:25,471 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:25,471 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:02:25,471 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:25,472 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:25,472 INFO L85 PathProgramCache]: Analyzing trace with hash -1366586856, now seen corresponding path program 2 times [2022-02-20 18:02:25,472 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:25,472 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [808228104] [2022-02-20 18:02:25,472 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:25,472 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:25,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:25,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,516 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17683#true} {17683#true} #1197#return; {17683#true} is VALID [2022-02-20 18:02:25,520 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:25,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,523 INFO L290 TraceCheckUtils]: 0: Hoare triple {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,523 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,523 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,524 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17683#true} {17683#true} #1199#return; {17683#true} is VALID [2022-02-20 18:02:25,524 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:25,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,526 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume !(1 == ~handle); {17683#true} is VALID [2022-02-20 18:02:25,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,527 INFO L290 TraceCheckUtils]: 3: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,527 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17683#true} {17683#true} #1201#return; {17683#true} is VALID [2022-02-20 18:02:25,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:25,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume !(1 == ~handle); {17683#true} is VALID [2022-02-20 18:02:25,530 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,530 INFO L290 TraceCheckUtils]: 3: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,530 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17683#true} {17683#true} #1203#return; {17683#true} is VALID [2022-02-20 18:02:25,530 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:25,532 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,543 INFO L290 TraceCheckUtils]: 0: Hoare triple {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17738#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:25,543 INFO L290 TraceCheckUtils]: 1: Hoare triple {17738#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17738#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:25,544 INFO L290 TraceCheckUtils]: 2: Hoare triple {17738#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17739#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:25,544 INFO L290 TraceCheckUtils]: 3: Hoare triple {17739#(= 2 |setClientId_#in~handle|)} assume true; {17739#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:25,545 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17739#(= 2 |setClientId_#in~handle|)} {17703#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1205#return; {17684#false} is VALID [2022-02-20 18:02:25,545 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:02:25,546 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,548 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17683#true} {17684#false} #1207#return; {17684#false} is VALID [2022-02-20 18:02:25,554 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:25,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,557 INFO L290 TraceCheckUtils]: 0: Hoare triple {17740#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,557 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,557 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,557 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17683#true} {17684#false} #1157#return; {17684#false} is VALID [2022-02-20 18:02:25,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:02:25,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,566 INFO L290 TraceCheckUtils]: 0: Hoare triple {17741#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,566 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,566 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,566 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17683#true} {17684#false} #1159#return; {17684#false} is VALID [2022-02-20 18:02:25,566 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:02:25,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,569 INFO L290 TraceCheckUtils]: 0: Hoare triple {17683#true} ~handle := #in~handle;havoc ~retValue_acc~11; {17683#true} is VALID [2022-02-20 18:02:25,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {17683#true} is VALID [2022-02-20 18:02:25,569 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,569 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17683#true} {17684#false} #1139#return; {17684#false} is VALID [2022-02-20 18:02:25,569 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:02:25,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,571 INFO L290 TraceCheckUtils]: 0: Hoare triple {17740#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,571 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,572 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,572 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17683#true} {17684#false} #1163#return; {17684#false} is VALID [2022-02-20 18:02:25,572 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:02:25,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {17683#true} ~handle := #in~handle;havoc ~retValue_acc~32; {17683#true} is VALID [2022-02-20 18:02:25,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {17683#true} is VALID [2022-02-20 18:02:25,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,575 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17683#true} {17684#false} #1165#return; {17684#false} is VALID [2022-02-20 18:02:25,575 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:02:25,575 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:25,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {17683#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {17683#true} is VALID [2022-02-20 18:02:25,578 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,578 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {17683#true} {17684#false} #1167#return; {17684#false} is VALID [2022-02-20 18:02:25,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {17683#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {17683#true} is VALID [2022-02-20 18:02:25,578 INFO L290 TraceCheckUtils]: 1: Hoare triple {17683#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {17683#true} is VALID [2022-02-20 18:02:25,578 INFO L290 TraceCheckUtils]: 2: Hoare triple {17683#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17683#true} is VALID [2022-02-20 18:02:25,578 INFO L290 TraceCheckUtils]: 3: Hoare triple {17683#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {17683#true} is VALID [2022-02-20 18:02:25,578 INFO L290 TraceCheckUtils]: 4: Hoare triple {17683#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {17683#true} is VALID [2022-02-20 18:02:25,578 INFO L290 TraceCheckUtils]: 5: Hoare triple {17683#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17683#true} is VALID [2022-02-20 18:02:25,579 INFO L272 TraceCheckUtils]: 6: Hoare triple {17683#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:25,579 INFO L290 TraceCheckUtils]: 7: Hoare triple {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,579 INFO L290 TraceCheckUtils]: 8: Hoare triple {17683#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,579 INFO L290 TraceCheckUtils]: 9: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,579 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17683#true} {17683#true} #1197#return; {17683#true} is VALID [2022-02-20 18:02:25,580 INFO L290 TraceCheckUtils]: 11: Hoare triple {17683#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17683#true} is VALID [2022-02-20 18:02:25,580 INFO L272 TraceCheckUtils]: 12: Hoare triple {17683#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:25,580 INFO L290 TraceCheckUtils]: 13: Hoare triple {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,580 INFO L290 TraceCheckUtils]: 14: Hoare triple {17683#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,580 INFO L290 TraceCheckUtils]: 15: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,581 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17683#true} {17683#true} #1199#return; {17683#true} is VALID [2022-02-20 18:02:25,581 INFO L290 TraceCheckUtils]: 17: Hoare triple {17683#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17683#true} is VALID [2022-02-20 18:02:25,581 INFO L272 TraceCheckUtils]: 18: Hoare triple {17683#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:25,581 INFO L290 TraceCheckUtils]: 19: Hoare triple {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,581 INFO L290 TraceCheckUtils]: 20: Hoare triple {17683#true} assume !(1 == ~handle); {17683#true} is VALID [2022-02-20 18:02:25,582 INFO L290 TraceCheckUtils]: 21: Hoare triple {17683#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,582 INFO L290 TraceCheckUtils]: 22: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,582 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17683#true} {17683#true} #1201#return; {17683#true} is VALID [2022-02-20 18:02:25,582 INFO L290 TraceCheckUtils]: 24: Hoare triple {17683#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17683#true} is VALID [2022-02-20 18:02:25,582 INFO L272 TraceCheckUtils]: 25: Hoare triple {17683#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:25,582 INFO L290 TraceCheckUtils]: 26: Hoare triple {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,583 INFO L290 TraceCheckUtils]: 27: Hoare triple {17683#true} assume !(1 == ~handle); {17683#true} is VALID [2022-02-20 18:02:25,583 INFO L290 TraceCheckUtils]: 28: Hoare triple {17683#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,583 INFO L290 TraceCheckUtils]: 29: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,583 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17683#true} {17683#true} #1203#return; {17683#true} is VALID [2022-02-20 18:02:25,583 INFO L290 TraceCheckUtils]: 31: Hoare triple {17683#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17703#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:25,584 INFO L272 TraceCheckUtils]: 32: Hoare triple {17703#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:25,584 INFO L290 TraceCheckUtils]: 33: Hoare triple {17736#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17738#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:25,584 INFO L290 TraceCheckUtils]: 34: Hoare triple {17738#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17738#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:25,585 INFO L290 TraceCheckUtils]: 35: Hoare triple {17738#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17739#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:25,585 INFO L290 TraceCheckUtils]: 36: Hoare triple {17739#(= 2 |setClientId_#in~handle|)} assume true; {17739#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:25,585 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {17739#(= 2 |setClientId_#in~handle|)} {17703#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1205#return; {17684#false} is VALID [2022-02-20 18:02:25,586 INFO L290 TraceCheckUtils]: 38: Hoare triple {17684#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {17684#false} is VALID [2022-02-20 18:02:25,586 INFO L272 TraceCheckUtils]: 39: Hoare triple {17684#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:25,586 INFO L290 TraceCheckUtils]: 40: Hoare triple {17737#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,586 INFO L290 TraceCheckUtils]: 41: Hoare triple {17683#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,586 INFO L290 TraceCheckUtils]: 42: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,586 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {17683#true} {17684#false} #1207#return; {17684#false} is VALID [2022-02-20 18:02:25,586 INFO L290 TraceCheckUtils]: 44: Hoare triple {17684#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {17684#false} is VALID [2022-02-20 18:02:25,586 INFO L290 TraceCheckUtils]: 45: Hoare triple {17684#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17684#false} is VALID [2022-02-20 18:02:25,586 INFO L290 TraceCheckUtils]: 46: Hoare triple {17684#false} assume !false; {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 47: Hoare triple {17684#false} assume test_~splverifierCounter~0#1 < 4; {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 48: Hoare triple {17684#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 49: Hoare triple {17684#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 50: Hoare triple {17684#false} assume !(0 != test_~tmp___9~0#1); {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 51: Hoare triple {17684#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 52: Hoare triple {17684#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 53: Hoare triple {17684#false} assume !false; {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 54: Hoare triple {17684#false} assume !(test_~splverifierCounter~0#1 < 4); {17684#false} is VALID [2022-02-20 18:02:25,587 INFO L290 TraceCheckUtils]: 55: Hoare triple {17684#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {17684#false} is VALID [2022-02-20 18:02:25,588 INFO L272 TraceCheckUtils]: 56: Hoare triple {17684#false} call sendEmail(~bob~0, ~rjh~0); {17684#false} is VALID [2022-02-20 18:02:25,588 INFO L290 TraceCheckUtils]: 57: Hoare triple {17684#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17684#false} is VALID [2022-02-20 18:02:25,588 INFO L272 TraceCheckUtils]: 58: Hoare triple {17684#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17740#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:25,588 INFO L290 TraceCheckUtils]: 59: Hoare triple {17740#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,588 INFO L290 TraceCheckUtils]: 60: Hoare triple {17683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,588 INFO L290 TraceCheckUtils]: 61: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,588 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {17683#true} {17684#false} #1157#return; {17684#false} is VALID [2022-02-20 18:02:25,588 INFO L272 TraceCheckUtils]: 63: Hoare triple {17684#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17741#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:25,588 INFO L290 TraceCheckUtils]: 64: Hoare triple {17741#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,589 INFO L290 TraceCheckUtils]: 65: Hoare triple {17683#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,589 INFO L290 TraceCheckUtils]: 66: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,589 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {17683#true} {17684#false} #1159#return; {17684#false} is VALID [2022-02-20 18:02:25,589 INFO L290 TraceCheckUtils]: 68: Hoare triple {17684#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {17684#false} is VALID [2022-02-20 18:02:25,589 INFO L290 TraceCheckUtils]: 69: Hoare triple {17684#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {17684#false} is VALID [2022-02-20 18:02:25,589 INFO L272 TraceCheckUtils]: 70: Hoare triple {17684#false} call outgoing(~sender#1, ~email~0#1); {17684#false} is VALID [2022-02-20 18:02:25,589 INFO L290 TraceCheckUtils]: 71: Hoare triple {17684#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {17684#false} is VALID [2022-02-20 18:02:25,589 INFO L290 TraceCheckUtils]: 72: Hoare triple {17684#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {17684#false} is VALID [2022-02-20 18:02:25,589 INFO L290 TraceCheckUtils]: 73: Hoare triple {17684#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {17684#false} is VALID [2022-02-20 18:02:25,590 INFO L290 TraceCheckUtils]: 74: Hoare triple {17684#false} assume 0 == sign_~privkey~0#1; {17684#false} is VALID [2022-02-20 18:02:25,590 INFO L290 TraceCheckUtils]: 75: Hoare triple {17684#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {17684#false} is VALID [2022-02-20 18:02:25,590 INFO L272 TraceCheckUtils]: 76: Hoare triple {17684#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {17683#true} is VALID [2022-02-20 18:02:25,590 INFO L290 TraceCheckUtils]: 77: Hoare triple {17683#true} ~handle := #in~handle;havoc ~retValue_acc~11; {17683#true} is VALID [2022-02-20 