./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec7_product29.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec7_product29.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 2586c6a9c5639b30d1f21b288976c8c026e2c567887902cc846265d5507c0a62 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:02:17,985 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:02:17,987 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:02:18,014 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:02:18,018 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:02:18,021 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:02:18,023 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:02:18,028 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:02:18,030 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:02:18,035 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:02:18,035 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:02:18,036 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:02:18,036 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:02:18,038 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:02:18,039 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:02:18,041 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:02:18,042 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:02:18,042 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:02:18,046 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:02:18,048 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:02:18,050 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:02:18,051 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:02:18,052 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:02:18,052 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:02:18,054 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:02:18,054 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:02:18,054 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:02:18,055 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:02:18,055 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:02:18,056 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:02:18,056 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:02:18,056 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:02:18,057 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:02:18,057 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:02:18,058 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:02:18,058 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:02:18,059 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:02:18,059 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:02:18,059 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:02:18,060 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:02:18,060 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:02:18,061 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:02:18,080 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:02:18,080 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:02:18,081 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:02:18,081 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:02:18,081 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:02:18,081 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:02:18,082 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:02:18,082 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:02:18,082 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:02:18,083 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:02:18,083 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:02:18,083 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:02:18,084 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:02:18,084 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:02:18,084 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:02:18,084 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:02:18,084 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:02:18,084 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 2586c6a9c5639b30d1f21b288976c8c026e2c567887902cc846265d5507c0a62 [2022-02-20 18:02:18,329 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:02:18,360 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:02:18,362 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:02:18,363 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:02:18,363 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:02:18,364 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec7_product29.cil.c [2022-02-20 18:02:18,408 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f294d3fca/5c678afe1d04483bb73cc5495fdb3666/FLAGb66f4304c [2022-02-20 18:02:18,802 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:02:18,803 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product29.cil.c [2022-02-20 18:02:18,829 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f294d3fca/5c678afe1d04483bb73cc5495fdb3666/FLAGb66f4304c [2022-02-20 18:02:19,168 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f294d3fca/5c678afe1d04483bb73cc5495fdb3666 [2022-02-20 18:02:19,170 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:02:19,171 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:02:19,175 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:02:19,175 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:02:19,177 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:02:19,179 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,180 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@49055a7 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19, skipping insertion in model container [2022-02-20 18:02:19,180 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,185 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:02:19,251 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:02:19,450 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product29.cil.c[16949,16962] [2022-02-20 18:02:19,599 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:02:19,613 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:02:19,660 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product29.cil.c[16949,16962] [2022-02-20 18:02:19,708 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:02:19,729 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:02:19,729 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19 WrapperNode [2022-02-20 18:02:19,729 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:02:19,730 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:02:19,731 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:02:19,731 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:02:19,736 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,789 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,849 INFO L137 Inliner]: procedures = 131, calls = 224, calls flagged for inlining = 55, calls inlined = 47, statements flattened = 910 [2022-02-20 18:02:19,857 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:02:19,858 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:02:19,858 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:02:19,858 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:02:19,865 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,865 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,869 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,869 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,882 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,888 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,892 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,903 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:02:19,904 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:02:19,904 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:02:19,904 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:02:19,929 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (1/1) ... [2022-02-20 18:02:19,960 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:02:19,972 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:19,984 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:02:19,985 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:02:20,022 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:02:20,022 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:02:20,022 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:02:20,022 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:02:20,022 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:02:20,022 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:02:20,022 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:02:20,022 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:02:20,022 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:02:20,023 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:02:20,023 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:02:20,023 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:02:20,023 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:02:20,023 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:02:20,023 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:02:20,023 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:02:20,023 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:02:20,024 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:02:20,024 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:02:20,024 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:02:20,024 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:02:20,024 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:02:20,024 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:02:20,024 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:02:20,024 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:02:20,024 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:02:20,025 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:02:20,025 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:02:20,025 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:02:20,025 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:02:20,025 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:02:20,025 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:02:20,025 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:02:20,025 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:02:20,026 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:02:20,026 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:02:20,026 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:02:20,026 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:02:20,026 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:02:20,026 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:02:20,026 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:02:20,026 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:02:20,026 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:02:20,027 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:02:20,027 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Encrypt [2022-02-20 18:02:20,027 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Encrypt [2022-02-20 18:02:20,027 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:02:20,027 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:02:20,027 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:02:20,027 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:02:20,027 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:02:20,028 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:02:20,028 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:02:20,028 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:02:20,028 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:02:20,028 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:02:20,028 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:02:20,028 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:02:20,028 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:02:20,028 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:02:20,029 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:02:20,231 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:02:20,233 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:02:20,852 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:02:20,869 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:02:20,869 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:02:20,871 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:02:20 BoogieIcfgContainer [2022-02-20 18:02:20,871 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:02:20,872 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:02:20,872 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:02:20,875 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:02:20,875 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:02:19" (1/3) ... [2022-02-20 18:02:20,876 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@209e7594 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:02:20, skipping insertion in model container [2022-02-20 18:02:20,876 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:19" (2/3) ... [2022-02-20 18:02:20,877 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@209e7594 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:02:20, skipping insertion in model container [2022-02-20 18:02:20,877 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:02:20" (3/3) ... [2022-02-20 18:02:20,878 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec7_product29.cil.c [2022-02-20 18:02:20,881 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:02:20,882 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:02:20,926 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:02:20,935 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:02:20,935 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:02:20,978 INFO L276 IsEmpty]: Start isEmpty. Operand has 405 states, 313 states have (on average 1.5559105431309903) internal successors, (487), 318 states have internal predecessors, (487), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (62), 61 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:02:21,001 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 149 [2022-02-20 18:02:21,001 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:21,002 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:21,003 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:21,007 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:21,007 INFO L85 PathProgramCache]: Analyzing trace with hash -1198537631, now seen corresponding path program 1 times [2022-02-20 18:02:21,014 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:21,014 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [394706444] [2022-02-20 18:02:21,015 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:21,015 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:21,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:21,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,313 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {408#true} #1212#return; {408#true} is VALID [2022-02-20 18:02:21,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:21,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,332 INFO L290 