18:02:25,590 INFO L290 TraceCheckUtils]: 78: Hoare triple {17683#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {17683#true} is VALID [2022-02-20 18:02:25,590 INFO L290 TraceCheckUtils]: 79: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,590 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {17683#true} {17684#false} #1139#return; {17684#false} is VALID [2022-02-20 18:02:25,590 INFO L290 TraceCheckUtils]: 81: Hoare triple {17684#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {17684#false} is VALID [2022-02-20 18:02:25,590 INFO L290 TraceCheckUtils]: 82: Hoare triple {17684#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {17684#false} is VALID [2022-02-20 18:02:25,590 INFO L272 TraceCheckUtils]: 83: Hoare triple {17684#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {17684#false} is VALID [2022-02-20 18:02:25,591 INFO L290 TraceCheckUtils]: 84: Hoare triple {17684#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {17684#false} is VALID [2022-02-20 18:02:25,591 INFO L290 TraceCheckUtils]: 85: Hoare triple {17684#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {17684#false} is VALID [2022-02-20 18:02:25,591 INFO L290 TraceCheckUtils]: 86: Hoare triple {17684#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {17684#false} is VALID [2022-02-20 18:02:25,591 INFO L272 TraceCheckUtils]: 87: Hoare triple {17684#false} call setEmailFrom(~msg#1, ~tmp~1#1); {17740#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:25,591 INFO L290 TraceCheckUtils]: 88: Hoare triple {17740#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17683#true} is VALID [2022-02-20 18:02:25,591 INFO L290 TraceCheckUtils]: 89: Hoare triple {17683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17683#true} is VALID [2022-02-20 18:02:25,591 INFO L290 TraceCheckUtils]: 90: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,591 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {17683#true} {17684#false} #1163#return; {17684#false} is VALID [2022-02-20 18:02:25,591 INFO L290 TraceCheckUtils]: 92: Hoare triple {17684#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {17684#false} is VALID [2022-02-20 18:02:25,592 INFO L272 TraceCheckUtils]: 93: Hoare triple {17684#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {17683#true} is VALID [2022-02-20 18:02:25,592 INFO L290 TraceCheckUtils]: 94: Hoare triple {17683#true} ~handle := #in~handle;havoc ~retValue_acc~32; {17683#true} is VALID [2022-02-20 18:02:25,592 INFO L290 TraceCheckUtils]: 95: Hoare triple {17683#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {17683#true} is VALID [2022-02-20 18:02:25,592 INFO L290 TraceCheckUtils]: 96: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,592 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {17683#true} {17684#false} #1165#return; {17684#false} is VALID [2022-02-20 18:02:25,592 INFO L290 TraceCheckUtils]: 98: Hoare triple {17684#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {17684#false} is VALID [2022-02-20 18:02:25,592 INFO L272 TraceCheckUtils]: 99: Hoare triple {17684#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {17683#true} is VALID [2022-02-20 18:02:25,592 INFO L290 TraceCheckUtils]: 100: Hoare triple {17683#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {17683#true} is VALID [2022-02-20 18:02:25,592 INFO L290 TraceCheckUtils]: 101: Hoare triple {17683#true} assume true; {17683#true} is VALID [2022-02-20 18:02:25,593 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {17683#true} {17684#false} #1167#return; {17684#false} is VALID [2022-02-20 18:02:25,593 INFO L290 TraceCheckUtils]: 103: Hoare triple {17684#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {17684#false} is VALID [2022-02-20 18:02:25,593 INFO L290 TraceCheckUtils]: 104: Hoare triple {17684#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {17684#false} is VALID [2022-02-20 18:02:25,593 INFO L290 TraceCheckUtils]: 105: Hoare triple {17684#false} assume !false; {17684#false} is VALID [2022-02-20 18:02:25,593 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:02:25,593 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:25,593 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [808228104] [2022-02-20 18:02:25,594 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [808228104] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:25,594 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:25,594 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:25,594 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1229203292] [2022-02-20 18:02:25,594 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:25,595 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 18:02:25,595 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:25,595 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:25,648 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:25,649 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:25,649 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:25,649 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:25,649 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:25,649 INFO L87 Difference]: Start difference. First operand 445 states and 697 transitions. Second operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:32,806 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:32,806 INFO L93 Difference]: Finished difference Result 1044 states and 1657 transitions. [2022-02-20 18:02:32,806 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:02:32,807 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 18:02:32,807 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:32,807 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:32,817 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1403 transitions. [2022-02-20 18:02:32,818 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:32,827 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1403 transitions. [2022-02-20 18:02:32,827 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1403 transitions. [2022-02-20 18:02:33,936 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1403 edges. 1403 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:33,956 INFO L225 Difference]: With dead ends: 1044 [2022-02-20 18:02:33,956 INFO L226 Difference]: Without dead ends: 622 [2022-02-20 18:02:33,957 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:33,958 INFO L933 BasicCegarLoop]: 704 mSDtfsCounter, 1394 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2395 mSolverCounterSat, 505 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1414 SdHoareTripleChecker+Valid, 1690 SdHoareTripleChecker+Invalid, 2900 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 505 IncrementalHoareTripleChecker+Valid, 2395 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:33,958 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1414 Valid, 1690 Invalid, 2900 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [505 Valid, 2395 Invalid, 0 Unknown, 0 Unchecked, 3.2s Time] [2022-02-20 18:02:33,959 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 622 states. [2022-02-20 18:02:34,079 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 622 to 447. [2022-02-20 18:02:34,080 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:34,081 INFO L82 GeneralOperation]: Start isEquivalent. First operand 622 states. Second operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (75), 66 states have call predecessors, (75), 67 states have call successors, (75) [2022-02-20 18:02:34,081 INFO L74 IsIncluded]: Start isIncluded. First operand 622 states. Second operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (75), 66 states have call predecessors, (75), 67 states have call successors, (75) [2022-02-20 18:02:34,082 INFO L87 Difference]: Start difference. First operand 622 states. Second operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (75), 66 states have call predecessors, (75), 67 states have call successors, (75) [2022-02-20 18:02:34,100 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:34,101 INFO L93 Difference]: Finished difference Result 622 states and 990 transitions. [2022-02-20 18:02:34,101 INFO L276 IsEmpty]: Start isEmpty. Operand 622 states and 990 transitions. [2022-02-20 18:02:34,104 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:34,104 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:34,105 INFO L74 IsIncluded]: Start isIncluded. First operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (75), 66 states have call predecessors, (75), 67 states have call successors, (75) Second operand 622 states. [2022-02-20 18:02:34,106 INFO L87 Difference]: Start difference. First operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (75), 66 states have call predecessors, (75), 67 states have call successors, (75) Second operand 622 states. [2022-02-20 18:02:34,125 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:34,125 INFO L93 Difference]: Finished difference Result 622 states and 990 transitions. [2022-02-20 18:02:34,125 INFO L276 IsEmpty]: Start isEmpty. Operand 622 states and 990 transitions. [2022-02-20 18:02:34,128 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:34,128 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:34,128 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:34,128 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:34,129 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (75), 66 states have call predecessors, (75), 67 states have call successors, (75) [2022-02-20 18:02:34,157 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 447 states to 447 states and 700 transitions. [2022-02-20 18:02:34,157 INFO L78 Accepts]: Start accepts. Automaton has 447 states and 700 transitions. Word has length 106 [2022-02-20 18:02:34,158 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:34,158 INFO L470 AbstractCegarLoop]: Abstraction has 447 states and 700 transitions. [2022-02-20 18:02:34,158 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.5) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:02:34,158 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 700 transitions. [2022-02-20 18:02:34,159 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 108 [2022-02-20 18:02:34,159 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:34,159 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:34,159 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:02:34,160 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:34,160 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:34,160 INFO L85 PathProgramCache]: Analyzing trace with hash 467959, now seen corresponding path program 1 times [2022-02-20 18:02:34,160 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:34,160 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1791139970] [2022-02-20 18:02:34,160 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:34,161 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:34,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:34,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,221 INFO L290 TraceCheckUtils]: 0: Hoare triple {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,221 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,221 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,221 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21090#true} {21090#true} #1197#return; {21090#true} is VALID [2022-02-20 18:02:34,226 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:34,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,229 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,229 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,229 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21090#true} {21090#true} #1199#return; {21090#true} is VALID [2022-02-20 18:02:34,229 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:34,230 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume !(1 == ~handle); {21090#true} is VALID [2022-02-20 18:02:34,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,232 INFO L290 TraceCheckUtils]: 3: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,232 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21090#true} {21090#true} #1201#return; {21090#true} is VALID [2022-02-20 18:02:34,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:34,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,235 INFO L290 TraceCheckUtils]: 0: Hoare triple {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume !(1 == ~handle); {21090#true} is VALID [2022-02-20 18:02:34,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,236 INFO L290 TraceCheckUtils]: 3: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,236 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21090#true} {21090#true} #1203#return; {21090#true} is VALID [2022-02-20 18:02:34,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:34,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,251 INFO L290 TraceCheckUtils]: 0: Hoare triple {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21147#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {21147#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21147#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,251 INFO L290 TraceCheckUtils]: 2: Hoare triple {21147#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21147#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,252 INFO L290 TraceCheckUtils]: 3: Hoare triple {21147#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21148#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,252 INFO L290 TraceCheckUtils]: 4: Hoare triple {21148#(= 3 |setClientId_#in~handle|)} assume true; {21148#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,252 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21148#(= 3 |setClientId_#in~handle|)} {21110#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1205#return; {21117#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:34,253 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:34,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21149#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:34,283 INFO L290 TraceCheckUtils]: 1: Hoare triple {21149#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21150#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:34,283 INFO L290 TraceCheckUtils]: 2: Hoare triple {21150#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21150#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:34,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21150#(= |setClientPrivateKey_#in~handle| 1)} {21117#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1207#return; {21091#false} is VALID [2022-02-20 18:02:34,291 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:02:34,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {21151#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,295 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,295 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21090#true} {21091#false} #1157#return; {21091#false} is VALID [2022-02-20 18:02:34,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:02:34,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {21152#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,306 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,306 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21090#true} {21091#false} #1159#return; {21091#false} is VALID [2022-02-20 18:02:34,306 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:02:34,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {21090#true} ~handle := #in~handle;havoc ~retValue_acc~11; {21090#true} is VALID [2022-02-20 18:02:34,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {21090#true} is VALID [2022-02-20 18:02:34,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,308 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21090#true} {21091#false} #1139#return; {21091#false} is VALID [2022-02-20 18:02:34,309 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:02:34,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {21151#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,311 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,311 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21090#true} {21091#false} #1163#return; {21091#false} is VALID [2022-02-20 18:02:34,311 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:02:34,312 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {21090#true} ~handle := #in~handle;havoc ~retValue_acc~32; {21090#true} is VALID [2022-02-20 18:02:34,314 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {21090#true} is VALID [2022-02-20 18:02:34,314 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,314 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21090#true} {21091#false} #1165#return; {21091#false} is