TraceCheckUtils]: 0: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,333 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,333 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,333 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {408#true} #1214#return; {408#true} is VALID [2022-02-20 18:02:21,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:21,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,353 INFO L290 TraceCheckUtils]: 0: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {497#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:21,354 INFO L290 TraceCheckUtils]: 1: Hoare triple {497#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {498#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:21,354 INFO L290 TraceCheckUtils]: 2: Hoare triple {498#(= |setClientId_#in~handle| 1)} assume true; {498#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:21,355 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {498#(= |setClientId_#in~handle| 1)} {418#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1216#return; {409#false} is VALID [2022-02-20 18:02:21,356 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:21,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,371 INFO L290 TraceCheckUtils]: 0: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,371 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,371 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,371 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1218#return; {409#false} is VALID [2022-02-20 18:02:21,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:21,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,380 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,380 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1220#return; {409#false} is VALID [2022-02-20 18:02:21,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:21,382 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,390 INFO L290 TraceCheckUtils]: 0: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,391 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1222#return; {409#false} is VALID [2022-02-20 18:02:21,398 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:02:21,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,405 INFO L290 TraceCheckUtils]: 0: Hoare triple {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,406 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,406 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1198#return; {409#false} is VALID [2022-02-20 18:02:21,414 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:02:21,415 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,418 INFO L290 TraceCheckUtils]: 0: Hoare triple {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,419 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,419 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1200#return; {409#false} is VALID [2022-02-20 18:02:21,420 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:21,421 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,424 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~18; {408#true} is VALID [2022-02-20 18:02:21,425 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {408#true} is VALID [2022-02-20 18:02:21,425 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,425 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1140#return; {409#false} is VALID [2022-02-20 18:02:21,425 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:02:21,427 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~12; {408#true} is VALID [2022-02-20 18:02:21,430 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {408#true} is VALID [2022-02-20 18:02:21,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,430 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1142#return; {409#false} is VALID [2022-02-20 18:02:21,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:02:21,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,436 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,436 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,437 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1144#return; {409#false} is VALID [2022-02-20 18:02:21,437 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:02:21,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,442 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~16; {408#true} is VALID [2022-02-20 18:02:21,442 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle; {408#true} is VALID [2022-02-20 18:02:21,442 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume 0 == ~index;~retValue_acc~16 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~16; {408#true} is VALID [2022-02-20 18:02:21,442 INFO L290 TraceCheckUtils]: 3: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,443 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {408#true} {409#false} #1146#return; {409#false} is VALID [2022-02-20 18:02:21,443 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:02:21,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,449 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1148#return; {409#false} is VALID [2022-02-20 18:02:21,450 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:02:21,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,455 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,455 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,456 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,456 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1160#return; {409#false} is VALID [2022-02-20 18:02:21,456 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:02:21,457 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,460 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {408#true} is VALID [2022-02-20 18:02:21,461 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle; {408#true} is VALID [2022-02-20 18:02:21,461 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {408#true} is VALID [2022-02-20 18:02:21,461 INFO L290 TraceCheckUtils]: 3: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,461 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {408#true} {409#false} #1162#return; {409#false} is VALID [2022-02-20 18:02:21,462 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:02:21,463 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,466 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,466 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,466 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1168#return; {409#false} is VALID [2022-02-20 18:02:21,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 18:02:21,468 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,470 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,471 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,471 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1170#return; {409#false} is VALID [2022-02-20 18:02:21,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:02:21,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,475 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~18; {408#true} is VALID [2022-02-20 18:02:21,475 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {408#true} is VALID [2022-02-20 18:02:21,475 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,476 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {409#false} #1172#return; {409#false} is VALID [2022-02-20 18:02:21,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 18:02:21,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:21,497 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,499 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~37; {408#true} is VALID [2022-02-20 18:02:21,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {408#true} is VALID [2022-02-20 18:02:21,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,500 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {408#true} {408#true} #1262#return; {408#true} is VALID [2022-02-20 18:02:21,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {408#true} is VALID [2022-02-20 18:02:21,501 INFO L272 TraceCheckUtils]: 1: Hoare triple {408#true} call #t~ret105#1 := isEncrypted(~msg#1); {408#true} is VALID [2022-02-20 18:02:21,501 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~37; {408#true} is VALID [2022-02-20 18:02:21,501 INFO L290 TraceCheckUtils]: 3: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {408#true} is VALID [2022-02-20 18:02:21,501 INFO L290 TraceCheckUtils]: 4: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,501 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {408#true} {408#true} #1262#return; {408#true} is VALID [2022-02-20 18:02:21,502 INFO L290 TraceCheckUtils]: 6: Hoare triple {408#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {408#true} is VALID [2022-02-20 18:02:21,502 INFO L290 TraceCheckUtils]: 7: Hoare triple {408#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {408#true} is VALID [2022-02-20 18:02:21,502 INFO L290 TraceCheckUtils]: 8: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,502 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {408#true} {409#false} #1184#return; {409#false} is VALID [2022-02-20 18:02:21,503 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {408#true} is VALID [2022-02-20 18:02:21,503 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {408#true} is VALID [2022-02-20 18:02:21,503 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {408#true} is VALID [2022-02-20 18:02:21,504 INFO L290 TraceCheckUtils]: 3: Hoare triple {408#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {408#true} is VALID [2022-02-20 18:02:21,504 INFO L290 TraceCheckUtils]: 4: Hoare triple {408#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {408#true} is VALID [2022-02-20 18:02:21,504 INFO L290 TraceCheckUtils]: 5: Hoare triple {408#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {408#true} is VALID [2022-02-20 18:02:21,505 INFO L272 TraceCheckUtils]: 6: Hoare triple {408#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,505 INFO L290 TraceCheckUtils]: 7: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,506 INFO L290 TraceCheckUtils]: 8: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,506 INFO L290 TraceCheckUtils]: 9: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,506 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {408#true} {408#true} #1212#return; {408#true} is VALID [2022-02-20 18:02:21,506 INFO L290 TraceCheckUtils]: 11: Hoare triple {408#true} assume { :end_inline_setup_bob__wrappee__Base } true; {408#true} is VALID [2022-02-20 18:02:21,507 INFO L272 TraceCheckUtils]: 12: Hoare triple {408#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:21,507 INFO L290 TraceCheckUtils]: 13: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,507 INFO L290 TraceCheckUtils]: 14: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,508 INFO L290 TraceCheckUtils]: 15: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,508 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {408#true} {408#true} #1214#return; {408#true} is VALID [2022-02-20 18:02:21,508 INFO L290 TraceCheckUtils]: 17: Hoare triple {408#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {418#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:21,509 INFO L272 TraceCheckUtils]: 18: Hoare triple {418#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,510 INFO L290 TraceCheckUtils]: 19: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {497#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:21,510 INFO L290 TraceCheckUtils]: 20: Hoare triple {497#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {498#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:21,511 INFO L290 TraceCheckUtils]: 21: Hoare triple {498#(= |setClientId_#in~handle| 1)} assume true; {498#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:21,511 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {498#(= |setClientId_#in~handle| 1)} {418#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1216#return; {409#false} is VALID [2022-02-20 18:02:21,512 INFO L290 TraceCheckUtils]: 23: Hoare triple {409#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {409#false} is VALID [2022-02-20 18:02:21,512 INFO L272 TraceCheckUtils]: 24: Hoare triple {409#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:21,512 INFO L290 TraceCheckUtils]: 25: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,512 INFO L290 TraceCheckUtils]: 26: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,512 INFO L290 TraceCheckUtils]: 27: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,513 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {408#true} {409#false} #1218#return; {409#false} is VALID [2022-02-20 18:02:21,513 INFO L290 TraceCheckUtils]: 29: Hoare triple {409#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {409#false} is VALID [2022-02-20 18:02:21,513 INFO L272 TraceCheckUtils]: 30: Hoare triple {409#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:21,513 INFO L290 TraceCheckUtils]: 31: Hoare triple {495#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,513 INFO L290 TraceCheckUtils]: 32: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,514 INFO L290 TraceCheckUtils]: 33: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,514 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {408#true} {409#false} #1220#return; {409#false} is VALID [2022-02-20 18:02:21,514 INFO L290 TraceCheckUtils]: 35: Hoare triple {409#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {409#false} is VALID [2022-02-20 18:02:21,514 INFO L272 TraceCheckUtils]: 36: Hoare triple {409#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:21,514 INFO L290 TraceCheckUtils]: 37: Hoare triple {496#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,514 INFO L290 TraceCheckUtils]: 38: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,515 INFO L290 TraceCheckUtils]: 39: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,515 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {408#true} {409#false} #1222#return; {409#false} is VALID [2022-02-20 18:02:21,515 INFO L290 TraceCheckUtils]: 41: Hoare triple {409#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {409#false} is VALID [2022-02-20 18:02:21,515 INFO L290 TraceCheckUtils]: 42: Hoare triple {409#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {409#false} is VALID [2022-02-20 18:02:21,516 INFO L290 TraceCheckUtils]: 43: Hoare triple {409#false} assume false; {409#false} is VALID [2022-02-20 18:02:21,516 INFO L290 TraceCheckUtils]: 44: Hoare triple {409#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {409#false} is VALID [2022-02-20 18:02:21,516 INFO L272 TraceCheckUtils]: 45: Hoare triple {409#false} call sendEmail(~bob~0, ~rjh~0); {409#false} is VALID [2022-02-20 18:02:21,516 INFO L290 TraceCheckUtils]: 46: Hoare triple {409#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {409#false} is VALID [2022-02-20 18:02:21,516 INFO L272 TraceCheckUtils]: 47: Hoare triple {409#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:21,517 INFO L290 TraceCheckUtils]: 48: Hoare triple {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,517 INFO L290 TraceCheckUtils]: 49: Hoare triple {408#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,517 INFO L290 TraceCheckUtils]: 50: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,517 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {408#true} {409#false} #1198#return; {409#false} is VALID [2022-02-20 18:02:21,517 INFO L272 TraceCheckUtils]: 52: Hoare triple {409#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:21,517 INFO L290 TraceCheckUtils]: 53: Hoare triple {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,518 INFO L290 TraceCheckUtils]: 54: Hoare triple {408#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,518 INFO L290 TraceCheckUtils]: 55: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,518 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {408#true} {409#false} #1200#return; {409#false} is VALID [2022-02-20 18:02:21,518 INFO L290 TraceCheckUtils]: 57: Hoare triple {409#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {409#false} is VALID [2022-02-20 18:02:21,518 INFO L290 TraceCheckUtils]: 58: Hoare triple {409#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {409#false} is VALID [2022-02-20 18:02:21,519 INFO L272 TraceCheckUtils]: 59: Hoare triple {409#false} call outgoing(~sender#1, ~email~0#1); {409#false} is VALID [2022-02-20 18:02:21,519 INFO L290 TraceCheckUtils]: 60: Hoare triple {409#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {409#false} is VALID [2022-02-20 18:02:21,519 INFO L272 TraceCheckUtils]: 61: Hoare triple {409#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {408#true} is VALID [2022-02-20 18:02:21,519 INFO L290 TraceCheckUtils]: 62: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~18; {408#true} is VALID [2022-02-20 18:02:21,519 INFO L290 TraceCheckUtils]: 63: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {408#true} is VALID [2022-02-20 18:02:21,520 INFO L290 TraceCheckUtils]: 64: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,520 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {408#true} {409#false} #1140#return; {409#false} is VALID [2022-02-20 18:02:21,520 INFO L290 TraceCheckUtils]: 66: Hoare triple {409#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {409#false} is VALID [2022-02-20 18:02:21,520 INFO L290 TraceCheckUtils]: 67: Hoare triple {409#false} assume 0 == sign_~privkey~1#1; {409#false} is VALID [2022-02-20 18:02:21,520 INFO L290 TraceCheckUtils]: 68: Hoare triple {409#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {409#false} is VALID [2022-02-20 18:02:21,521 INFO L272 TraceCheckUtils]: 69: Hoare triple {409#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {408#true} is VALID [2022-02-20 18:02:21,521 INFO L290 TraceCheckUtils]: 70: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~12; {408#true} is VALID [2022-02-20 18:02:21,521 INFO L290 TraceCheckUtils]: 71: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {408#true} is VALID [2022-02-20 18:02:21,521 INFO L290 TraceCheckUtils]: 72: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,521 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {408#true} {409#false} #1142#return; {409#false} is VALID [2022-02-20 18:02:21,521 INFO L290 TraceCheckUtils]: 74: Hoare triple {409#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {409#false} is VALID [2022-02-20 18:02:21,522 INFO L290 TraceCheckUtils]: 75: Hoare triple {409#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {409#false} is VALID [2022-02-20 18:02:21,522 INFO L290 TraceCheckUtils]: 76: Hoare triple {409#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret65#1 := puts(25, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret65#1 && outgoing__wrappee__AddressBook_#t~ret65#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret65#1; {409#false} is VALID [2022-02-20 18:02:21,522 INFO L272 TraceCheckUtils]: 77: Hoare triple {409#false} call outgoing__wrappee__AddressBook_#t~ret66#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {408#true} is VALID [2022-02-20 18:02:21,522 INFO L290 TraceCheckUtils]: 78: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,522 INFO L290 TraceCheckUtils]: 79: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,523 INFO L290 TraceCheckUtils]: 80: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,523 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {408#true} {409#false} #1144#return; {409#false} is VALID [2022-02-20 18:02:21,523 INFO L290 TraceCheckUtils]: 82: Hoare triple {409#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret66#1 && outgoing__wrappee__AddressBook_#t~ret66#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret66#1;havoc outgoing__wrappee__AddressBook_#t~ret66#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret67#1 := puts(26, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret67#1 && outgoing__wrappee__AddressBook_#t~ret67#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret67#1; {409#false} is VALID [2022-02-20 18:02:21,523 INFO L272 TraceCheckUtils]: 83: Hoare triple {409#false} call outgoing__wrappee__AddressBook_#t~ret68#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {408#true} is VALID [2022-02-20 18:02:21,523 INFO L290 TraceCheckUtils]: 84: Hoare triple {408#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~16; {408#true} is VALID [2022-02-20 18:02:21,524 INFO L290 TraceCheckUtils]: 85: Hoare triple {408#true} assume 1 == ~handle; {408#true} is VALID [2022-02-20 18:02:21,524 INFO L290 TraceCheckUtils]: 86: Hoare triple {408#true} assume 0 == ~index;~retValue_acc~16 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~16; {408#true} is VALID [2022-02-20 18:02:21,524 INFO L290 TraceCheckUtils]: 87: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,524 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {408#true} {409#false} #1146#return; {409#false} is VALID [2022-02-20 18:02:21,524 INFO L290 TraceCheckUtils]: 89: Hoare triple {409#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret68#1 && outgoing__wrappee__AddressBook_#t~ret68#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret68#1;havoc outgoing__wrappee__AddressBook_#t~ret68#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {409#false} is VALID [2022-02-20 18:02:21,524 INFO L272 TraceCheckUtils]: 90: Hoare triple {409#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:21,525 INFO L290 TraceCheckUtils]: 91: Hoare triple {500#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,525 INFO L290 TraceCheckUtils]: 92: Hoare triple {408#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,525 INFO L290 TraceCheckUtils]: 93: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,525 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {408#true} {409#false} #1148#return; {409#false} is VALID [2022-02-20 18:02:21,525 INFO L272 TraceCheckUtils]: 95: Hoare triple {409#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {409#false} is VALID [2022-02-20 18:02:21,526 INFO L290 TraceCheckUtils]: 96: Hoare triple {409#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {409#false} is VALID [2022-02-20 18:02:21,526 INFO L272 TraceCheckUtils]: 97: Hoare triple {409#false} call #t~ret62#1 := getEmailTo(~msg#1); {408#true} is VALID [2022-02-20 18:02:21,526 INFO L290 TraceCheckUtils]: 98: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,526 INFO L290 TraceCheckUtils]: 99: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,526 INFO L290 TraceCheckUtils]: 100: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,526 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {408#true} {409#false} #1160#return; {409#false} is VALID [2022-02-20 18:02:21,527 INFO L290 TraceCheckUtils]: 102: Hoare triple {409#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {409#false} is VALID [2022-02-20 18:02:21,527 INFO L272 TraceCheckUtils]: 103: Hoare triple {409#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {408#true} is VALID [2022-02-20 18:02:21,527 INFO L290 TraceCheckUtils]: 104: Hoare triple {408#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {408#true} is VALID [2022-02-20 18:02:21,527 INFO L290 TraceCheckUtils]: 105: Hoare triple {408#true} assume 1 == ~handle; {408#true} is VALID [2022-02-20 18:02:21,527 INFO L290 TraceCheckUtils]: 106: Hoare triple {408#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {408#true} is VALID [2022-02-20 18:02:21,528 INFO L290 TraceCheckUtils]: 107: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,528 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {408#true} {409#false} #1162#return; {409#false} is VALID [2022-02-20 18:02:21,528 INFO L290 TraceCheckUtils]: 109: Hoare triple {409#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {409#false} is VALID [2022-02-20 18:02:21,528 INFO L290 TraceCheckUtils]: 110: Hoare triple {409#false} assume !(0 != ~pubkey~0#1); {409#false} is VALID [2022-02-20 18:02:21,528 INFO L290 TraceCheckUtils]: 111: Hoare triple {409#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {409#false} is VALID [2022-02-20 18:02:21,529 INFO L290 TraceCheckUtils]: 112: Hoare triple {409#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {409#false} is VALID [2022-02-20 18:02:21,529 INFO L290 TraceCheckUtils]: 113: Hoare triple {409#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {409#false} is VALID [2022-02-20 18:02:21,529 INFO L272 TraceCheckUtils]: 114: Hoare triple {409#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:21,529 INFO L290 TraceCheckUtils]: 115: Hoare triple {499#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:21,529 INFO L290 TraceCheckUtils]: 116: Hoare triple {408#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:21,529 INFO L290 TraceCheckUtils]: 117: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,530 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {408#true} {409#false} #1168#return; {409#false} is VALID [2022-02-20 18:02:21,530 INFO L290 TraceCheckUtils]: 119: Hoare triple {409#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {409#false} is VALID [2022-02-20 18:02:21,530 INFO L272 TraceCheckUtils]: 120: Hoare triple {409#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {408#true} is VALID [2022-02-20 18:02:21,530 INFO L290 TraceCheckUtils]: 121: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,530 INFO L290 TraceCheckUtils]: 122: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {408#true} is VALID [2022-02-20 18:02:21,531 INFO L290 TraceCheckUtils]: 123: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,531 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {408#true} {409#false} #1170#return; {409#false} is VALID [2022-02-20 18:02:21,531 INFO L290 TraceCheckUtils]: 125: Hoare triple {409#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {409#false} is VALID [2022-02-20 18:02:21,531 INFO L272 TraceCheckUtils]: 126: Hoare triple {409#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {408#true} is VALID [2022-02-20 18:02:21,531 INFO L290 TraceCheckUtils]: 127: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~18; {408#true} is VALID [2022-02-20 18:02:21,532 INFO L290 TraceCheckUtils]: 128: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {408#true} is VALID [2022-02-20 18:02:21,532 INFO L290 TraceCheckUtils]: 129: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,532 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {408#true} {409#false} #1172#return; {409#false} is VALID [2022-02-20 18:02:21,532 INFO L290 TraceCheckUtils]: 131: Hoare triple {409#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {409#false} is VALID [2022-02-20 18:02:21,532 INFO L290 TraceCheckUtils]: 132: Hoare triple {409#false} assume !(0 != incoming_~privkey~0#1); {409#false} is VALID [2022-02-20 18:02:21,532 INFO L290 TraceCheckUtils]: 133: Hoare triple {409#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {409#false} is VALID [2022-02-20 18:02:21,533 INFO L272 TraceCheckUtils]: 134: Hoare triple {409#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {408#true} is VALID [2022-02-20 18:02:21,533 INFO L290 TraceCheckUtils]: 135: Hoare triple {408#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {408#true} is VALID [2022-02-20 18:02:21,533 INFO L272 TraceCheckUtils]: 136: Hoare triple {408#true} call #t~ret105#1 := isEncrypted(~msg#1); {408#true} is VALID [2022-02-20 18:02:21,533 INFO L290 TraceCheckUtils]: 137: Hoare triple {408#true} ~handle := #in~handle;havoc ~retValue_acc~37; {408#true} is VALID [2022-02-20 18:02:21,533 INFO L290 TraceCheckUtils]: 138: Hoare triple {408#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {408#true} is VALID [2022-02-20 18:02:21,533 INFO L290 TraceCheckUtils]: 139: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,534 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {408#true} {408#true} #1262#return; {408#true} is VALID [2022-02-20 18:02:21,534 INFO L290 TraceCheckUtils]: 141: Hoare triple {408#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {408#true} is VALID [2022-02-20 18:02:21,534 INFO L290 TraceCheckUtils]: 142: Hoare triple {408#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {408#true} is VALID [2022-02-20 18:02:21,534 INFO L290 TraceCheckUtils]: 143: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:21,534 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {408#true} {409#false} #1184#return; {409#false} is VALID [2022-02-20 18:02:21,534 INFO L290 TraceCheckUtils]: 145: Hoare triple {409#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {409#false} is VALID [2022-02-20 18:02:21,535 INFO L290 TraceCheckUtils]: 146: Hoare triple {409#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {409#false} is VALID [2022-02-20 18:02:21,535 INFO L290 TraceCheckUtils]: 147: Hoare triple {409#false} assume !false; {409#false} is VALID [2022-02-20 18:02:21,536 INFO L134 CoverageAnalysis]: Checked inductivity of 48 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 42 trivial. 