VALID [2022-02-20 18:02:34,314 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:02:34,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,316 INFO L290 TraceCheckUtils]: 0: Hoare triple {21090#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {21090#true} is VALID [2022-02-20 18:02:34,316 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,316 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {21090#true} {21091#false} #1167#return; {21091#false} is VALID [2022-02-20 18:02:34,316 INFO L290 TraceCheckUtils]: 0: Hoare triple {21090#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {21090#true} is VALID [2022-02-20 18:02:34,316 INFO L290 TraceCheckUtils]: 1: Hoare triple {21090#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {21090#true} is VALID [2022-02-20 18:02:34,316 INFO L290 TraceCheckUtils]: 2: Hoare triple {21090#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21090#true} is VALID [2022-02-20 18:02:34,316 INFO L290 TraceCheckUtils]: 3: Hoare triple {21090#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {21090#true} is VALID [2022-02-20 18:02:34,316 INFO L290 TraceCheckUtils]: 4: Hoare triple {21090#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {21090#true} is VALID [2022-02-20 18:02:34,316 INFO L290 TraceCheckUtils]: 5: Hoare triple {21090#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21090#true} is VALID [2022-02-20 18:02:34,317 INFO L272 TraceCheckUtils]: 6: Hoare triple {21090#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:34,317 INFO L290 TraceCheckUtils]: 7: Hoare triple {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,317 INFO L290 TraceCheckUtils]: 8: Hoare triple {21090#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,317 INFO L290 TraceCheckUtils]: 9: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,317 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21090#true} {21090#true} #1197#return; {21090#true} is VALID [2022-02-20 18:02:34,317 INFO L290 TraceCheckUtils]: 11: Hoare triple {21090#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L272 TraceCheckUtils]: 12: Hoare triple {21090#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:34,318 INFO L290 TraceCheckUtils]: 13: Hoare triple {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L290 TraceCheckUtils]: 14: Hoare triple {21090#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L290 TraceCheckUtils]: 15: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21090#true} {21090#true} #1199#return; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L290 TraceCheckUtils]: 17: Hoare triple {21090#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L272 TraceCheckUtils]: 18: Hoare triple {21090#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:34,318 INFO L290 TraceCheckUtils]: 19: Hoare triple {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L290 TraceCheckUtils]: 20: Hoare triple {21090#true} assume !(1 == ~handle); {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L290 TraceCheckUtils]: 21: Hoare triple {21090#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L290 TraceCheckUtils]: 22: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,318 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21090#true} {21090#true} #1201#return; {21090#true} is VALID [2022-02-20 18:02:34,319 INFO L290 TraceCheckUtils]: 24: Hoare triple {21090#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21090#true} is VALID [2022-02-20 18:02:34,319 INFO L272 TraceCheckUtils]: 25: Hoare triple {21090#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:34,319 INFO L290 TraceCheckUtils]: 26: Hoare triple {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,319 INFO L290 TraceCheckUtils]: 27: Hoare triple {21090#true} assume !(1 == ~handle); {21090#true} is VALID [2022-02-20 18:02:34,319 INFO L290 TraceCheckUtils]: 28: Hoare triple {21090#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,319 INFO L290 TraceCheckUtils]: 29: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,319 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21090#true} {21090#true} #1203#return; {21090#true} is VALID [2022-02-20 18:02:34,320 INFO L290 TraceCheckUtils]: 31: Hoare triple {21090#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21110#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:34,320 INFO L272 TraceCheckUtils]: 32: Hoare triple {21110#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:34,320 INFO L290 TraceCheckUtils]: 33: Hoare triple {21145#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21147#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,321 INFO L290 TraceCheckUtils]: 34: Hoare triple {21147#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21147#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,321 INFO L290 TraceCheckUtils]: 35: Hoare triple {21147#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21147#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,321 INFO L290 TraceCheckUtils]: 36: Hoare triple {21147#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21148#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,321 INFO L290 TraceCheckUtils]: 37: Hoare triple {21148#(= 3 |setClientId_#in~handle|)} assume true; {21148#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,322 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21148#(= 3 |setClientId_#in~handle|)} {21110#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1205#return; {21117#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:34,322 INFO L290 TraceCheckUtils]: 39: Hoare triple {21117#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21117#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:34,322 INFO L272 TraceCheckUtils]: 40: Hoare triple {21117#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:34,323 INFO L290 TraceCheckUtils]: 41: Hoare triple {21146#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21149#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:34,323 INFO L290 TraceCheckUtils]: 42: Hoare triple {21149#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21150#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:34,323 INFO L290 TraceCheckUtils]: 43: Hoare triple {21150#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21150#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:34,323 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {21150#(= |setClientPrivateKey_#in~handle| 1)} {21117#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1207#return; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 45: Hoare triple {21091#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 46: Hoare triple {21091#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 47: Hoare triple {21091#false} assume !false; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 48: Hoare triple {21091#false} assume test_~splverifierCounter~0#1 < 4; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 49: Hoare triple {21091#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 50: Hoare triple {21091#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 51: Hoare triple {21091#false} assume !(0 != test_~tmp___9~0#1); {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 52: Hoare triple {21091#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 53: Hoare triple {21091#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 54: Hoare triple {21091#false} assume !false; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 55: Hoare triple {21091#false} assume !(test_~splverifierCounter~0#1 < 4); {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 56: Hoare triple {21091#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L272 TraceCheckUtils]: 57: Hoare triple {21091#false} call sendEmail(~bob~0, ~rjh~0); {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 58: Hoare triple {21091#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L272 TraceCheckUtils]: 59: Hoare triple {21091#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21151#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 60: Hoare triple {21151#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 61: Hoare triple {21090#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,324 INFO L290 TraceCheckUtils]: 62: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,324 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {21090#true} {21091#false} #1157#return; {21091#false} is VALID [2022-02-20 18:02:34,324 INFO L272 TraceCheckUtils]: 64: Hoare triple {21091#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21152#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 65: Hoare triple {21152#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 66: Hoare triple {21090#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 67: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,325 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {21090#true} {21091#false} #1159#return; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 69: Hoare triple {21091#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 70: Hoare triple {21091#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L272 TraceCheckUtils]: 71: Hoare triple {21091#false} call outgoing(~sender#1, ~email~0#1); {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 72: Hoare triple {21091#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 73: Hoare triple {21091#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 74: Hoare triple {21091#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 75: Hoare triple {21091#false} assume 0 == sign_~privkey~0#1; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 76: Hoare triple {21091#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L272 TraceCheckUtils]: 77: Hoare triple {21091#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {21090#true} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 78: Hoare triple {21090#true} ~handle := #in~handle;havoc ~retValue_acc~11; {21090#true} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 79: Hoare triple {21090#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {21090#true} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 80: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,325 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {21090#true} {21091#false} #1139#return; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 82: Hoare triple {21091#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 83: Hoare triple {21091#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L272 TraceCheckUtils]: 84: Hoare triple {21091#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {21091#false} is VALID [2022-02-20 18:02:34,325 INFO L290 TraceCheckUtils]: 85: Hoare triple {21091#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 86: Hoare triple {21091#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 87: Hoare triple {21091#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L272 TraceCheckUtils]: 88: Hoare triple {21091#false} call setEmailFrom(~msg#1, ~tmp~1#1); {21151#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 89: Hoare triple {21151#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 90: Hoare triple {21090#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 91: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {21090#true} {21091#false} #1163#return; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 93: Hoare triple {21091#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L272 TraceCheckUtils]: 94: Hoare triple {21091#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 95: Hoare triple {21090#true} ~handle := #in~handle;havoc ~retValue_acc~32; {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 96: Hoare triple {21090#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 97: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {21090#true} {21091#false} #1165#return; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 99: Hoare triple {21091#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L272 TraceCheckUtils]: 100: Hoare triple {21091#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 101: Hoare triple {21090#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 102: Hoare triple {21090#true} assume true; {21090#true} is VALID [2022-02-20 18:02:34,326 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {21090#true} {21091#false} #1167#return; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 104: Hoare triple {21091#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {21091#false} is VALID [2022-02-20 18:02:34,326 INFO L290 TraceCheckUtils]: 105: Hoare triple {21091#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {21091#false} is VALID [2022-02-20 18:02:34,327 INFO L290 TraceCheckUtils]: 106: Hoare triple {21091#false} assume !false; {21091#false} is VALID [2022-02-20 18:02:34,327 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:02:34,327 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:34,327 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1791139970] [2022-02-20 18:02:34,327 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1791139970] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:34,327 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:34,327 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:34,327 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1667485014] [2022-02-20 18:02:34,327 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:34,339 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 107 [2022-02-20 18:02:34,339 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:34,340 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:34,395 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:34,395 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:34,395 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:34,396 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:34,396 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:34,396 INFO L87 Difference]: Start difference. First operand 447 states and 700 transitions. Second operand has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:44,410 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:44,411 INFO L93 Difference]: Finished difference Result 1042 states and 1652 transitions. [2022-02-20 18:02:44,411 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:02:44,411 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 107 [2022-02-20 18:02:44,411 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:44,412 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:44,420 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1404 transitions. [2022-02-20 18:02:44,421 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:44,449 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1404 transitions. [2022-02-20 18:02:44,449 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1404 transitions. [2022-02-20 18:02:45,542 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1404 edges. 