0 not checked. [2022-02-20 18:02:21,536 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:21,536 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [394706444] [2022-02-20 18:02:21,537 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [394706444] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:21,537 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [181278921] [2022-02-20 18:02:21,537 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:21,538 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:21,538 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:21,539 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:21,540 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:02:21,828 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,834 INFO L263 TraceCheckSpWp]: Trace formula consists of 1239 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:02:21,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:21,935 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:22,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {408#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {408#true} is VALID [2022-02-20 18:02:22,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {408#true} is VALID [2022-02-20 18:02:22,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {408#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {408#true} is VALID [2022-02-20 18:02:22,315 INFO L290 TraceCheckUtils]: 3: Hoare triple {408#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {408#true} is VALID [2022-02-20 18:02:22,315 INFO L290 TraceCheckUtils]: 4: Hoare triple {408#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {408#true} is VALID [2022-02-20 18:02:22,315 INFO L290 TraceCheckUtils]: 5: Hoare triple {408#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {408#true} is VALID [2022-02-20 18:02:22,316 INFO L272 TraceCheckUtils]: 6: Hoare triple {408#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {408#true} is VALID [2022-02-20 18:02:22,316 INFO L290 TraceCheckUtils]: 7: Hoare triple {408#true} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:22,316 INFO L290 TraceCheckUtils]: 8: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:22,316 INFO L290 TraceCheckUtils]: 9: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:22,316 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {408#true} {408#true} #1212#return; {408#true} is VALID [2022-02-20 18:02:22,316 INFO L290 TraceCheckUtils]: 11: Hoare triple {408#true} assume { :end_inline_setup_bob__wrappee__Base } true; {408#true} is VALID [2022-02-20 18:02:22,317 INFO L272 TraceCheckUtils]: 12: Hoare triple {408#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {408#true} is VALID [2022-02-20 18:02:22,317 INFO L290 TraceCheckUtils]: 13: Hoare triple {408#true} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:22,317 INFO L290 TraceCheckUtils]: 14: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:22,317 INFO L290 TraceCheckUtils]: 15: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:22,317 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {408#true} {408#true} #1214#return; {408#true} is VALID [2022-02-20 18:02:22,317 INFO L290 TraceCheckUtils]: 17: Hoare triple {408#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {408#true} is VALID [2022-02-20 18:02:22,318 INFO L272 TraceCheckUtils]: 18: Hoare triple {408#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {408#true} is VALID [2022-02-20 18:02:22,318 INFO L290 TraceCheckUtils]: 19: Hoare triple {408#true} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:22,318 INFO L290 TraceCheckUtils]: 20: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:22,318 INFO L290 TraceCheckUtils]: 21: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:22,318 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {408#true} {408#true} #1216#return; {408#true} is VALID [2022-02-20 18:02:22,318 INFO L290 TraceCheckUtils]: 23: Hoare triple {408#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {408#true} is VALID [2022-02-20 18:02:22,318 INFO L272 TraceCheckUtils]: 24: Hoare triple {408#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {408#true} is VALID [2022-02-20 18:02:22,319 INFO L290 TraceCheckUtils]: 25: Hoare triple {408#true} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:22,319 INFO L290 TraceCheckUtils]: 26: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:22,319 INFO L290 TraceCheckUtils]: 27: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:22,319 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {408#true} {408#true} #1218#return; {408#true} is VALID [2022-02-20 18:02:22,319 INFO L290 TraceCheckUtils]: 29: Hoare triple {408#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {408#true} is VALID [2022-02-20 18:02:22,319 INFO L272 TraceCheckUtils]: 30: Hoare triple {408#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {408#true} is VALID [2022-02-20 18:02:22,320 INFO L290 TraceCheckUtils]: 31: Hoare triple {408#true} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:22,320 INFO L290 TraceCheckUtils]: 32: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:22,320 INFO L290 TraceCheckUtils]: 33: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:22,325 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {408#true} {408#true} #1220#return; {408#true} is VALID [2022-02-20 18:02:22,325 INFO L290 TraceCheckUtils]: 35: Hoare triple {408#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {408#true} is VALID [2022-02-20 18:02:22,325 INFO L272 TraceCheckUtils]: 36: Hoare triple {408#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {408#true} is VALID [2022-02-20 18:02:22,325 INFO L290 TraceCheckUtils]: 37: Hoare triple {408#true} ~handle := #in~handle;~value := #in~value; {408#true} is VALID [2022-02-20 18:02:22,325 INFO L290 TraceCheckUtils]: 38: Hoare triple {408#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {408#true} is VALID [2022-02-20 18:02:22,326 INFO L290 TraceCheckUtils]: 39: Hoare triple {408#true} assume true; {408#true} is VALID [2022-02-20 18:02:22,326 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {408#true} {408#true} #1222#return; {408#true} is VALID [2022-02-20 18:02:22,326 INFO L290 TraceCheckUtils]: 41: Hoare triple {408#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {408#true} is VALID [2022-02-20 18:02:22,326 INFO L290 TraceCheckUtils]: 42: Hoare triple {408#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {408#true} is VALID [2022-02-20 18:02:22,327 INFO L290 TraceCheckUtils]: 43: Hoare triple {408#true} assume false; {409#false} is VALID [2022-02-20 18:02:22,327 INFO L290 TraceCheckUtils]: 44: Hoare triple {409#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {409#false} is VALID [2022-02-20 18:02:22,327 INFO L272 TraceCheckUtils]: 45: Hoare triple {409#false} call sendEmail(~bob~0, ~rjh~0); {409#false} is VALID [2022-02-20 18:02:22,327 INFO L290 TraceCheckUtils]: 46: Hoare triple {409#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {409#false} is VALID [2022-02-20 18:02:22,327 INFO L272 TraceCheckUtils]: 47: Hoare triple {409#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {409#false} is VALID [2022-02-20 18:02:22,327 INFO L290 TraceCheckUtils]: 48: Hoare triple {409#false} ~handle := #in~handle;~value := #in~value; {409#false} is VALID [2022-02-20 18:02:22,328 INFO L290 TraceCheckUtils]: 49: Hoare triple {409#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {409#false} is VALID [2022-02-20 18:02:22,328 INFO L290 TraceCheckUtils]: 50: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,328 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {409#false} {409#false} #1198#return; {409#false} is VALID [2022-02-20 18:02:22,328 INFO L272 TraceCheckUtils]: 52: Hoare triple {409#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {409#false} is VALID [2022-02-20 18:02:22,328 INFO L290 TraceCheckUtils]: 53: Hoare triple {409#false} ~handle := #in~handle;~value := #in~value; {409#false} is VALID [2022-02-20 18:02:22,328 INFO L290 TraceCheckUtils]: 54: Hoare triple {409#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {409#false} is VALID [2022-02-20 18:02:22,328 INFO L290 TraceCheckUtils]: 55: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,329 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {409#false} {409#false} #1200#return; {409#false} is VALID [2022-02-20 18:02:22,329 INFO L290 TraceCheckUtils]: 57: Hoare triple {409#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {409#false} is VALID [2022-02-20 18:02:22,329 INFO L290 TraceCheckUtils]: 58: Hoare triple {409#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {409#false} is VALID [2022-02-20 18:02:22,329 INFO L272 TraceCheckUtils]: 59: Hoare triple {409#false} call outgoing(~sender#1, ~email~0#1); {409#false} is VALID [2022-02-20 18:02:22,329 INFO L290 TraceCheckUtils]: 60: Hoare triple {409#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {409#false} is VALID [2022-02-20 18:02:22,329 INFO L272 TraceCheckUtils]: 61: Hoare triple {409#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {409#false} is VALID [2022-02-20 18:02:22,329 INFO L290 TraceCheckUtils]: 62: Hoare triple {409#false} ~handle := #in~handle;havoc ~retValue_acc~18; {409#false} is VALID [2022-02-20 18:02:22,330 INFO L290 TraceCheckUtils]: 63: Hoare triple {409#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {409#false} is VALID [2022-02-20 18:02:22,330 INFO L290 TraceCheckUtils]: 64: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,330 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {409#false} {409#false} #1140#return; {409#false} is VALID [2022-02-20 18:02:22,330 INFO L290 TraceCheckUtils]: 66: Hoare triple {409#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {409#false} is VALID [2022-02-20 18:02:22,330 INFO L290 TraceCheckUtils]: 67: Hoare triple {409#false} assume 0 == sign_~privkey~1#1; {409#false} is VALID [2022-02-20 18:02:22,330 INFO L290 TraceCheckUtils]: 68: Hoare triple {409#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {409#false} is VALID [2022-02-20 18:02:22,331 INFO L272 TraceCheckUtils]: 69: Hoare triple {409#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {409#false} is VALID [2022-02-20 18:02:22,331 INFO L290 TraceCheckUtils]: 70: Hoare triple {409#false} ~handle := #in~handle;havoc ~retValue_acc~12; {409#false} is VALID [2022-02-20 18:02:22,331 INFO L290 TraceCheckUtils]: 71: Hoare triple {409#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {409#false} is VALID [2022-02-20 18:02:22,332 INFO L290 TraceCheckUtils]: 72: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,333 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {409#false} {409#false} #1142#return; {409#false} is VALID [2022-02-20 18:02:22,333 INFO L290 TraceCheckUtils]: 74: Hoare triple {409#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {409#false} is VALID [2022-02-20 18:02:22,333 INFO L290 TraceCheckUtils]: 75: Hoare triple {409#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {409#false} is VALID [2022-02-20 18:02:22,333 INFO L290 TraceCheckUtils]: 76: Hoare triple {409#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret65#1 := puts(25, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret65#1 && outgoing__wrappee__AddressBook_#t~ret65#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret65#1; {409#false} is VALID [2022-02-20 18:02:22,333 INFO L272 TraceCheckUtils]: 77: Hoare triple {409#false} call outgoing__wrappee__AddressBook_#t~ret66#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {409#false} is VALID [2022-02-20 18:02:22,333 INFO L290 TraceCheckUtils]: 78: Hoare triple {409#false} ~handle := #in~handle;havoc ~retValue_acc~34; {409#false} is VALID [2022-02-20 18:02:22,334 INFO L290 TraceCheckUtils]: 79: Hoare triple {409#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {409#false} is VALID [2022-02-20 18:02:22,334 INFO L290 TraceCheckUtils]: 80: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,334 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {409#false} {409#false} #1144#return; {409#false} is VALID [2022-02-20 18:02:22,334 INFO L290 TraceCheckUtils]: 82: Hoare triple {409#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret66#1 && outgoing__wrappee__AddressBook_#t~ret66#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret66#1;havoc outgoing__wrappee__AddressBook_#t~ret66#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret67#1 := puts(26, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret67#1 && outgoing__wrappee__AddressBook_#t~ret67#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret67#1; {409#false} is VALID [2022-02-20 18:02:22,334 INFO L272 TraceCheckUtils]: 83: Hoare triple {409#false} call outgoing__wrappee__AddressBook_#t~ret68#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {409#false} is VALID [2022-02-20 18:02:22,334 INFO L290 TraceCheckUtils]: 84: Hoare triple {409#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~16; {409#false} is VALID [2022-02-20 18:02:22,334 INFO L290 TraceCheckUtils]: 85: Hoare triple {409#false} assume 1 == ~handle; {409#false} is VALID [2022-02-20 18:02:22,335 INFO L290 TraceCheckUtils]: 86: Hoare triple {409#false} assume 0 == ~index;~retValue_acc~16 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~16; {409#false} is VALID [2022-02-20 18:02:22,335 INFO L290 TraceCheckUtils]: 87: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,335 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {409#false} {409#false} #1146#return; {409#false} is VALID [2022-02-20 18:02:22,335 INFO L290 TraceCheckUtils]: 89: Hoare triple {409#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret68#1 && outgoing__wrappee__AddressBook_#t~ret68#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret68#1;havoc outgoing__wrappee__AddressBook_#t~ret68#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {409#false} is VALID [2022-02-20 18:02:22,335 INFO L272 TraceCheckUtils]: 90: Hoare triple {409#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {409#false} is VALID [2022-02-20 18:02:22,335 INFO L290 TraceCheckUtils]: 91: Hoare triple {409#false} ~handle := #in~handle;~value := #in~value; {409#false} is VALID [2022-02-20 18:02:22,336 INFO L290 TraceCheckUtils]: 92: Hoare triple {409#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {409#false} is VALID [2022-02-20 18:02:22,336 INFO L290 TraceCheckUtils]: 93: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,336 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {409#false} {409#false} #1148#return; {409#false} is VALID [2022-02-20 18:02:22,336 INFO L272 TraceCheckUtils]: 95: Hoare triple {409#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {409#false} is VALID [2022-02-20 18:02:22,337 INFO L290 TraceCheckUtils]: 96: Hoare triple {409#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {409#false} is VALID [2022-02-20 18:02:22,339 INFO L272 TraceCheckUtils]: 97: Hoare triple {409#false} call #t~ret62#1 := getEmailTo(~msg#1); {409#false} is VALID [2022-02-20 18:02:22,339 INFO L290 TraceCheckUtils]: 98: Hoare triple {409#false} ~handle := #in~handle;havoc ~retValue_acc~34; {409#false} is VALID [2022-02-20 18:02:22,339 INFO L290 TraceCheckUtils]: 99: Hoare triple {409#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {409#false} is VALID [2022-02-20 18:02:22,339 INFO L290 TraceCheckUtils]: 100: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,340 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {409#false} {409#false} #1160#return; {409#false} is VALID [2022-02-20 18:02:22,340 INFO L290 TraceCheckUtils]: 102: Hoare triple {409#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {409#false} is VALID [2022-02-20 18:02:22,340 INFO L272 TraceCheckUtils]: 103: Hoare triple {409#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {409#false} is VALID [2022-02-20 18:02:22,340 INFO L290 TraceCheckUtils]: 104: Hoare triple {409#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {409#false} is VALID [2022-02-20 18:02:22,340 INFO L290 TraceCheckUtils]: 105: Hoare triple {409#false} assume 1 == ~handle; {409#false} is VALID [2022-02-20 18:02:22,340 INFO L290 TraceCheckUtils]: 106: Hoare triple {409#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {409#false} is VALID [2022-02-20 18:02:22,340 INFO L290 TraceCheckUtils]: 107: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,341 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {409#false} {409#false} #1162#return; {409#false} is VALID [2022-02-20 18:02:22,341 INFO L290 TraceCheckUtils]: 109: Hoare triple {409#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {409#false} is VALID [2022-02-20 18:02:22,341 INFO L290 TraceCheckUtils]: 110: Hoare triple {409#false} assume !