1404 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:45,571 INFO L225 Difference]: With dead ends: 1042 [2022-02-20 18:02:45,571 INFO L226 Difference]: Without dead ends: 622 [2022-02-20 18:02:45,573 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:02:45,573 INFO L933 BasicCegarLoop]: 690 mSDtfsCounter, 1533 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 4278 mSolverCounterSat, 568 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1533 SdHoareTripleChecker+Valid, 2056 SdHoareTripleChecker+Invalid, 4846 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 568 IncrementalHoareTripleChecker+Valid, 4278 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:45,573 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1533 Valid, 2056 Invalid, 4846 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [568 Valid, 4278 Invalid, 0 Unknown, 0 Unchecked, 4.7s Time] [2022-02-20 18:02:45,574 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 622 states. [2022-02-20 18:02:45,665 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 622 to 447. [2022-02-20 18:02:45,665 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:45,666 INFO L82 GeneralOperation]: Start isEquivalent. First operand 622 states. Second operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2022-02-20 18:02:45,666 INFO L74 IsIncluded]: Start isIncluded. First operand 622 states. Second operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2022-02-20 18:02:45,667 INFO L87 Difference]: Start difference. First operand 622 states. Second operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2022-02-20 18:02:45,690 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:45,690 INFO L93 Difference]: Finished difference Result 622 states and 989 transitions. [2022-02-20 18:02:45,691 INFO L276 IsEmpty]: Start isEmpty. Operand 622 states and 989 transitions. [2022-02-20 18:02:45,694 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:45,695 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:45,696 INFO L74 IsIncluded]: Start isIncluded. First operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) Second operand 622 states. [2022-02-20 18:02:45,696 INFO L87 Difference]: Start difference. First operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) Second operand 622 states. [2022-02-20 18:02:45,715 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:45,715 INFO L93 Difference]: Finished difference Result 622 states and 989 transitions. [2022-02-20 18:02:45,715 INFO L276 IsEmpty]: Start isEmpty. Operand 622 states and 989 transitions. [2022-02-20 18:02:45,719 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:45,719 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:45,719 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:45,719 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:45,720 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 447 states, 354 states have (on average 1.573446327683616) internal successors, (557), 359 states have internal predecessors, (557), 68 states have call successors, (68), 21 states have call predecessors, (68), 24 states have return successors, (74), 66 states have call predecessors, (74), 67 states have call successors, (74) [2022-02-20 18:02:45,739 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 447 states to 447 states and 699 transitions. [2022-02-20 18:02:45,739 INFO L78 Accepts]: Start accepts. Automaton has 447 states and 699 transitions. Word has length 107 [2022-02-20 18:02:45,739 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:45,739 INFO L470 AbstractCegarLoop]: Abstraction has 447 states and 699 transitions. [2022-02-20 18:02:45,740 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.545454545454546) internal successors, (72), 8 states have internal predecessors, (72), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:45,740 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 699 transitions. [2022-02-20 18:02:45,741 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 18:02:45,741 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:45,741 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:45,741 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:02:45,741 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:45,742 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:45,742 INFO L85 PathProgramCache]: Analyzing trace with hash 1968388372, now seen corresponding path program 2 times [2022-02-20 18:02:45,742 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:45,742 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1192159486] [2022-02-20 18:02:45,742 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:45,742 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:45,761 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,782 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:45,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,785 INFO L290 TraceCheckUtils]: 0: Hoare triple {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,785 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,785 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24506#true} {24506#true} #1197#return; {24506#true} is VALID [2022-02-20 18:02:45,790 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:45,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,792 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,792 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24506#true} {24506#true} #1199#return; {24506#true} is VALID [2022-02-20 18:02:45,793 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:45,793 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,795 INFO L290 TraceCheckUtils]: 0: Hoare triple {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,795 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume !(1 == ~handle); {24506#true} is VALID [2022-02-20 18:02:45,795 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,795 INFO L290 TraceCheckUtils]: 3: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,795 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24506#true} {24506#true} #1201#return; {24506#true} is VALID [2022-02-20 18:02:45,795 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:45,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume !(1 == ~handle); {24506#true} is VALID [2022-02-20 18:02:45,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,797 INFO L290 TraceCheckUtils]: 3: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,797 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24506#true} {24506#true} #1203#return; {24506#true} is VALID [2022-02-20 18:02:45,797 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:45,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24564#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {24564#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {24564#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,811 INFO L290 TraceCheckUtils]: 2: Hoare triple {24564#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {24564#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,811 INFO L290 TraceCheckUtils]: 3: Hoare triple {24564#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24565#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,811 INFO L290 TraceCheckUtils]: 4: Hoare triple {24565#(= 3 |setClientId_#in~handle|)} assume true; {24565#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,812 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24565#(= 3 |setClientId_#in~handle|)} {24526#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1205#return; {24533#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:45,812 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:45,813 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,825 INFO L290 TraceCheckUtils]: 0: Hoare triple {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24566#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:45,826 INFO L290 TraceCheckUtils]: 1: Hoare triple {24566#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {24566#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:45,826 INFO L290 TraceCheckUtils]: 2: Hoare triple {24566#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24567#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:45,826 INFO L290 TraceCheckUtils]: 3: Hoare triple {24567#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {24567#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:45,827 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24567#(= 2 |setClientPrivateKey_#in~handle|)} {24533#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1207#return; {24507#false} is VALID [2022-02-20 18:02:45,833 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:02:45,834 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {24568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,835 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,836 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24506#true} {24507#false} #1157#return; {24507#false} is VALID [2022-02-20 18:02:45,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:02:45,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,844 INFO L290 TraceCheckUtils]: 0: Hoare triple {24569#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,845 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,845 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,845 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24506#true} {24507#false} #1159#return; {24507#false} is VALID [2022-02-20 18:02:45,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:02:45,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {24506#true} ~handle := #in~handle;havoc ~retValue_acc~11; {24506#true} is VALID [2022-02-20 18:02:45,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {24506#true} is VALID [2022-02-20 18:02:45,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,848 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24506#true} {24507#false} #1139#return; {24507#false} is VALID [2022-02-20 18:02:45,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:02:45,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {24568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,850 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,850 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,850 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24506#true} {24507#false} #1163#return; {24507#false} is VALID [2022-02-20 18:02:45,850 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:02:45,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {24506#true} ~handle := #in~handle;havoc ~retValue_acc~32; {24506#true} is VALID [2022-02-20 18:02:45,852 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {24506#true} is VALID [2022-02-20 18:02:45,852 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,852 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24506#true} {24507#false} #1165#return; {24507#false} is VALID [2022-02-20 18:02:45,852 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:45,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:45,853 INFO L290 TraceCheckUtils]: 0: Hoare triple {24506#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {24506#true} is VALID [2022-02-20 18:02:45,853 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,853 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {24506#true} {24507#false} #1167#return; {24507#false} is VALID [2022-02-20 18:02:45,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {24506#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {24506#true} is VALID [2022-02-20 18:02:45,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {24506#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {24506#true} is VALID [2022-02-20 18:02:45,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {24506#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24506#true} is VALID [2022-02-20 18:02:45,854 INFO L290 TraceCheckUtils]: 3: Hoare triple {24506#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {24506#true} is VALID [2022-02-20 18:02:45,854 INFO L290 TraceCheckUtils]: 4: Hoare triple {24506#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {24506#true} is VALID [2022-02-20 18:02:45,854 INFO L290 TraceCheckUtils]: 5: Hoare triple {24506#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24506#true} is VALID [2022-02-20 18:02:45,854 INFO L272 TraceCheckUtils]: 6: Hoare triple {24506#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:45,855 INFO L290 TraceCheckUtils]: 7: Hoare triple {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,855 INFO L290 TraceCheckUtils]: 8: Hoare triple {24506#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,855 INFO L290 TraceCheckUtils]: 9: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,855 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24506#true} {24506#true} #1197#return; {24506#true} is VALID [2022-02-20 18:02:45,855 INFO L290 TraceCheckUtils]: 11: Hoare triple {24506#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24506#true} is VALID [2022-02-20 18:02:45,855 INFO L272 TraceCheckUtils]: 12: Hoare triple {24506#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:45,856 INFO L290 TraceCheckUtils]: 13: Hoare triple {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,856 INFO L290 TraceCheckUtils]: 14: Hoare triple {24506#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,856 INFO L290 TraceCheckUtils]: 15: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,856 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24506#true} {24506#true} #1199#return; {24506#true} is VALID [2022-02-20 18:02:45,856 INFO L290 TraceCheckUtils]: 17: Hoare triple {24506#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24506#true} is VALID [2022-02-20 18:02:45,856 INFO L272 TraceCheckUtils]: 18: Hoare triple {24506#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:45,857 INFO L290 TraceCheckUtils]: 19: Hoare triple {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,857 INFO L290 TraceCheckUtils]: 20: Hoare triple {24506#true} assume !(1 == ~handle); {24506#true} is VALID [2022-02-20 18:02:45,857 INFO L290 TraceCheckUtils]: 21: Hoare triple {24506#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,857 INFO L290 TraceCheckUtils]: 22: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,857 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24506#true} {24506#true} #1201#return; {24506#true} is VALID [2022-02-20 18:02:45,857 INFO L290 TraceCheckUtils]: 24: Hoare triple {24506#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24506#true} is VALID [2022-02-20 18:02:45,858 INFO L272 TraceCheckUtils]: 25: Hoare triple {24506#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:45,858 INFO L290 TraceCheckUtils]: 26: Hoare triple {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,858 INFO L290 TraceCheckUtils]: 27: Hoare triple {24506#true} assume !(1 == ~handle); {24506#true} is VALID [2022-02-20 18:02:45,858 INFO L290 TraceCheckUtils]: 28: Hoare triple {24506#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,858 INFO L290 TraceCheckUtils]: 29: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,858 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24506#true} {24506#true} #1203#return; {24506#true} is VALID [2022-02-20 18:02:45,858 INFO L290 TraceCheckUtils]: 31: Hoare triple {24506#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24526#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:45,859 INFO L272 TraceCheckUtils]: 32: Hoare triple {24526#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:45,859 INFO L290 TraceCheckUtils]: 33: Hoare triple {24562#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24564#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,859 INFO L290 TraceCheckUtils]: 34: Hoare triple {24564#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {24564#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,860 INFO L290 TraceCheckUtils]: 35: Hoare triple {24564#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {24564#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,860 INFO L290 TraceCheckUtils]: 36: Hoare triple {24564#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24565#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,860 INFO L290 TraceCheckUtils]: 37: Hoare triple {24565#(= 3 |setClientId_#in~handle|)} assume true; {24565#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:45,861 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24565#(= 3 |setClientId_#in~handle|)} {24526#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1205#return; {24533#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:45,861 INFO L290 TraceCheckUtils]: 39: Hoare triple {24533#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {24533#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:02:45,861 INFO L272 TraceCheckUtils]: 40: Hoare triple {24533#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:45,862 INFO L290 TraceCheckUtils]: 41: Hoare triple {24563#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24566#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:45,862 INFO L290 TraceCheckUtils]: 42: Hoare triple {24566#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {24566#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:45,862 INFO L290 TraceCheckUtils]: 43: Hoare triple {24566#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24567#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:45,863 INFO L290 TraceCheckUtils]: 44: Hoare triple {24567#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {24567#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:45,863 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {24567#(= 2 |setClientPrivateKey_#in~handle|)} {24533#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1207#return; {24507#false} is VALID [2022-02-20 18:02:45,863 INFO L290 TraceCheckUtils]: 46: Hoare triple {24507#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {24507#false} is VALID [2022-02-20 18:02:45,863 INFO L290 TraceCheckUtils]: 47: Hoare triple {24507#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24507#false} is VALID [2022-02-20 18:02:45,863 INFO L290 TraceCheckUtils]: 48: Hoare triple {24507#false} assume !false; {24507#false} is VALID [2022-02-20 18:02:45,863 INFO L290 TraceCheckUtils]: 49: Hoare triple {24507#false} assume test_~splverifierCounter~0#1 < 4; {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L290 TraceCheckUtils]: 50: Hoare triple {24507#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L290 TraceCheckUtils]: 51: Hoare triple {24507#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L290 TraceCheckUtils]: 52: Hoare triple {24507#false} assume !