(0 != ~pubkey~0#1); {409#false} is VALID [2022-02-20 18:02:22,341 INFO L290 TraceCheckUtils]: 111: Hoare triple {409#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {409#false} is VALID [2022-02-20 18:02:22,341 INFO L290 TraceCheckUtils]: 112: Hoare triple {409#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {409#false} is VALID [2022-02-20 18:02:22,341 INFO L290 TraceCheckUtils]: 113: Hoare triple {409#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {409#false} is VALID [2022-02-20 18:02:22,341 INFO L272 TraceCheckUtils]: 114: Hoare triple {409#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {409#false} is VALID [2022-02-20 18:02:22,364 INFO L290 TraceCheckUtils]: 115: Hoare triple {409#false} ~handle := #in~handle;~value := #in~value; {409#false} is VALID [2022-02-20 18:02:22,364 INFO L290 TraceCheckUtils]: 116: Hoare triple {409#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 117: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {409#false} {409#false} #1168#return; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 119: Hoare triple {409#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L272 TraceCheckUtils]: 120: Hoare triple {409#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 121: Hoare triple {409#false} ~handle := #in~handle;havoc ~retValue_acc~34; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 122: Hoare triple {409#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 123: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {409#false} {409#false} #1170#return; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 125: Hoare triple {409#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L272 TraceCheckUtils]: 126: Hoare triple {409#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 127: Hoare triple {409#false} ~handle := #in~handle;havoc ~retValue_acc~18; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 128: Hoare triple {409#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {409#false} is VALID [2022-02-20 18:02:22,365 INFO L290 TraceCheckUtils]: 129: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,366 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {409#false} {409#false} #1172#return; {409#false} is VALID [2022-02-20 18:02:22,366 INFO L290 TraceCheckUtils]: 131: Hoare triple {409#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {409#false} is VALID [2022-02-20 18:02:22,366 INFO L290 TraceCheckUtils]: 132: Hoare triple {409#false} assume !(0 != incoming_~privkey~0#1); {409#false} is VALID [2022-02-20 18:02:22,369 INFO L290 TraceCheckUtils]: 133: Hoare triple {409#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {409#false} is VALID [2022-02-20 18:02:22,369 INFO L272 TraceCheckUtils]: 134: Hoare triple {409#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {409#false} is VALID [2022-02-20 18:02:22,369 INFO L290 TraceCheckUtils]: 135: Hoare triple {409#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {409#false} is VALID [2022-02-20 18:02:22,369 INFO L272 TraceCheckUtils]: 136: Hoare triple {409#false} call #t~ret105#1 := isEncrypted(~msg#1); {409#false} is VALID [2022-02-20 18:02:22,369 INFO L290 TraceCheckUtils]: 137: Hoare triple {409#false} ~handle := #in~handle;havoc ~retValue_acc~37; {409#false} is VALID [2022-02-20 18:02:22,369 INFO L290 TraceCheckUtils]: 138: Hoare triple {409#false} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {409#false} is VALID [2022-02-20 18:02:22,369 INFO L290 TraceCheckUtils]: 139: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,369 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {409#false} {409#false} #1262#return; {409#false} is VALID [2022-02-20 18:02:22,369 INFO L290 TraceCheckUtils]: 141: Hoare triple {409#false} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {409#false} is VALID [2022-02-20 18:02:22,369 INFO L290 TraceCheckUtils]: 142: Hoare triple {409#false} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {409#false} is VALID [2022-02-20 18:02:22,369 INFO L290 TraceCheckUtils]: 143: Hoare triple {409#false} assume true; {409#false} is VALID [2022-02-20 18:02:22,370 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {409#false} {409#false} #1184#return; {409#false} is VALID [2022-02-20 18:02:22,370 INFO L290 TraceCheckUtils]: 145: Hoare triple {409#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {409#false} is VALID [2022-02-20 18:02:22,373 INFO L290 TraceCheckUtils]: 146: Hoare triple {409#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {409#false} is VALID [2022-02-20 18:02:22,374 INFO L290 TraceCheckUtils]: 147: Hoare triple {409#false} assume !false; {409#false} is VALID [2022-02-20 18:02:22,374 INFO L134 CoverageAnalysis]: Checked inductivity of 48 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 48 trivial. 0 not checked. [2022-02-20 18:02:22,374 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:22,375 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [181278921] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:22,375 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:22,375 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:02:22,376 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1930637216] [2022-02-20 18:02:22,380 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:22,384 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 39.0) internal successors, (78), 2 states have internal predecessors, (78), 2 states have call successors, (23), 2 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 148 [2022-02-20 18:02:22,387 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:22,391 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 39.0) internal successors, (78), 2 states have internal predecessors, (78), 2 states have call successors, (23), 2 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:22,469 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 121 edges. 121 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:22,470 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:02:22,470 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:22,488 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:02:22,488 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:22,491 INFO L87 Difference]: Start difference. First operand has 405 states, 313 states have (on average 1.5559105431309903) internal successors, (487), 318 states have internal predecessors, (487), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (62), 61 states have call predecessors, (62), 62 states have call successors, (62) Second operand has 2 states, 2 states have (on average 39.0) internal successors, (78), 2 states have internal predecessors, (78), 2 states have call successors, (23), 2 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:22,824 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:22,824 INFO L93 Difference]: Finished difference Result 622 states and 920 transitions. [2022-02-20 18:02:22,825 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:02:22,825 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 39.0) internal successors, (78), 2 states have internal predecessors, (78), 2 states have call successors, (23), 2 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) Word has length 148 [2022-02-20 18:02:22,825 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:22,827 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 39.0) internal successors, (78), 2 states have internal predecessors, (78), 2 states have call successors, (23), 2 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:22,852 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 920 transitions. [2022-02-20 18:02:22,853 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 39.0) internal successors, (78), 2 states have internal predecessors, (78), 2 states have call successors, (23), 2 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:22,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 920 transitions. [2022-02-20 18:02:22,871 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 920 transitions. [2022-02-20 18:02:23,480 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 920 edges. 920 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:23,511 INFO L225 Difference]: With dead ends: 622 [2022-02-20 18:02:23,511 INFO L226 Difference]: Without dead ends: 398 [2022-02-20 18:02:23,517 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 191 GetRequests, 184 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:23,520 INFO L933 BasicCegarLoop]: 607 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 607 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:23,522 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 607 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:23,538 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 398 states. [2022-02-20 18:02:23,572 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 398 to 398. [2022-02-20 18:02:23,572 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:23,575 INFO L82 GeneralOperation]: Start isEquivalent. First operand 398 states. Second operand has 398 states, 307 states have (on average 1.5504885993485342) internal successors, (476), 311 states have internal predecessors, (476), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:02:23,577 INFO L74 IsIncluded]: Start isIncluded. First operand 398 states. Second operand has 398 states, 307 states have (on average 1.5504885993485342) internal successors, (476), 311 states have internal predecessors, (476), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:02:23,579 INFO L87 Difference]: Start difference. First operand 398 states. Second operand has 398 states, 307 states have (on average 1.5504885993485342) internal successors, (476), 311 states have internal predecessors, (476), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:02:23,597 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:23,597 INFO L93 Difference]: Finished difference Result 398 states and 599 transitions. [2022-02-20 18:02:23,597 INFO L276 IsEmpty]: Start isEmpty. Operand 398 states and 599 transitions. [2022-02-20 18:02:23,599 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:23,599 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:23,601 INFO L74 IsIncluded]: Start isIncluded. First operand has 398 states, 307 states have (on average 1.5504885993485342) internal successors, (476), 311 states have internal predecessors, (476), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 398 states. [2022-02-20 18:02:23,602 INFO L87 Difference]: Start difference. First operand has 398 states, 307 states have (on average 1.5504885993485342) internal successors, (476), 311 states have internal predecessors, (476), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 398 states. [2022-02-20 18:02:23,617 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:23,617 INFO L93 Difference]: Finished difference Result 398 states and 599 transitions. [2022-02-20 18:02:23,617 INFO L276 IsEmpty]: Start isEmpty. Operand 398 states and 599 transitions. [2022-02-20 18:02:23,619 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:23,619 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:23,619 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:23,619 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:23,621 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 398 states, 307 states have (on average 1.5504885993485342) internal successors, (476), 311 states have internal predecessors, (476), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:02:23,636 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 398 states to 398 states and 599 transitions. [2022-02-20 18:02:23,637 INFO L78 Accepts]: Start accepts. Automaton has 398 states and 599 transitions. Word has length 148 [2022-02-20 18:02:23,638 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:23,638 INFO L470 AbstractCegarLoop]: Abstraction has 398 states and 599 transitions. [2022-02-20 18:02:23,639 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 39.0) internal successors, (78), 2 states have internal predecessors, (78), 2 states have call successors, (23), 2 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 2 states have call successors, (20) [2022-02-20 18:02:23,639 INFO L276 IsEmpty]: Start isEmpty. Operand 398 states and 599 transitions. [2022-02-20 18:02:23,641 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 131 [2022-02-20 18:02:23,641 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:23,641 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:23,663 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:23,860 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:02:23,861 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:23,861 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:23,861 INFO L85 PathProgramCache]: Analyzing trace with hash -1973000115, now seen corresponding path program 1 times [2022-02-20 18:02:23,861 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:23,862 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [528934897] [2022-02-20 18:02:23,862 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:23,862 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:23,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,924 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:23,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,929 INFO L290 TraceCheckUtils]: 0: Hoare triple {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:23,930 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:23,930 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:23,930 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3132#true} #1212#return; {3132#true} is VALID [2022-02-20 18:02:23,935 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:23,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,939 INFO L290 TraceCheckUtils]: 0: Hoare triple {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:23,939 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:23,939 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:23,939 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3132#true} #1214#return; {3132#true} is VALID [2022-02-20 18:02:23,940 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:23,942 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3208#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:23,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {3208#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3209#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:23,954 INFO L290 TraceCheckUtils]: 2: Hoare triple {3209#(= |setClientId_#in~handle| 1)} assume true; {3209#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:23,955 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3209#(= |setClientId_#in~handle| 1)} {3142#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1216#return; {3133#false} is VALID [2022-02-20 18:02:23,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:23,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,976 INFO L290 TraceCheckUtils]: 0: Hoare triple {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:23,976 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:23,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:23,976 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1218#return; {3133#false} is VALID [2022-02-20 18:02:23,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:23,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:23,981 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:23,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:23,981 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1220#return; {3133#false} is VALID [2022-02-20 18:02:23,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:23,983 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:23,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:23,985 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:23,985 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:23,985 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1222#return; {3133#false} is VALID [2022-02-20 18:02:24,001 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:02:24,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {3210#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,004 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,004 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,005 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1198#return; {3133#false} is VALID [2022-02-20 18:02:24,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:02:24,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {3211#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,014 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,015 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1200#return; {3133#false} is VALID [2022-02-20 18:02:24,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:02:24,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~18; {3132#true} is VALID [2022-02-20 18:02:24,018 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {3132#true} is VALID [2022-02-20 18:02:24,018 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,018 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1140#return; {3133#false} is VALID [2022-02-20 18:02:24,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:02:24,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~12; {3132#true} is VALID [2022-02-20 18:02:24,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {3132#true} is VALID [2022-02-20 18:02:24,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1142#return; {3133#false} is VALID [2022-02-20 18:02:24,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:02:24,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~34; {3132#true} is VALID [2022-02-20 18:02:24,036 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {3132#true} is VALID [2022-02-20 18:02:24,036 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,036 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1160#return; {3133#false} is VALID [2022-02-20 18:02:24,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:02:24,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {3132#true} is VALID [2022-02-20 18:02:24,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle; {3132#true} is VALID [2022-02-20 18:02:24,039 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {3132#true} is VALID [2022-02-20 18:02:24,039 INFO L290 TraceCheckUtils]: 3: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,039 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3132#true} {3133#false} #1162#return; {3133#false} is VALID [2022-02-20 18:02:24,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:24,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {3210#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1168#return; {3133#false} is VALID [2022-02-20 18:02:24,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:24,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~34; {3132#true} is VALID [2022-02-20 18:02:24,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {3132#true} is VALID [2022-02-20 18:02:24,057 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,058 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1170#return; {3133#false} is VALID [2022-02-20 18:02:24,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:02:24,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,061 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~18; {3132#true} is VALID [2022-02-20 18:02:24,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {3132#true} is VALID [2022-02-20 18:02:24,061 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,061 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3133#false} #1172#return; {3133#false} is VALID [2022-02-20 18:02:24,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:02:24,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,066 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:24,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,069 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~37; {3132#true} is VALID [2022-02-20 18:02:24,069 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {3132#true} is VALID [2022-02-20 18:02:24,070 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,070 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3132#true} {3132#true} #1262#return; {3132#true} is VALID [2022-02-20 18:02:24,070 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {3132#true} is VALID [2022-02-20 18:02:24,070 INFO L272 TraceCheckUtils]: 1: Hoare triple {3132#true} call #t~ret105#1 := isEncrypted(~msg#1); {3132#true} is VALID [2022-02-20 18:02:24,070 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~37; {3132#true} is VALID [2022-02-20 18:02:24,070 INFO L290 TraceCheckUtils]: 3: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {3132#true} is VALID [2022-02-20 18:02:24,070 INFO L290 TraceCheckUtils]: 4: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,070 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {3132#true} {3132#true} #1262#return; {3132#true} is VALID [2022-02-20 18:02:24,071 INFO L290 TraceCheckUtils]: 6: Hoare triple {3132#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {3132#true} is VALID [2022-02-20 18:02:24,071 INFO L290 TraceCheckUtils]: 7: Hoare triple {3132#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {3132#true} is VALID [2022-02-20 18:02:24,071 INFO L290 TraceCheckUtils]: 8: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,071 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {3132#true} {3133#false} #1184#return; {3133#false} is VALID [2022-02-20 18:02:24,071 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {3132#true} is VALID [2022-02-20 18:02:24,071 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {3132#true} is VALID [2022-02-20 18:02:24,071 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3132#true} is VALID [2022-02-20 18:02:24,072 INFO L290 TraceCheckUtils]: 3: Hoare triple {3132#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {3132#true} is VALID [2022-02-20 18:02:24,072 INFO L290 TraceCheckUtils]: 4: Hoare triple {3132#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {3132#true} is VALID [2022-02-20 18:02:24,072 INFO L290 TraceCheckUtils]: 5: Hoare triple {3132#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3132#true} is VALID [2022-02-20 18:02:24,073 INFO L272 TraceCheckUtils]: 6: Hoare triple {3132#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,073 INFO L290 TraceCheckUtils]: 7: Hoare triple {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,073 INFO L290 TraceCheckUtils]: 8: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,073 INFO L290 TraceCheckUtils]: 9: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,073 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3132#true} {3132#true} #1212#return; {3132#true} is VALID [2022-02-20 18:02:24,073 INFO L290 TraceCheckUtils]: 11: Hoare triple {3132#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3132#true} is VALID [2022-02-20 18:02:24,074 INFO L272 TraceCheckUtils]: 12: Hoare triple {3132#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:24,074 INFO L290 TraceCheckUtils]: 13: Hoare triple {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,074 INFO L290 TraceCheckUtils]: 14: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,074 INFO L290 TraceCheckUtils]: 15: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,074 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3132#true} {3132#true} #1214#return; {3132#true} is VALID [2022-02-20 18:02:24,075 INFO L290 TraceCheckUtils]: 17: Hoare triple {3132#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3142#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:24,075 INFO L272 TraceCheckUtils]: 18: Hoare triple {3142#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,075 INFO L290 TraceCheckUtils]: 19: Hoare triple {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3208#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:24,076 INFO L290 TraceCheckUtils]: 20: Hoare triple {3208#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3209#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:24,076 INFO L290 TraceCheckUtils]: 21: Hoare triple {3209#(= |setClientId_#in~handle| 1)} assume true; {3209#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:24,076 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3209#(= |setClientId_#in~handle| 1)} {3142#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1216#return; {3133#false} is VALID [2022-02-20 18:02:24,077 INFO L290 TraceCheckUtils]: 23: Hoare triple {3133#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3133#false} is VALID [2022-02-20 18:02:24,077 INFO L272 TraceCheckUtils]: 24: Hoare triple {3133#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:24,077 INFO L290 TraceCheckUtils]: 25: Hoare triple {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,077 INFO L290 TraceCheckUtils]: 26: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,077 INFO L290 TraceCheckUtils]: 27: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,077 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3132#true} {3133#false} #1218#return; {3133#false} is VALID [2022-02-20 18:02:24,077 INFO L290 TraceCheckUtils]: 29: Hoare triple {3133#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3133#false} is VALID [2022-02-20 18:02:24,077 INFO L272 TraceCheckUtils]: 30: Hoare triple {3133#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:24,078 INFO L290 TraceCheckUtils]: 31: Hoare triple {3206#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,078 INFO L290 TraceCheckUtils]: 32: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,078 INFO L290 TraceCheckUtils]: 33: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,078 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3132#true} {3133#false} #1220#return; {3133#false} is VALID [2022-02-20 18:02:24,078 INFO L290 TraceCheckUtils]: 35: Hoare triple {3133#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3133#false} is VALID [2022-02-20 18:02:24,078 INFO L272 TraceCheckUtils]: 36: Hoare triple {3133#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:24,078 INFO L290 TraceCheckUtils]: 37: Hoare triple {3207#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,078 INFO L290 TraceCheckUtils]: 38: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,079 INFO L290 TraceCheckUtils]: 39: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,079 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3132#true} {3133#false} #1222#return; {3133#false} is VALID [2022-02-20 18:02:24,079 INFO L290 TraceCheckUtils]: 41: Hoare triple {3133#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {3133#false} is VALID [2022-02-20 18:02:24,079 INFO L290 TraceCheckUtils]: 42: Hoare triple {3133#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3133#false} is VALID [2022-02-20 18:02:24,079 INFO L290 TraceCheckUtils]: 43: Hoare triple {3133#false} assume !false; {3133#false} is VALID [2022-02-20 18:02:24,079 INFO L290 TraceCheckUtils]: 44: Hoare triple {3133#false} assume !(test_~splverifierCounter~0#1 < 4); {3133#false} is VALID [2022-02-20 18:02:24,079 INFO L290 TraceCheckUtils]: 45: Hoare triple {3133#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {3133#false} is VALID [2022-02-20 18:02:24,080 INFO L272 TraceCheckUtils]: 46: Hoare triple {3133#false} call sendEmail(~bob~0, ~rjh~0); {3133#false} is VALID [2022-02-20 18:02:24,080 INFO L290 TraceCheckUtils]: 47: Hoare triple {3133#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3133#false} is VALID [2022-02-20 18:02:24,080 INFO L272 TraceCheckUtils]: 48: Hoare triple {3133#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3210#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:24,080 INFO L290 TraceCheckUtils]: 49: Hoare triple {3210#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,080 INFO L290 TraceCheckUtils]: 50: Hoare triple {3132#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,080 INFO L290 TraceCheckUtils]: 51: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,080 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3132#true} {3133#false} #1198#return; {3133#false} is VALID [2022-02-20 18:02:24,080 INFO L272 TraceCheckUtils]: 53: Hoare triple {3133#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3211#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:24,081 INFO L290 TraceCheckUtils]: 54: Hoare triple {3211#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,081 INFO L290 TraceCheckUtils]: 55: Hoare triple {3132#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,081 INFO L290 TraceCheckUtils]: 56: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,081 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3132#true} {3133#false} #1200#return; {3133#false} is VALID [2022-02-20 18:02:24,081 INFO L290 TraceCheckUtils]: 58: Hoare triple {3133#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {3133#false} is VALID [2022-02-20 18:02:24,081 INFO L290 TraceCheckUtils]: 59: Hoare triple {3133#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {3133#false} is VALID [2022-02-20 18:02:24,081 INFO L272 TraceCheckUtils]: 60: Hoare triple {3133#false} call outgoing(~sender#1, ~email~0#1); {3133#false} is VALID [2022-02-20 18:02:24,081 INFO L290 TraceCheckUtils]: 61: Hoare triple {3133#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {3133#false} is VALID [2022-02-20 18:02:24,082 INFO L272 TraceCheckUtils]: 62: Hoare triple {3133#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {3132#true} is VALID [2022-02-20 18:02:24,082 INFO L290 TraceCheckUtils]: 63: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~18; {3132#true} is VALID [2022-02-20 18:02:24,097 INFO L290 TraceCheckUtils]: 64: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {3132#true} is VALID [2022-02-20 18:02:24,097 INFO L290 TraceCheckUtils]: 65: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,097 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3132#true} {3133#false} #1140#return; {3133#false} is VALID [2022-02-20 18:02:24,097 INFO L290 TraceCheckUtils]: 67: Hoare triple {3133#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {3133#false} is VALID [2022-02-20 18:02:24,098 INFO L290 TraceCheckUtils]: 68: Hoare triple {3133#false} assume 0 == sign_~privkey~1#1; {3133#false} is VALID [2022-02-20 18:02:24,098 INFO L290 TraceCheckUtils]: 69: Hoare triple {3133#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {3133#false} is VALID [2022-02-20 18:02:24,098 INFO L272 TraceCheckUtils]: 70: Hoare triple {3133#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3132#true} is VALID [2022-02-20 18:02:24,098 INFO L290 TraceCheckUtils]: 71: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~12; {3132#true} is VALID [2022-02-20 18:02:24,098 INFO L290 TraceCheckUtils]: 72: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {3132#true} is VALID [2022-02-20 18:02:24,098 INFO L290 TraceCheckUtils]: 