(0 != test_~tmp___9~0#1); {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L290 TraceCheckUtils]: 53: Hoare triple {24507#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L290 TraceCheckUtils]: 54: Hoare triple {24507#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L290 TraceCheckUtils]: 55: Hoare triple {24507#false} assume !false; {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L290 TraceCheckUtils]: 56: Hoare triple {24507#false} assume !(test_~splverifierCounter~0#1 < 4); {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L290 TraceCheckUtils]: 57: Hoare triple {24507#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {24507#false} is VALID [2022-02-20 18:02:45,864 INFO L272 TraceCheckUtils]: 58: Hoare triple {24507#false} call sendEmail(~bob~0, ~rjh~0); {24507#false} is VALID [2022-02-20 18:02:45,865 INFO L290 TraceCheckUtils]: 59: Hoare triple {24507#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24507#false} is VALID [2022-02-20 18:02:45,865 INFO L272 TraceCheckUtils]: 60: Hoare triple {24507#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:45,865 INFO L290 TraceCheckUtils]: 61: Hoare triple {24568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,865 INFO L290 TraceCheckUtils]: 62: Hoare triple {24506#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,865 INFO L290 TraceCheckUtils]: 63: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,865 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {24506#true} {24507#false} #1157#return; {24507#false} is VALID [2022-02-20 18:02:45,865 INFO L272 TraceCheckUtils]: 65: Hoare triple {24507#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24569#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:45,865 INFO L290 TraceCheckUtils]: 66: Hoare triple {24569#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,865 INFO L290 TraceCheckUtils]: 67: Hoare triple {24506#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,866 INFO L290 TraceCheckUtils]: 68: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,866 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {24506#true} {24507#false} #1159#return; {24507#false} is VALID [2022-02-20 18:02:45,866 INFO L290 TraceCheckUtils]: 70: Hoare triple {24507#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {24507#false} is VALID [2022-02-20 18:02:45,866 INFO L290 TraceCheckUtils]: 71: Hoare triple {24507#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {24507#false} is VALID [2022-02-20 18:02:45,866 INFO L272 TraceCheckUtils]: 72: Hoare triple {24507#false} call outgoing(~sender#1, ~email~0#1); {24507#false} is VALID [2022-02-20 18:02:45,866 INFO L290 TraceCheckUtils]: 73: Hoare triple {24507#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {24507#false} is VALID [2022-02-20 18:02:45,866 INFO L290 TraceCheckUtils]: 74: Hoare triple {24507#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {24507#false} is VALID [2022-02-20 18:02:45,866 INFO L290 TraceCheckUtils]: 75: Hoare triple {24507#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {24507#false} is VALID [2022-02-20 18:02:45,866 INFO L290 TraceCheckUtils]: 76: Hoare triple {24507#false} assume 0 == sign_~privkey~0#1; {24507#false} is VALID [2022-02-20 18:02:45,867 INFO L290 TraceCheckUtils]: 77: Hoare triple {24507#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {24507#false} is VALID [2022-02-20 18:02:45,867 INFO L272 TraceCheckUtils]: 78: Hoare triple {24507#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {24506#true} is VALID [2022-02-20 18:02:45,867 INFO L290 TraceCheckUtils]: 79: Hoare triple {24506#true} ~handle := #in~handle;havoc ~retValue_acc~11; {24506#true} is VALID [2022-02-20 18:02:45,867 INFO L290 TraceCheckUtils]: 80: Hoare triple {24506#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {24506#true} is VALID [2022-02-20 18:02:45,867 INFO L290 TraceCheckUtils]: 81: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,867 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {24506#true} {24507#false} #1139#return; {24507#false} is VALID [2022-02-20 18:02:45,867 INFO L290 TraceCheckUtils]: 83: Hoare triple {24507#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {24507#false} is VALID [2022-02-20 18:02:45,867 INFO L290 TraceCheckUtils]: 84: Hoare triple {24507#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {24507#false} is VALID [2022-02-20 18:02:45,867 INFO L272 TraceCheckUtils]: 85: Hoare triple {24507#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {24507#false} is VALID [2022-02-20 18:02:45,867 INFO L290 TraceCheckUtils]: 86: Hoare triple {24507#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {24507#false} is VALID [2022-02-20 18:02:45,868 INFO L290 TraceCheckUtils]: 87: Hoare triple {24507#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {24507#false} is VALID [2022-02-20 18:02:45,868 INFO L290 TraceCheckUtils]: 88: Hoare triple {24507#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {24507#false} is VALID [2022-02-20 18:02:45,868 INFO L272 TraceCheckUtils]: 89: Hoare triple {24507#false} call setEmailFrom(~msg#1, ~tmp~1#1); {24568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:45,868 INFO L290 TraceCheckUtils]: 90: Hoare triple {24568#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24506#true} is VALID [2022-02-20 18:02:45,868 INFO L290 TraceCheckUtils]: 91: Hoare triple {24506#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24506#true} is VALID [2022-02-20 18:02:45,868 INFO L290 TraceCheckUtils]: 92: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,868 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {24506#true} {24507#false} #1163#return; {24507#false} is VALID [2022-02-20 18:02:45,868 INFO L290 TraceCheckUtils]: 94: Hoare triple {24507#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {24507#false} is VALID [2022-02-20 18:02:45,868 INFO L272 TraceCheckUtils]: 95: Hoare triple {24507#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {24506#true} is VALID [2022-02-20 18:02:45,869 INFO L290 TraceCheckUtils]: 96: Hoare triple {24506#true} ~handle := #in~handle;havoc ~retValue_acc~32; {24506#true} is VALID [2022-02-20 18:02:45,869 INFO L290 TraceCheckUtils]: 97: Hoare triple {24506#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {24506#true} is VALID [2022-02-20 18:02:45,869 INFO L290 TraceCheckUtils]: 98: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,869 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {24506#true} {24507#false} #1165#return; {24507#false} is VALID [2022-02-20 18:02:45,869 INFO L290 TraceCheckUtils]: 100: Hoare triple {24507#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {24507#false} is VALID [2022-02-20 18:02:45,869 INFO L272 TraceCheckUtils]: 101: Hoare triple {24507#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {24506#true} is VALID [2022-02-20 18:02:45,869 INFO L290 TraceCheckUtils]: 102: Hoare triple {24506#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {24506#true} is VALID [2022-02-20 18:02:45,869 INFO L290 TraceCheckUtils]: 103: Hoare triple {24506#true} assume true; {24506#true} is VALID [2022-02-20 18:02:45,869 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {24506#true} {24507#false} #1167#return; {24507#false} is VALID [2022-02-20 18:02:45,870 INFO L290 TraceCheckUtils]: 105: Hoare triple {24507#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {24507#false} is VALID [2022-02-20 18:02:45,870 INFO L290 TraceCheckUtils]: 106: Hoare triple {24507#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {24507#false} is VALID [2022-02-20 18:02:45,870 INFO L290 TraceCheckUtils]: 107: Hoare triple {24507#false} assume !false; {24507#false} is VALID [2022-02-20 18:02:45,870 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:02:45,870 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:45,870 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1192159486] [2022-02-20 18:02:45,870 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1192159486] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:45,871 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:45,871 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:45,871 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [340737862] [2022-02-20 18:02:45,871 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:45,871 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 108 [2022-02-20 18:02:45,872 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:45,872 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:45,926 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:45,926 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:45,926 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:45,927 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:45,927 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:45,927 INFO L87 Difference]: Start difference. First operand 447 states and 699 transitions. Second operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:55,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:55,973 INFO L93 Difference]: Finished difference Result 1044 states and 1658 transitions. [2022-02-20 18:02:55,973 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:02:55,973 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 108 [2022-02-20 18:02:55,973 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:55,973 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:55,982 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1405 transitions. [2022-02-20 18:02:55,982 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:55,991 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1405 transitions. [2022-02-20 18:02:55,991 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1405 transitions. [2022-02-20 18:02:57,086 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1405 edges. 1405 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:57,105 INFO L225 Difference]: With dead ends: 1044 [2022-02-20 18:02:57,105 INFO L226 Difference]: Without dead ends: 624 [2022-02-20 18:02:57,107 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:02:57,107 INFO L933 BasicCegarLoop]: 689 mSDtfsCounter, 1528 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 4311 mSolverCounterSat, 552 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1528 SdHoareTripleChecker+Valid, 2055 SdHoareTripleChecker+Invalid, 4863 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 552 IncrementalHoareTripleChecker+Valid, 4311 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:57,107 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1528 Valid, 2055 Invalid, 4863 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [552 Valid, 4311 Invalid, 0 Unknown, 0 Unchecked, 4.8s Time] [2022-02-20 18:02:57,108 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 624 states. [2022-02-20 18:02:57,194 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 624 to 449. [2022-02-20 18:02:57,194 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:57,194 INFO L82 GeneralOperation]: Start isEquivalent. First operand 624 states. Second operand has 449 states, 355 states have (on average 1.5718309859154929) internal successors, (558), 361 states have internal predecessors, (558), 68 states have call successors, (68), 21 states have call predecessors, (68), 25 states have return successors, (79), 66 states have call predecessors, (79), 67 states have call successors, (79) [2022-02-20 18:02:57,195 INFO L74 IsIncluded]: Start isIncluded. First operand 624 states. Second operand has 449 states, 355 states have (on average 1.5718309859154929) internal successors, (558), 361 states have internal predecessors, (558), 68 states have call successors, (68), 21 states have call predecessors, (68), 25 states have return successors, (79), 66 states have call predecessors, (79), 67 states have call successors, (79) [2022-02-20 18:02:57,196 INFO L87 Difference]: Start difference. First operand 624 states. Second operand has 449 states, 355 states have (on average 1.5718309859154929) internal successors, (558), 361 states have internal predecessors, (558), 68 states have call successors, (68), 21 states have call predecessors, (68), 25 states have return successors, (79), 66 states have call predecessors, (79), 67 states have call successors, (79) [2022-02-20 18:02:57,213 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:57,213 INFO L93 Difference]: Finished difference Result 624 states and 995 transitions. [2022-02-20 18:02:57,213 INFO L276 IsEmpty]: Start isEmpty. Operand 624 states and 995 transitions. [2022-02-20 18:02:57,216 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:57,216 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:57,217 INFO L74 IsIncluded]: Start isIncluded. First operand has 449 states, 355 states have (on average 1.5718309859154929) internal successors, (558), 361 states have internal predecessors, (558), 68 states have call successors, (68), 21 states have call predecessors, (68), 25 states have return successors, (79), 66 states have call predecessors, (79), 67 states have call successors, (79) Second operand 624 states. [2022-02-20 18:02:57,217 INFO L87 Difference]: Start difference. First operand has 449 states, 355 states have (on average 1.5718309859154929) internal successors, (558), 361 states have internal predecessors, (558), 68 states have call successors, (68), 21 states have call predecessors, (68), 25 states have return successors, (79), 66 states have call predecessors, (79), 67 states have call successors, (79) Second operand 624 states. [2022-02-20 18:02:57,235 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:57,236 INFO L93 Difference]: Finished difference Result 624 states and 995 transitions. [2022-02-20 18:02:57,236 INFO L276 IsEmpty]: Start isEmpty. Operand 624 states and 995 transitions. [2022-02-20 18:02:57,238 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:57,238 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:57,239 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:57,239 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:57,240 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 449 states, 355 states have (on average 1.5718309859154929) internal successors, (558), 361 states have internal predecessors, (558), 68 states have call successors, (68), 21 states have call predecessors, (68), 25 states have return successors, (79), 66 states have call predecessors, (79), 67 states have call successors, (79) [2022-02-20 18:02:57,252 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 449 states to 449 states and 705 transitions. [2022-02-20 18:02:57,252 INFO L78 Accepts]: Start accepts. Automaton has 449 states and 705 transitions. Word has length 108 [2022-02-20 18:02:57,252 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:57,252 INFO L470 AbstractCegarLoop]: Abstraction has 449 states and 705 transitions. [2022-02-20 18:02:57,253 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.636363636363637) internal successors, (73), 8 states have internal predecessors, (73), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:02:57,253 INFO L276 IsEmpty]: Start isEmpty. Operand 449 states and 705 transitions. [2022-02-20 18:02:57,254 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 18:02:57,254 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:57,254 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:57,254 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:02:57,254 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__KeysErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:57,255 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:57,255 INFO L85 PathProgramCache]: Analyzing trace with hash 776413084, now seen corresponding path program 1 times [2022-02-20 18:02:57,255 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:57,255 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1846195908] [2022-02-20 18:02:57,255 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:57,255 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:57,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,299 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:57,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,302 INFO L290 TraceCheckUtils]: 0: Hoare triple {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,303 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,303 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,303 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27931#true} {27931#true} #1197#return; {27931#true} is VALID [2022-02-20 18:02:57,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:57,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,311 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,311 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27931#true} {27931#true} #1199#return; {27931#true} is VALID [2022-02-20 18:02:57,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:57,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,315 INFO L290 TraceCheckUtils]: 3: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,315 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27931#true} {27931#true} #1201#return; {27931#true} is VALID [2022-02-20 18:02:57,315 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:57,316 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,317 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,317 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,318 INFO L290 TraceCheckUtils]: 3: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,318 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27931#true} {27931#true} #1203#return; {27931#true} is VALID [2022-02-20 18:02:57,318 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:57,319 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,320 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume !(2 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,320 INFO L290 TraceCheckUtils]: 3: Hoare triple {27931#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,321 INFO L290 TraceCheckUtils]: 4: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,321 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27931#true} {27931#true} #1205#return; {27931#true} is VALID [2022-02-20 18:02:57,321 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:57,322 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,323 INFO L290 TraceCheckUtils]: 0: Hoare triple {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,323 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,323 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume !(2 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,323 INFO L290 TraceCheckUtils]: 3: Hoare triple {27931#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,324 INFO L290 TraceCheckUtils]: 4: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,324 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27931#true} {27931#true} #1207#return; {27931#true} is VALID [2022-02-20 18:02:57,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:57,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,331 INFO L290 TraceCheckUtils]: 0: Hoare triple {27990#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,331 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,331 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,331 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27931#true} {27932#false} #1157#return; {27932#false} is VALID [2022-02-20 18:02:57,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:02:57,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {27991#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,338 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27931#true} {27932#false} #1159#return; {27932#false} is VALID [2022-02-20 18:02:57,338 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:02:57,339 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,340 INFO L290 TraceCheckUtils]: 0: Hoare triple {27931#true} ~handle := #in~handle;havoc ~retValue_acc~11; {27931#true} is VALID [2022-02-20 18:02:57,340 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {27931#true} is VALID [2022-02-20 18:02:57,340 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,340 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27931#true} {27932#false} #1139#return; {27932#false} is VALID [2022-02-20 18:02:57,340 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:02:57,341 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,343 INFO L290 TraceCheckUtils]: 0: Hoare triple {27990#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,343 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,343 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,344 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27931#true} {27932#false} #1163#return; {27932#false} is VALID [2022-02-20 18:02:57,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:57,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,346 INFO L290 TraceCheckUtils]: 0: Hoare triple {27931#true} ~handle := #in~handle;havoc ~retValue_acc~32; {27931#true} is VALID [2022-02-20 18:02:57,346 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {27931#true} is VALID [2022-02-20 18:02:57,346 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,346 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27931#true} {27932#false} #1165#return; {27932#false} is VALID [2022-02-20 18:02:57,346 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:57,347 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {27931#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {27931#true} is VALID [2022-02-20 18:02:57,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,349 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27931#true} {27932#false} #1167#return; {27932#false} is VALID [2022-02-20 18:02:57,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {27931#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {27931#true} is VALID [2022-02-20 18:02:57,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {27931#true} is VALID [2022-02-20 18:02:57,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27931#true} is VALID [2022-02-20 18:02:57,349 INFO L290 TraceCheckUtils]: 3: Hoare triple {27931#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {27931#true} is VALID [2022-02-20 18:02:57,349 INFO L290 TraceCheckUtils]: 4: Hoare triple {27931#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {27931#true} is VALID [2022-02-20 18:02:57,349 INFO L290 TraceCheckUtils]: 5: Hoare triple {27931#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27931#true} is VALID [2022-02-20 18:02:57,350 INFO L272 TraceCheckUtils]: 6: Hoare triple {27931#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:57,350 INFO L290 TraceCheckUtils]: 7: Hoare triple {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,350 INFO L290 TraceCheckUtils]: 8: Hoare triple {27931#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,350 INFO L290 TraceCheckUtils]: 9: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,350 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27931#true} {27931#true} #1197#return; {27931#true} is VALID [2022-02-20 18:02:57,350 INFO L290 TraceCheckUtils]: 11: Hoare triple {27931#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:57,351 INFO L272 TraceCheckUtils]: 12: Hoare triple {27931#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:57,351 INFO L290 TraceCheckUtils]: 13: Hoare triple {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,351 INFO L290 TraceCheckUtils]: 14: Hoare triple {27931#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,351 INFO L290 TraceCheckUtils]: 15: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,351 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27931#true} {27931#true} #1199#return; {27931#true} is VALID [2022-02-20 18:02:57,351 INFO L290 TraceCheckUtils]: 17: Hoare triple {27931#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27931#true} is VALID [2022-02-20 18:02:57,352 INFO L272 TraceCheckUtils]: 18: Hoare triple {27931#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:57,352 INFO L290 TraceCheckUtils]: 19: Hoare triple {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,352 INFO L290 TraceCheckUtils]: 20: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,352 INFO L290 TraceCheckUtils]: 21: Hoare triple {27931#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,352 INFO L290 TraceCheckUtils]: 22: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,352 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27931#true} {27931#true} #1201#return; {27931#true} is VALID [2022-02-20 18:02:57,352 INFO L290 TraceCheckUtils]: 24: Hoare triple {27931#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:57,353 INFO L272 TraceCheckUtils]: 25: Hoare triple {27931#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:57,353 INFO L290 TraceCheckUtils]: 26: Hoare triple {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,353 INFO L290 TraceCheckUtils]: 27: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,353 INFO L290 TraceCheckUtils]: 28: Hoare triple {27931#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,353 INFO L290 TraceCheckUtils]: 29: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,353 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27931#true} {27931#true} #1203#return; {27931#true} is VALID [2022-02-20 18:02:57,354 INFO L290 TraceCheckUtils]: 31: Hoare triple {27931#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27931#true} is VALID [2022-02-20 18:02:57,354 INFO L272 TraceCheckUtils]: 32: Hoare triple {27931#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:57,354 INFO L290 TraceCheckUtils]: 33: Hoare triple {27988#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,354 INFO L290 TraceCheckUtils]: 34: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,354 INFO L290 TraceCheckUtils]: 35: Hoare triple {27931#true} assume !(2 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,354 INFO L290 TraceCheckUtils]: 36: Hoare triple {27931#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,355 INFO L290 TraceCheckUtils]: 37: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,355 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27931#true} {27931#true} #1205#return; {27931#true} is VALID [2022-02-20 18:02:57,355 INFO L290 TraceCheckUtils]: 39: Hoare triple {27931#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:57,359 INFO L272 TraceCheckUtils]: 40: Hoare triple {27931#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:57,359 INFO L290 TraceCheckUtils]: 41: Hoare triple {27989#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,359 INFO L290 TraceCheckUtils]: 42: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,359 INFO L290 TraceCheckUtils]: 43: Hoare triple {27931#true} assume !(2 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,359 INFO L290 TraceCheckUtils]: 44: Hoare triple {27931#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,359 INFO L290 TraceCheckUtils]: 45: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,359 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27931#true} {27931#true} #1207#return; {27931#true} is VALID [2022-02-20 18:02:57,359 INFO L290 TraceCheckUtils]: 47: Hoare triple {27931#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {27931#true} is VALID [2022-02-20 18:02:57,360 INFO L290 TraceCheckUtils]: 48: Hoare triple {27931#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {27963#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:57,360 INFO L290 TraceCheckUtils]: 49: Hoare triple {27963#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {27963#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:57,360 INFO L290 TraceCheckUtils]: 50: Hoare triple {27963#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {27963#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:57,361 INFO L290 TraceCheckUtils]: 51: Hoare triple {27963#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,361 INFO L290 TraceCheckUtils]: 52: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,361 INFO L290 TraceCheckUtils]: 53: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,361 INFO L290 TraceCheckUtils]: 54: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,362 INFO L290 TraceCheckUtils]: 55: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,362 INFO L290 TraceCheckUtils]: 56: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,362 INFO L290 TraceCheckUtils]: 57: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {27932#false} is VALID [2022-02-20 18:02:57,362 INFO L290 TraceCheckUtils]: 58: Hoare triple {27932#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {27932#false} is VALID [2022-02-20 18:02:57,362 INFO L272 TraceCheckUtils]: 59: Hoare triple {27932#false} call sendEmail(~bob~0, ~rjh~0); {27932#false} is VALID [2022-02-20 18:02:57,363 INFO L290 TraceCheckUtils]: 60: Hoare triple {27932#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27932#false} is VALID [2022-02-20 18:02:57,363 INFO L272 TraceCheckUtils]: 61: Hoare triple {27932#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27990#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:57,363 INFO L290 TraceCheckUtils]: 62: Hoare triple {27990#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,363 INFO L290 TraceCheckUtils]: 63: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,363 INFO L290 TraceCheckUtils]: 64: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,363 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {27931#true} {27932#false} #1157#return; {27932#false} is VALID [2022-02-20 18:02:57,363 INFO L272 TraceCheckUtils]: 66: Hoare triple {27932#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {27991#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:57,363 INFO L290 TraceCheckUtils]: 67: Hoare triple {27991#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,363 INFO L290 TraceCheckUtils]: 68: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 69: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,364 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {27931#true} {27932#false} #1159#return; {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 71: Hoare triple {27932#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 72: Hoare triple {27932#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L272 TraceCheckUtils]: 73: Hoare triple {27932#false} call outgoing(~sender#1, ~email~0#1); {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 74: Hoare triple {27932#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 75: Hoare triple {27932#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 76: Hoare triple {27932#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 77: Hoare triple {27932#false} assume 0 == sign_~privkey~0#1; {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 78: Hoare triple {27932#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {27932#false} is VALID [2022-02-20 18:02:57,364 INFO L272 TraceCheckUtils]: 79: Hoare triple {27932#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {27931#true} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 80: Hoare triple {27931#true} ~handle := #in~handle;havoc ~retValue_acc~11; {27931#true} is VALID [2022-02-20 18:02:57,364 INFO L290 TraceCheckUtils]: 81: Hoare triple {27931#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {27931#true} is VALID [2022-02-20 18:02:57,365 INFO L290 TraceCheckUtils]: 82: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,365 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {27931#true} {27932#false} #1139#return; {27932#false} is VALID [2022-02-20 18:02:57,365 INFO L290 TraceCheckUtils]: 84: Hoare triple {27932#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {27932#false} is VALID [2022-02-20 18:02:57,365 INFO L290 TraceCheckUtils]: 85: Hoare triple {27932#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {27932#false} is VALID [2022-02-20 18:02:57,365 INFO L272 TraceCheckUtils]: 86: Hoare triple {27932#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {27932#false} is VALID [2022-02-20 18:02:57,365 INFO L290 TraceCheckUtils]: 87: Hoare triple {27932#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {27932#false} is VALID [2022-02-20 18:02:57,365 INFO L290 TraceCheckUtils]: 88: Hoare triple {27932#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {27932#false} is VALID [2022-02-20 18:02:57,365 INFO L290 TraceCheckUtils]: 89: Hoare triple {27932#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {27932#false} is VALID [2022-02-20 18:02:57,365 INFO L272 TraceCheckUtils]: 90: Hoare triple {27932#false} call setEmailFrom(~msg#1, ~tmp~1#1); {27990#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:57,365 INFO L290 TraceCheckUtils]: 91: Hoare triple {27990#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,366 INFO L290 TraceCheckUtils]: 92: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,366 INFO L290 TraceCheckUtils]: 93: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,366 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {27931#true} {27932#false} #1163#return; {27932#false} is VALID [2022-02-20 18:02:57,366 INFO L290 TraceCheckUtils]: 95: Hoare triple {27932#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {27932#false} is VALID [2022-02-20 18:02:57,366 INFO L272 TraceCheckUtils]: 96: Hoare triple {27932#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {27931#true} is VALID [2022-02-20 18:02:57,366 INFO L290 TraceCheckUtils]: 97: Hoare triple {27931#true} ~handle := #in~handle;havoc ~retValue_acc~32; {27931#true} is VALID [2022-02-20 18:02:57,366 INFO L290 TraceCheckUtils]: 98: Hoare triple {27931#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {27931#true} is VALID [2022-02-20 18:02:57,366 INFO L290 TraceCheckUtils]: 99: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,366 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {27931#true} {27932#false} #1165#return; {27932#false} is VALID [2022-02-20 18:02:57,367 INFO L290 TraceCheckUtils]: 101: Hoare triple {27932#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {27932#false} is VALID [2022-02-20 18:02:57,367 INFO L272 TraceCheckUtils]: 102: Hoare triple {27932#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {27931#true} is VALID [2022-02-20 18:02:57,367 INFO L290 TraceCheckUtils]: 103: Hoare triple {27931#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {27931#true} is VALID [2022-02-20 18:02:57,367 INFO L290 TraceCheckUtils]: 104: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,367 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {27931#true} {27932#false} #1167#return; {27932#false} is VALID [2022-02-20 18:02:57,367 INFO L290 TraceCheckUtils]: 106: Hoare triple {27932#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {27932#false} is VALID [2022-02-20 18:02:57,367 INFO L290 TraceCheckUtils]: 107: Hoare triple {27932#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {27932#false} is VALID [2022-02-20 18:02:57,367 INFO L290 TraceCheckUtils]: 108: Hoare triple {27932#false} assume !false; {27932#false} is VALID [2022-02-20 18:02:57,368 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:57,368 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:57,368 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1846195908] [2022-02-20 18:02:57,368 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1846195908] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:57,368 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [793312328] [2022-02-20 18:02:57,368 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:57,368 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:57,368 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:57,369 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:57,370 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:02:57,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,574 INFO L263 TraceCheckSpWp]: Trace formula consists of 1065 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:02:57,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,620 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:57,809 INFO L290 TraceCheckUtils]: 0: Hoare triple {27931#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 3: Hoare triple {27931#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 4: Hoare triple {27931#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 5: Hoare triple {27931#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L272 TraceCheckUtils]: 6: Hoare triple {27931#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 7: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 8: Hoare triple {27931#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 9: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27931#true} {27931#true} #1197#return; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 11: Hoare triple {27931#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L272 TraceCheckUtils]: 12: Hoare triple {27931#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 13: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 14: Hoare triple {27931#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L290 TraceCheckUtils]: 15: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,810 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27931#true} {27931#true} #1199#return; {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L290 TraceCheckUtils]: 17: Hoare triple {27931#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L272 TraceCheckUtils]: 18: Hoare triple {27931#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L290 TraceCheckUtils]: 19: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L290 TraceCheckUtils]: 20: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L290 TraceCheckUtils]: 21: Hoare triple {27931#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L290 TraceCheckUtils]: 22: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27931#true} {27931#true} #1201#return; {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L290 TraceCheckUtils]: 24: Hoare triple {27931#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:57,811 INFO L272 TraceCheckUtils]: 25: Hoare triple {27931#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L290 TraceCheckUtils]: 26: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L290 TraceCheckUtils]: 27: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L290 TraceCheckUtils]: 28: Hoare triple {27931#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L290 TraceCheckUtils]: 29: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27931#true} {27931#true} #1203#return; {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L290 TraceCheckUtils]: 31: Hoare triple {27931#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L272 TraceCheckUtils]: 32: Hoare triple {27931#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L290 TraceCheckUtils]: 33: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L290 TraceCheckUtils]: 34: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,812 INFO L290 TraceCheckUtils]: 35: Hoare triple {27931#true} assume !(2 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L290 TraceCheckUtils]: 36: Hoare triple {27931#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L290 TraceCheckUtils]: 37: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27931#true} {27931#true} #1205#return; {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L290 TraceCheckUtils]: 39: Hoare triple {27931#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L272 TraceCheckUtils]: 40: Hoare triple {27931#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L290 TraceCheckUtils]: 41: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L290 TraceCheckUtils]: 42: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L290 TraceCheckUtils]: 43: Hoare triple {27931#true} assume !(2 == ~handle); {27931#true} is VALID [2022-02-20 18:02:57,813 INFO L290 TraceCheckUtils]: 44: Hoare triple {27931#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:57,814 INFO L290 TraceCheckUtils]: 45: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:57,814 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27931#true} {27931#true} #1207#return; {27931#true} is VALID [2022-02-20 18:02:57,814 INFO L290 TraceCheckUtils]: 47: Hoare triple {27931#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {27931#true} is VALID [2022-02-20 18:02:57,815 INFO L290 TraceCheckUtils]: 48: Hoare triple {27931#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:57,815 INFO L290 TraceCheckUtils]: 49: Hoare triple {28139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {28139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:57,821 INFO L290 TraceCheckUtils]: 50: Hoare triple {28139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {28139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:57,822 INFO L290 TraceCheckUtils]: 51: Hoare triple {28139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,822 INFO L290 TraceCheckUtils]: 52: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,822 INFO L290 TraceCheckUtils]: 53: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,823 INFO L290 TraceCheckUtils]: 54: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,823 INFO L290 TraceCheckUtils]: 55: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,823 INFO L290 TraceCheckUtils]: 56: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:02:57,823 INFO L290 TraceCheckUtils]: 57: Hoare triple {27964#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 58: Hoare triple {27932#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L272 TraceCheckUtils]: 59: Hoare triple {27932#false} call sendEmail(~bob~0, ~rjh~0); {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 60: Hoare triple {27932#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L272 TraceCheckUtils]: 61: Hoare triple {27932#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 62: Hoare triple {27932#false} ~handle := #in~handle;~value := #in~value; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 63: Hoare triple {27932#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 64: Hoare triple {27932#false} assume true; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {27932#false} {27932#false} #1157#return; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L272 TraceCheckUtils]: 66: Hoare triple {27932#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 67: Hoare triple {27932#false} ~handle := #in~handle;~value := #in~value; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 68: Hoare triple {27932#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 69: Hoare triple {27932#false} assume true; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {27932#false} {27932#false} #1159#return; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 71: Hoare triple {27932#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 72: Hoare triple {27932#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L272 TraceCheckUtils]: 73: Hoare triple {27932#false} call outgoing(~sender#1, ~email~0#1); {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 74: Hoare triple {27932#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 75: Hoare triple {27932#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 76: Hoare triple {27932#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {27932#false} is VALID [2022-02-20 18:02:57,824 INFO L290 TraceCheckUtils]: 77: Hoare triple {27932#false} assume 0 == sign_~privkey~0#1; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 78: Hoare triple {27932#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L272 TraceCheckUtils]: 79: Hoare triple {27932#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 80: Hoare triple {27932#false} ~handle := #in~handle;havoc ~retValue_acc~11; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 81: Hoare triple {27932#false} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 82: Hoare triple {27932#false} assume true; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {27932#false} {27932#false} #1139#return; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 84: Hoare triple {27932#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 85: Hoare triple {27932#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L272 TraceCheckUtils]: 86: Hoare triple {27932#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 87: Hoare triple {27932#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 88: Hoare triple {27932#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 89: Hoare triple {27932#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L272 TraceCheckUtils]: 90: Hoare triple {27932#false} call setEmailFrom(~msg#1, ~tmp~1#1); {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 91: Hoare triple {27932#false} ~handle := #in~handle;~value := #in~value; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 92: Hoare triple {27932#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 93: Hoare triple {27932#false} assume true; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {27932#false} {27932#false} #1163#return; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 95: Hoare triple {27932#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L272 TraceCheckUtils]: 96: Hoare triple {27932#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {27932#false} is VALID [2022-02-20 18:02:57,825 INFO L290 TraceCheckUtils]: 97: Hoare triple {27932#false} ~handle := #in~handle;havoc ~retValue_acc~32; {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L290 TraceCheckUtils]: 98: Hoare triple {27932#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L290 TraceCheckUtils]: 99: Hoare triple {27932#false} assume true; {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {27932#false} {27932#false} #1165#return; {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L290 TraceCheckUtils]: 101: Hoare triple {27932#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L272 TraceCheckUtils]: 102: Hoare triple {27932#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L290 TraceCheckUtils]: 103: Hoare triple {27932#false} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L290 TraceCheckUtils]: 104: Hoare triple {27932#false} assume true; {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {27932#false} {27932#false} #1167#return; {27932#false} is VALID [2022-02-20 18:02:57,826 INFO L290 TraceCheckUtils]: 106: Hoare triple {27932#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {27932#false} is VALID [2022-02-20 18:02:57,827 INFO L290 TraceCheckUtils]: 107: Hoare triple {27932#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {27932#false} is VALID [2022-02-20 18:02:57,827 INFO L290 TraceCheckUtils]: 108: Hoare triple {27932#false} assume !false; {27932#false} is VALID [2022-02-20 18:02:57,827 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:57,827 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:02:58,111 INFO L290 TraceCheckUtils]: 108: Hoare triple {27932#false} assume !false; {27932#false} is VALID [2022-02-20 18:02:58,112 INFO L290 TraceCheckUtils]: 107: Hoare triple {27932#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~9#1);assume { :begin_inline___automaton_fail } true; {27932#false} is VALID [2022-02-20 18:02:58,112 INFO L290 TraceCheckUtils]: 106: Hoare triple {27932#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret39#1 && __utac_acc__EncryptVerify_spec__1_#t~ret39#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~9#1 := __utac_acc__EncryptVerify_spec__1_#t~ret39#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1; {27932#false} is VALID [2022-02-20 18:02:58,112 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {27931#true} {27932#false} #1167#return; {27932#false} is VALID [2022-02-20 18:02:58,112 INFO L290 TraceCheckUtils]: 104: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,112 INFO L290 TraceCheckUtils]: 103: Hoare triple {27931#true} ~msg := #in~msg;havoc ~retValue_acc~40;~retValue_acc~40 := 1;#res := ~retValue_acc~40; {27931#true} is VALID [2022-02-20 18:02:58,112 INFO L272 TraceCheckUtils]: 102: Hoare triple {27932#false} call __utac_acc__EncryptVerify_spec__1_#t~ret39#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {27931#true} is VALID [2022-02-20 18:02:58,112 INFO L290 TraceCheckUtils]: 101: Hoare triple {27932#false} assume -2147483648 <= mail_#t~ret5#1 && mail_#t~ret5#1 <= 2147483647;mail_~tmp~0#1 := mail_#t~ret5#1;havoc mail_#t~ret5#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~0#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret20#1, verify_#t~ret21#1, verify_#t~ret22#1, verify_#t~ret23#1, verify_#t~ret24#1, verify_#t~ret25#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~7#1, verify_~tmp___0~1#1, verify_~pubkey~0#1, verify_~tmp___1~1#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~7#1;havoc verify_~tmp___0~1#1;havoc verify_~pubkey~0#1;havoc verify_~tmp___1~1#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret39#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~9#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~9#1; {27932#false} is VALID [2022-02-20 18:02:58,112 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {27931#true} {27932#false} #1165#return; {27932#false} is VALID [2022-02-20 18:02:58,113 INFO L290 TraceCheckUtils]: 99: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,113 INFO L290 TraceCheckUtils]: 98: Hoare triple {27931#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_to0~0;#res := ~retValue_acc~32; {27931#true} is VALID [2022-02-20 18:02:58,113 INFO L290 TraceCheckUtils]: 97: Hoare triple {27931#true} ~handle := #in~handle;havoc ~retValue_acc~32; {27931#true} is VALID [2022-02-20 18:02:58,113 INFO L272 TraceCheckUtils]: 96: Hoare triple {27932#false} call mail_#t~ret5#1 := getEmailTo(mail_~msg#1); {27931#true} is VALID [2022-02-20 18:02:58,113 INFO L290 TraceCheckUtils]: 95: Hoare triple {27932#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret4#1, mail_#t~ret5#1, mail_~client#1, mail_~msg#1, mail_~tmp~0#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~0#1;call mail_#t~ret4#1 := puts(4, 0);assume -2147483648 <= mail_#t~ret4#1 && mail_#t~ret4#1 <= 2147483647;havoc mail_#t~ret4#1; {27932#false} is VALID [2022-02-20 18:02:58,113 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {27931#true} {27932#false} #1163#return; {27932#false} is VALID [2022-02-20 18:02:58,113 INFO L290 TraceCheckUtils]: 93: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,113 INFO L290 TraceCheckUtils]: 92: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,113 INFO L290 TraceCheckUtils]: 91: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,114 INFO L272 TraceCheckUtils]: 90: Hoare triple {27932#false} call setEmailFrom(~msg#1, ~tmp~1#1); {27931#true} is VALID [2022-02-20 18:02:58,114 INFO L290 TraceCheckUtils]: 89: Hoare triple {27932#false} #t~ret6#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret6#1 && #t~ret6#1 <= 2147483647;~tmp~1#1 := #t~ret6#1;havoc #t~ret6#1; {27932#false} is VALID [2022-02-20 18:02:58,114 INFO L290 TraceCheckUtils]: 88: Hoare triple {27932#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {27932#false} is VALID [2022-02-20 18:02:58,114 INFO L290 TraceCheckUtils]: 87: Hoare triple {27932#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~1#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {27932#false} is VALID [2022-02-20 18:02:58,114 INFO L272 TraceCheckUtils]: 86: Hoare triple {27932#false} call outgoing__wrappee__Keys(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {27932#false} is VALID [2022-02-20 18:02:58,114 INFO L290 TraceCheckUtils]: 85: Hoare triple {27932#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {27932#false} is VALID [2022-02-20 18:02:58,114 INFO L290 TraceCheckUtils]: 84: Hoare triple {27932#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret7#1 && outgoing__wrappee__AddressBook_#t~ret7#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~2#1 := outgoing__wrappee__AddressBook_#t~ret7#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~2#1; {27932#false} is VALID [2022-02-20 18:02:58,114 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {27931#true} {27932#false} #1139#return; {27932#false} is VALID [2022-02-20 18:02:58,114 INFO L290 TraceCheckUtils]: 82: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,115 INFO L290 TraceCheckUtils]: 81: Hoare triple {27931#true} assume 1 == ~handle;~retValue_acc~11 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~11; {27931#true} is VALID [2022-02-20 18:02:58,115 INFO L290 TraceCheckUtils]: 80: Hoare triple {27931#true} ~handle := #in~handle;havoc ~retValue_acc~11; {27931#true} is VALID [2022-02-20 18:02:58,115 INFO L272 TraceCheckUtils]: 79: Hoare triple {27932#false} call outgoing__wrappee__AddressBook_#t~ret7#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {27931#true} is VALID [2022-02-20 18:02:58,115 INFO L290 TraceCheckUtils]: 78: Hoare triple {27932#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret7#1, outgoing__wrappee__AddressBook_#t~ret8#1, outgoing__wrappee__AddressBook_#t~ret9#1, outgoing__wrappee__AddressBook_#t~ret10#1, outgoing__wrappee__AddressBook_#t~ret11#1, outgoing__wrappee__AddressBook_#t~ret12#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~2#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~0#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~0#1, outgoing__wrappee__AddressBook_~tmp___2~0#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~2#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~0#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~0#1;havoc outgoing__wrappee__AddressBook_~tmp___2~0#1; {27932#false} is VALID [2022-02-20 18:02:58,115 INFO L290 TraceCheckUtils]: 77: Hoare triple {27932#false} assume 0 == sign_~privkey~0#1; {27932#false} is VALID [2022-02-20 18:02:58,115 INFO L290 TraceCheckUtils]: 76: Hoare triple {27932#false} sign_#t~ret18#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret18#1 && sign_#t~ret18#1 <= 2147483647;sign_~tmp~6#1 := sign_#t~ret18#1;havoc sign_#t~ret18#1;sign_~privkey~0#1 := sign_~tmp~6#1; {27932#false} is VALID [2022-02-20 18:02:58,115 INFO L290 TraceCheckUtils]: 75: Hoare triple {27932#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~17#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~17#1; {27932#false} is VALID [2022-02-20 18:02:58,115 INFO L290 TraceCheckUtils]: 74: Hoare triple {27932#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret18#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~6#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~6#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~17#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~17#1; {27932#false} is VALID [2022-02-20 18:02:58,115 INFO L272 TraceCheckUtils]: 73: Hoare triple {27932#false} call outgoing(~sender#1, ~email~0#1); {27932#false} is VALID [2022-02-20 18:02:58,116 INFO L290 TraceCheckUtils]: 72: Hoare triple {27932#false} #t~ret16#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret16#1 && #t~ret16#1 <= 2147483647;~tmp~5#1 := #t~ret16#1;havoc #t~ret16#1;~email~0#1 := ~tmp~5#1; {27932#false} is VALID [2022-02-20 18:02:58,116 INFO L290 TraceCheckUtils]: 71: Hoare triple {27932#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {27932#false} is VALID [2022-02-20 18:02:58,116 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {27931#true} {27932#false} #1159#return; {27932#false} is VALID [2022-02-20 18:02:58,116 INFO L290 TraceCheckUtils]: 69: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,116 INFO L290 TraceCheckUtils]: 68: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,116 INFO L290 TraceCheckUtils]: 67: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,116 INFO L272 TraceCheckUtils]: 66: Hoare triple {27932#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {27931#true} is VALID [2022-02-20 18:02:58,116 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {27931#true} {27932#false} #1157#return; {27932#false} is VALID [2022-02-20 18:02:58,116 INFO L290 TraceCheckUtils]: 64: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,116 INFO L290 TraceCheckUtils]: 63: Hoare triple {27931#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,117 INFO L290 TraceCheckUtils]: 62: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,117 INFO L272 TraceCheckUtils]: 61: Hoare triple {27932#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27931#true} is VALID [2022-02-20 18:02:58,117 INFO L290 TraceCheckUtils]: 60: Hoare triple {27932#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~5#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27932#false} is VALID [2022-02-20 18:02:58,117 INFO L272 TraceCheckUtils]: 59: Hoare triple {27932#false} call sendEmail(~bob~0, ~rjh~0); {27932#false} is VALID [2022-02-20 18:02:58,117 INFO L290 TraceCheckUtils]: 58: Hoare triple {27932#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret42#1, bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_~tmp~12#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~3#1;havoc bobToRjh_~tmp~12#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~3#1;call bobToRjh_#t~ret42#1 := puts(11, 0);assume -2147483648 <= bobToRjh_#t~ret42#1 && bobToRjh_#t~ret42#1 <= 2147483647;havoc bobToRjh_#t~ret42#1; {27932#false} is VALID [2022-02-20 18:02:58,117 INFO L290 TraceCheckUtils]: 57: Hoare triple {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {27932#false} is VALID [2022-02-20 18:02:58,118 INFO L290 TraceCheckUtils]: 56: Hoare triple {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:58,118 INFO L290 TraceCheckUtils]: 55: Hoare triple {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:58,118 INFO L290 TraceCheckUtils]: 54: Hoare triple {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:58,119 INFO L290 TraceCheckUtils]: 53: Hoare triple {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:58,119 INFO L290 TraceCheckUtils]: 52: Hoare triple {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:58,119 INFO L290 TraceCheckUtils]: 51: Hoare triple {28492#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {28473#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:02:58,120 INFO L290 TraceCheckUtils]: 50: Hoare triple {28492#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {28492#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:58,120 INFO L290 TraceCheckUtils]: 49: Hoare triple {28492#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {28492#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:58,120 INFO L290 TraceCheckUtils]: 48: Hoare triple {27931#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_#t~nondet37#1, test_#t~nondet38#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~2#1, test_~tmp___2~2#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28492#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:02:58,120 INFO L290 TraceCheckUtils]: 47: Hoare triple {27931#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 15, 0;havoc setup_#t~nondet49#1; {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27931#true} {27931#true} #1207#return; {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L290 TraceCheckUtils]: 45: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L290 TraceCheckUtils]: 44: Hoare triple {27931#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L290 TraceCheckUtils]: 43: Hoare triple {27931#true} assume !(2 == ~handle); {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L290 TraceCheckUtils]: 42: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L290 TraceCheckUtils]: 41: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L272 TraceCheckUtils]: 40: Hoare triple {27931#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L290 TraceCheckUtils]: 39: Hoare triple {27931#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27931#true} {27931#true} #1205#return; {27931#true} is VALID [2022-02-20 18:02:58,121 INFO L290 TraceCheckUtils]: 37: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L290 TraceCheckUtils]: 36: Hoare triple {27931#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L290 TraceCheckUtils]: 35: Hoare triple {27931#true} assume !(2 == ~handle); {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L290 TraceCheckUtils]: 34: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L290 TraceCheckUtils]: 33: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L272 TraceCheckUtils]: 32: Hoare triple {27931#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L290 TraceCheckUtils]: 31: Hoare triple {27931#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 14, 0;havoc setup_#t~nondet48#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27931#true} {27931#true} #1203#return; {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L290 TraceCheckUtils]: 29: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,122 INFO L290 TraceCheckUtils]: 28: Hoare triple {27931#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L290 TraceCheckUtils]: 27: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L290 TraceCheckUtils]: 26: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L272 TraceCheckUtils]: 25: Hoare triple {27931#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L290 TraceCheckUtils]: 24: Hoare triple {27931#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27931#true} {27931#true} #1201#return; {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L290 TraceCheckUtils]: 22: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L290 TraceCheckUtils]: 21: Hoare triple {27931#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L290 TraceCheckUtils]: 20: Hoare triple {27931#true} assume !(1 == ~handle); {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L290 TraceCheckUtils]: 19: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,123 INFO L272 TraceCheckUtils]: 18: Hoare triple {27931#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L290 TraceCheckUtils]: 17: Hoare triple {27931#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 13, 0;havoc setup_#t~nondet47#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27931#true} {27931#true} #1199#return; {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L290 TraceCheckUtils]: 15: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L290 TraceCheckUtils]: 14: Hoare triple {27931#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L290 TraceCheckUtils]: 13: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L272 TraceCheckUtils]: 12: Hoare triple {27931#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L290 TraceCheckUtils]: 11: Hoare triple {27931#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27931#true} {27931#true} #1197#return; {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L290 TraceCheckUtils]: 9: Hoare triple {27931#true} assume true; {27931#true} is VALID [2022-02-20 18:02:58,124 INFO L290 TraceCheckUtils]: 8: Hoare triple {27931#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27931#true} is VALID [2022-02-20 18:02:58,125 INFO L290 TraceCheckUtils]: 7: Hoare triple {27931#true} ~handle := #in~handle;~value := #in~value; {27931#true} is VALID [2022-02-20 18:02:58,125 INFO L272 TraceCheckUtils]: 6: Hoare triple {27931#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27931#true} is VALID [2022-02-20 18:02:58,125 INFO L290 TraceCheckUtils]: 5: Hoare triple {27931#true} assume 0 != main_~tmp~13#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet47#1, setup_#t~nondet48#1, setup_#t~nondet49#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27931#true} is VALID [2022-02-20 18:02:58,125 INFO L290 TraceCheckUtils]: 4: Hoare triple {27931#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~13#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {27931#true} is VALID [2022-02-20 18:02:58,125 INFO L290 TraceCheckUtils]: 3: Hoare triple {27931#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~6#1;havoc valid_product_~retValue_acc~6#1;valid_product_~retValue_acc~6#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~6#1; {27931#true} is VALID [2022-02-20 18:02:58,125 INFO L290 TraceCheckUtils]: 2: Hoare triple {27931#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27931#true} is VALID [2022-02-20 18:02:58,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {27931#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet50#1, main_#t~ret51#1, main_~retValue_acc~25#1, main_~tmp~13#1;assume -2147483648 <= main_#t~nondet50#1 && main_#t~nondet50#1 <= 2147483647;main_~retValue_acc~25#1 := main_#t~nondet50#1;havoc main_#t~nondet50#1;havoc main_~tmp~13#1;assume { :begin_inline_select_helpers } true; {27931#true} is VALID [2022-02-20 18:02:58,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {27931#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(115, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(44, 11);call #Ultimate.allocInit(44, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(11, 15);call #Ultimate.allocInit(19, 16);call #Ultimate.allocInit(4, 17);call write~init~int(37, 17, 0, 1);call write~init~int(100, 17, 1, 1);call write~init~int(10, 17, 2, 1);call write~init~int(0, 17, 3, 1);call #Ultimate.allocInit(4, 18);call write~init~int(37, 18, 0, 1);call write~init~int(100, 18, 1, 1);call write~init~int(10, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(12, 32);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(18, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {27931#true} is VALID [2022-02-20 18:02:58,126 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:58,127 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [793312328] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:02:58,127 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:02:58,127 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 4, 4] total 11 [2022-02-20 18:02:58,129 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1640848645] [2022-02-20 18:02:58,129 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:02:58,129 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 109 [2022-02-20 18:02:58,438 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:58,439 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 18:02:58,515 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 149 edges. 149 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:58,516 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:02:58,516 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:58,517 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:02:58,517 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=29, Invalid=81, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:02:58,517 INFO L87 Difference]: Start difference. First operand 449 states and 705 transitions. Second operand has 11 states, 11 states have (on average 9.181818181818182) internal successors, (101), 7 states have internal predecessors, (101), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18)