73: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,098 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3132#true} {3133#false} #1142#return; {3133#false} is VALID [2022-02-20 18:02:24,099 INFO L290 TraceCheckUtils]: 75: Hoare triple {3133#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {3133#false} is VALID [2022-02-20 18:02:24,099 INFO L290 TraceCheckUtils]: 76: Hoare triple {3133#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {3133#false} is VALID [2022-02-20 18:02:24,099 INFO L272 TraceCheckUtils]: 77: Hoare triple {3133#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3133#false} is VALID [2022-02-20 18:02:24,099 INFO L290 TraceCheckUtils]: 78: Hoare triple {3133#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {3133#false} is VALID [2022-02-20 18:02:24,099 INFO L272 TraceCheckUtils]: 79: Hoare triple {3133#false} call #t~ret62#1 := getEmailTo(~msg#1); {3132#true} is VALID [2022-02-20 18:02:24,099 INFO L290 TraceCheckUtils]: 80: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~34; {3132#true} is VALID [2022-02-20 18:02:24,099 INFO L290 TraceCheckUtils]: 81: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {3132#true} is VALID [2022-02-20 18:02:24,100 INFO L290 TraceCheckUtils]: 82: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,100 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {3132#true} {3133#false} #1160#return; {3133#false} is VALID [2022-02-20 18:02:24,100 INFO L290 TraceCheckUtils]: 84: Hoare triple {3133#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {3133#false} is VALID [2022-02-20 18:02:24,100 INFO L272 TraceCheckUtils]: 85: Hoare triple {3133#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {3132#true} is VALID [2022-02-20 18:02:24,100 INFO L290 TraceCheckUtils]: 86: Hoare triple {3132#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {3132#true} is VALID [2022-02-20 18:02:24,100 INFO L290 TraceCheckUtils]: 87: Hoare triple {3132#true} assume 1 == ~handle; {3132#true} is VALID [2022-02-20 18:02:24,100 INFO L290 TraceCheckUtils]: 88: Hoare triple {3132#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {3132#true} is VALID [2022-02-20 18:02:24,101 INFO L290 TraceCheckUtils]: 89: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,101 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {3132#true} {3133#false} #1162#return; {3133#false} is VALID [2022-02-20 18:02:24,101 INFO L290 TraceCheckUtils]: 91: Hoare triple {3133#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {3133#false} is VALID [2022-02-20 18:02:24,101 INFO L290 TraceCheckUtils]: 92: Hoare triple {3133#false} assume !(0 != ~pubkey~0#1); {3133#false} is VALID [2022-02-20 18:02:24,101 INFO L290 TraceCheckUtils]: 93: Hoare triple {3133#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {3133#false} is VALID [2022-02-20 18:02:24,101 INFO L290 TraceCheckUtils]: 94: Hoare triple {3133#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {3133#false} is VALID [2022-02-20 18:02:24,101 INFO L290 TraceCheckUtils]: 95: Hoare triple {3133#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {3133#false} is VALID [2022-02-20 18:02:24,102 INFO L272 TraceCheckUtils]: 96: Hoare triple {3133#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {3210#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:24,102 INFO L290 TraceCheckUtils]: 97: Hoare triple {3210#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,102 INFO L290 TraceCheckUtils]: 98: Hoare triple {3132#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,102 INFO L290 TraceCheckUtils]: 99: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,102 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {3132#true} {3133#false} #1168#return; {3133#false} is VALID [2022-02-20 18:02:24,102 INFO L290 TraceCheckUtils]: 101: Hoare triple {3133#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {3133#false} is VALID [2022-02-20 18:02:24,102 INFO L272 TraceCheckUtils]: 102: Hoare triple {3133#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {3132#true} is VALID [2022-02-20 18:02:24,103 INFO L290 TraceCheckUtils]: 103: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~34; {3132#true} is VALID [2022-02-20 18:02:24,103 INFO L290 TraceCheckUtils]: 104: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {3132#true} is VALID [2022-02-20 18:02:24,103 INFO L290 TraceCheckUtils]: 105: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,103 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {3132#true} {3133#false} #1170#return; {3133#false} is VALID [2022-02-20 18:02:24,103 INFO L290 TraceCheckUtils]: 107: Hoare triple {3133#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {3133#false} is VALID [2022-02-20 18:02:24,103 INFO L272 TraceCheckUtils]: 108: Hoare triple {3133#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {3132#true} is VALID [2022-02-20 18:02:24,103 INFO L290 TraceCheckUtils]: 109: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~18; {3132#true} is VALID [2022-02-20 18:02:24,104 INFO L290 TraceCheckUtils]: 110: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {3132#true} is VALID [2022-02-20 18:02:24,104 INFO L290 TraceCheckUtils]: 111: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,104 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {3132#true} {3133#false} #1172#return; {3133#false} is VALID [2022-02-20 18:02:24,104 INFO L290 TraceCheckUtils]: 113: Hoare triple {3133#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {3133#false} is VALID [2022-02-20 18:02:24,104 INFO L290 TraceCheckUtils]: 114: Hoare triple {3133#false} assume !(0 != incoming_~privkey~0#1); {3133#false} is VALID [2022-02-20 18:02:24,104 INFO L290 TraceCheckUtils]: 115: Hoare triple {3133#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {3133#false} is VALID [2022-02-20 18:02:24,105 INFO L272 TraceCheckUtils]: 116: Hoare triple {3133#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {3132#true} is VALID [2022-02-20 18:02:24,105 INFO L290 TraceCheckUtils]: 117: Hoare triple {3132#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {3132#true} is VALID [2022-02-20 18:02:24,105 INFO L272 TraceCheckUtils]: 118: Hoare triple {3132#true} call #t~ret105#1 := isEncrypted(~msg#1); {3132#true} is VALID [2022-02-20 18:02:24,105 INFO L290 TraceCheckUtils]: 119: Hoare triple {3132#true} ~handle := #in~handle;havoc ~retValue_acc~37; {3132#true} is VALID [2022-02-20 18:02:24,105 INFO L290 TraceCheckUtils]: 120: Hoare triple {3132#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {3132#true} is VALID [2022-02-20 18:02:24,105 INFO L290 TraceCheckUtils]: 121: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,105 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {3132#true} {3132#true} #1262#return; {3132#true} is VALID [2022-02-20 18:02:24,106 INFO L290 TraceCheckUtils]: 123: Hoare triple {3132#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {3132#true} is VALID [2022-02-20 18:02:24,106 INFO L290 TraceCheckUtils]: 124: Hoare triple {3132#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {3132#true} is VALID [2022-02-20 18:02:24,106 INFO L290 TraceCheckUtils]: 125: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,106 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {3132#true} {3133#false} #1184#return; {3133#false} is VALID [2022-02-20 18:02:24,106 INFO L290 TraceCheckUtils]: 127: Hoare triple {3133#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {3133#false} is VALID [2022-02-20 18:02:24,106 INFO L290 TraceCheckUtils]: 128: Hoare triple {3133#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {3133#false} is VALID [2022-02-20 18:02:24,107 INFO L290 TraceCheckUtils]: 129: Hoare triple {3133#false} assume !false; {3133#false} is VALID [2022-02-20 18:02:24,107 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:24,107 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:24,108 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [528934897] [2022-02-20 18:02:24,108 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [528934897] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:24,108 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1910402966] [2022-02-20 18:02:24,108 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:24,108 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:24,108 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:24,109 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:24,111 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:02:24,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,350 INFO L263 TraceCheckSpWp]: Trace formula consists of 1159 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:02:24,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:24,399 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:24,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {3132#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L290 TraceCheckUtils]: 1: Hoare triple {3132#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L290 TraceCheckUtils]: 2: Hoare triple {3132#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L290 TraceCheckUtils]: 3: Hoare triple {3132#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L290 TraceCheckUtils]: 4: Hoare triple {3132#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L290 TraceCheckUtils]: 5: Hoare triple {3132#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L272 TraceCheckUtils]: 6: Hoare triple {3132#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L290 TraceCheckUtils]: 7: Hoare triple {3132#true} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L290 TraceCheckUtils]: 8: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L290 TraceCheckUtils]: 9: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,659 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3132#true} {3132#true} #1212#return; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 11: Hoare triple {3132#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L272 TraceCheckUtils]: 12: Hoare triple {3132#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 13: Hoare triple {3132#true} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 14: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 15: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3132#true} {3132#true} #1214#return; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 17: Hoare triple {3132#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L272 TraceCheckUtils]: 18: Hoare triple {3132#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 19: Hoare triple {3132#true} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 20: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 21: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3132#true} {3132#true} #1216#return; {3132#true} is VALID [2022-02-20 18:02:24,660 INFO L290 TraceCheckUtils]: 23: Hoare triple {3132#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L272 TraceCheckUtils]: 24: Hoare triple {3132#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L290 TraceCheckUtils]: 25: Hoare triple {3132#true} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L290 TraceCheckUtils]: 26: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L290 TraceCheckUtils]: 27: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3132#true} {3132#true} #1218#return; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L290 TraceCheckUtils]: 29: Hoare triple {3132#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L272 TraceCheckUtils]: 30: Hoare triple {3132#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L290 TraceCheckUtils]: 31: Hoare triple {3132#true} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L290 TraceCheckUtils]: 32: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L290 TraceCheckUtils]: 33: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,661 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3132#true} {3132#true} #1220#return; {3132#true} is VALID [2022-02-20 18:02:24,662 INFO L290 TraceCheckUtils]: 35: Hoare triple {3132#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3132#true} is VALID [2022-02-20 18:02:24,662 INFO L272 TraceCheckUtils]: 36: Hoare triple {3132#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3132#true} is VALID [2022-02-20 18:02:24,662 INFO L290 TraceCheckUtils]: 37: Hoare triple {3132#true} ~handle := #in~handle;~value := #in~value; {3132#true} is VALID [2022-02-20 18:02:24,662 INFO L290 TraceCheckUtils]: 38: Hoare triple {3132#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3132#true} is VALID [2022-02-20 18:02:24,662 INFO L290 TraceCheckUtils]: 39: Hoare triple {3132#true} assume true; {3132#true} is VALID [2022-02-20 18:02:24,662 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3132#true} {3132#true} #1222#return; {3132#true} is VALID [2022-02-20 18:02:24,662 INFO L290 TraceCheckUtils]: 41: Hoare triple {3132#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {3132#true} is VALID [2022-02-20 18:02:24,663 INFO L290 TraceCheckUtils]: 42: Hoare triple {3132#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3345#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:24,663 INFO L290 TraceCheckUtils]: 43: Hoare triple {3345#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3345#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:24,664 INFO L290 TraceCheckUtils]: 44: Hoare triple {3345#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {3133#false} is VALID [2022-02-20 18:02:24,664 INFO L290 TraceCheckUtils]: 45: Hoare triple {3133#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {3133#false} is VALID [2022-02-20 18:02:24,664 INFO L272 TraceCheckUtils]: 46: Hoare triple {3133#false} call sendEmail(~bob~0, ~rjh~0); {3133#false} is VALID [2022-02-20 18:02:24,664 INFO L290 TraceCheckUtils]: 47: Hoare triple {3133#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3133#false} is VALID [2022-02-20 18:02:24,664 INFO L272 TraceCheckUtils]: 48: Hoare triple {3133#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L290 TraceCheckUtils]: 49: Hoare triple {3133#false} ~handle := #in~handle;~value := #in~value; {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L290 TraceCheckUtils]: 50: Hoare triple {3133#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L290 TraceCheckUtils]: 51: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3133#false} {3133#false} #1198#return; {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L272 TraceCheckUtils]: 53: Hoare triple {3133#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L290 TraceCheckUtils]: 54: Hoare triple {3133#false} ~handle := #in~handle;~value := #in~value; {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L290 TraceCheckUtils]: 55: Hoare triple {3133#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L290 TraceCheckUtils]: 56: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,665 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3133#false} {3133#false} #1200#return; {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L290 TraceCheckUtils]: 58: Hoare triple {3133#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L290 TraceCheckUtils]: 59: Hoare triple {3133#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L272 TraceCheckUtils]: 60: Hoare triple {3133#false} call outgoing(~sender#1, ~email~0#1); {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L290 TraceCheckUtils]: 61: Hoare triple {3133#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L272 TraceCheckUtils]: 62: Hoare triple {3133#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L290 TraceCheckUtils]: 63: Hoare triple {3133#false} ~handle := #in~handle;havoc ~retValue_acc~18; {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L290 TraceCheckUtils]: 64: Hoare triple {3133#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L290 TraceCheckUtils]: 65: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,666 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3133#false} {3133#false} #1140#return; {3133#false} is VALID [2022-02-20 18:02:24,667 INFO L290 TraceCheckUtils]: 67: Hoare triple {3133#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {3133#false} is VALID [2022-02-20 18:02:24,667 INFO L290 TraceCheckUtils]: 68: Hoare triple {3133#false} assume 0 == sign_~privkey~1#1; {3133#false} is VALID [2022-02-20 18:02:24,667 INFO L290 TraceCheckUtils]: 69: Hoare triple {3133#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {3133#false} is VALID [2022-02-20 18:02:24,667 INFO L272 TraceCheckUtils]: 70: Hoare triple {3133#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3133#false} is VALID [2022-02-20 18:02:24,667 INFO L290 TraceCheckUtils]: 71: Hoare triple {3133#false} ~handle := #in~handle;havoc ~retValue_acc~12; {3133#false} is VALID [2022-02-20 18:02:24,667 INFO L290 TraceCheckUtils]: 72: Hoare triple {3133#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {3133#false} is VALID [2022-02-20 18:02:24,667 INFO L290 TraceCheckUtils]: 73: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,667 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3133#false} {3133#false} #1142#return; {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L290 TraceCheckUtils]: 75: Hoare triple {3133#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L290 TraceCheckUtils]: 76: Hoare triple {3133#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L272 TraceCheckUtils]: 77: Hoare triple {3133#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L290 TraceCheckUtils]: 78: Hoare triple {3133#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L272 TraceCheckUtils]: 79: Hoare triple {3133#false} call #t~ret62#1 := getEmailTo(~msg#1); {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L290 TraceCheckUtils]: 80: Hoare triple {3133#false} ~handle := #in~handle;havoc ~retValue_acc~34; {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L290 TraceCheckUtils]: 81: Hoare triple {3133#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L290 TraceCheckUtils]: 82: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {3133#false} {3133#false} #1160#return; {3133#false} is VALID [2022-02-20 18:02:24,668 INFO L290 TraceCheckUtils]: 84: Hoare triple {3133#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L272 TraceCheckUtils]: 85: Hoare triple {3133#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L290 TraceCheckUtils]: 86: Hoare triple {3133#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L290 TraceCheckUtils]: 87: Hoare triple {3133#false} assume 1 == ~handle; {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L290 TraceCheckUtils]: 88: Hoare triple {3133#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L290 TraceCheckUtils]: 89: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {3133#false} {3133#false} #1162#return; {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L290 TraceCheckUtils]: 91: Hoare triple {3133#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L290 TraceCheckUtils]: 92: Hoare triple {3133#false} assume !(0 != ~pubkey~0#1); {3133#false} is VALID [2022-02-20 18:02:24,669 INFO L290 TraceCheckUtils]: 93: Hoare triple {3133#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L290 TraceCheckUtils]: 94: Hoare triple {3133#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L290 TraceCheckUtils]: 95: Hoare triple {3133#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L272 TraceCheckUtils]: 96: Hoare triple {3133#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L290 TraceCheckUtils]: 97: Hoare triple {3133#false} ~handle := #in~handle;~value := #in~value; {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L290 TraceCheckUtils]: 98: Hoare triple {3133#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L290 TraceCheckUtils]: 99: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {3133#false} {3133#false} #1168#return; {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L290 TraceCheckUtils]: 101: Hoare triple {3133#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {3133#false} is VALID [2022-02-20 18:02:24,670 INFO L272 TraceCheckUtils]: 102: Hoare triple {3133#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L290 TraceCheckUtils]: 103: Hoare triple {3133#false} ~handle := #in~handle;havoc ~retValue_acc~34; {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L290 TraceCheckUtils]: 104: Hoare triple {3133#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L290 TraceCheckUtils]: 105: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {3133#false} {3133#false} #1170#return; {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L290 TraceCheckUtils]: 107: Hoare triple {3133#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L272 TraceCheckUtils]: 108: Hoare triple {3133#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L290 TraceCheckUtils]: 109: Hoare triple {3133#false} ~handle := #in~handle;havoc ~retValue_acc~18; {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L290 TraceCheckUtils]: 110: Hoare triple {3133#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {3133#false} is VALID [2022-02-20 18:02:24,671 INFO L290 TraceCheckUtils]: 111: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {3133#false} {3133#false} #1172#return; {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L290 TraceCheckUtils]: 113: Hoare triple {3133#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L290 TraceCheckUtils]: 114: Hoare triple {3133#false} assume !(0 != incoming_~privkey~0#1); {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L290 TraceCheckUtils]: 115: Hoare triple {3133#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L272 TraceCheckUtils]: 116: Hoare triple {3133#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L290 TraceCheckUtils]: 117: Hoare triple {3133#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L272 TraceCheckUtils]: 118: Hoare triple {3133#false} call #t~ret105#1 := isEncrypted(~msg#1); {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L290 TraceCheckUtils]: 119: Hoare triple {3133#false} ~handle := #in~handle;havoc ~retValue_acc~37; {3133#false} is VALID [2022-02-20 18:02:24,672 INFO L290 TraceCheckUtils]: 120: Hoare triple {3133#false} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {3133#false} is VALID [2022-02-20 18:02:24,673 INFO L290 TraceCheckUtils]: 121: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,673 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {3133#false} {3133#false} #1262#return; {3133#false} is VALID [2022-02-20 18:02:24,673 INFO L290 TraceCheckUtils]: 123: Hoare triple {3133#false} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {3133#false} is VALID [2022-02-20 18:02:24,673 INFO L290 TraceCheckUtils]: 124: Hoare triple {3133#false} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {3133#false} is VALID [2022-02-20 18:02:24,673 INFO L290 TraceCheckUtils]: 125: Hoare triple {3133#false} assume true; {3133#false} is VALID [2022-02-20 18:02:24,673 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {3133#false} {3133#false} #1184#return; {3133#false} is VALID [2022-02-20 18:02:24,673 INFO L290 TraceCheckUtils]: 127: Hoare triple {3133#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {3133#false} is VALID [2022-02-20 18:02:24,673 INFO L290 TraceCheckUtils]: 128: Hoare triple {3133#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {3133#false} is VALID [2022-02-20 18:02:24,674 INFO L290 TraceCheckUtils]: 129: Hoare triple {3133#false} assume !false; {3133#false} is VALID [2022-02-20 18:02:24,674 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 18:02:24,674 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:24,674 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1910402966] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:24,674 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:24,675 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:02:24,675 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1798460481] [2022-02-20 18:02:24,675 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:24,676 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 130 [2022-02-20 18:02:24,676 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:24,677 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:24,742 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:24,742 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:02:24,742 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:24,743 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:02:24,743 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:24,743 INFO L87 Difference]: Start difference. First operand 398 states and 599 transitions. Second operand has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:25,184 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:25,185 INFO L93 Difference]: Finished difference Result 612 states and 898 transitions. [2022-02-20 18:02:25,185 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:25,185 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 130 [2022-02-20 18:02:25,185 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:25,185 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:25,196 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 898 transitions. [2022-02-20 18:02:25,196 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:25,215 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 898 transitions. [2022-02-20 18:02:25,215 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 898 transitions. [2022-02-20 18:02:25,771 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 898 edges. 898 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:25,783 INFO L225 Difference]: With dead ends: 612 [2022-02-20 18:02:25,784 INFO L226 Difference]: Without dead ends: 401 [2022-02-20 18:02:25,786 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 167 GetRequests, 159 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:25,787 INFO L933 BasicCegarLoop]: 597 mSDtfsCounter, 1 mSDsluCounter, 595 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1192 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:25,787 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1192 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:25,788 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 401 states. [2022-02-20 18:02:25,799 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 401 to 400. [2022-02-20 18:02:25,799 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:25,800 INFO L82 GeneralOperation]: Start isEquivalent. First operand 401 states. Second operand has 400 states, 309 states have (on average 1.5469255663430421) internal successors, (478), 313 states have internal predecessors, (478), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:02:25,801 INFO L74 IsIncluded]: Start isIncluded. First operand 401 states. Second operand has 400 states, 309 states have (on average 1.5469255663430421) internal successors, (478), 313 states have internal predecessors, (478), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:02:25,802 INFO L87 Difference]: Start difference. First operand 401 states. Second operand has 400 states, 309 states have (on average 1.5469255663430421) internal successors, (478), 313 states have internal predecessors, (478), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:02:25,819 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:25,819 INFO L93 Difference]: Finished difference Result 401 states and 602 transitions. [2022-02-20 18:02:25,819 INFO L276 IsEmpty]: Start isEmpty. Operand 401 states and 602 transitions. [2022-02-20 18:02:25,820 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:25,820 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:25,821 INFO L74 IsIncluded]: Start isIncluded. First operand has 400 states, 309 states have (on average 1.5469255663430421) internal successors, (478), 313 states have internal predecessors, (478), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 401 states. [2022-02-20 18:02:25,822 INFO L87 Difference]: Start difference. First operand has 400 states, 309 states have (on average 1.5469255663430421) internal successors, (478), 313 states have internal predecessors, (478), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 401 states. [2022-02-20 18:02:25,839 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:25,839 INFO L93 Difference]: Finished difference Result 401 states and 602 transitions. [2022-02-20 18:02:25,839 INFO L276 IsEmpty]: Start isEmpty. Operand 401 states and 602 transitions. [2022-02-20 18:02:25,840 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:25,840 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:25,840 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:25,841 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:25,842 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 400 states, 309 states have (on average 1.5469255663430421) internal successors, (478), 313 states have internal predecessors, (478), 62 states have call successors, (62), 28 states have call predecessors, (62), 28 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:02:25,858 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 400 states to 400 states and 601 transitions. [2022-02-20 18:02:25,858 INFO L78 Accepts]: Start accepts. Automaton has 400 states and 601 transitions. Word has length 130 [2022-02-20 18:02:25,858 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:25,859 INFO L470 AbstractCegarLoop]: Abstraction has 400 states and 601 transitions. [2022-02-20 18:02:25,859 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:25,859 INFO L276 IsEmpty]: Start isEmpty. Operand 400 states and 601 transitions. [2022-02-20 18:02:25,860 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 137 [2022-02-20 18:02:25,861 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:25,861 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:25,883 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:26,080 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:02:26,081 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:26,081 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:26,081 INFO L85 PathProgramCache]: Analyzing trace with hash 758055190, now seen corresponding path program 1 times [2022-02-20 18:02:26,081 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:26,081 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [909241708] [2022-02-20 18:02:26,082 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:26,082 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:26,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,135 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:26,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,144 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5783#true} #1212#return; {5783#true} is VALID [2022-02-20 18:02:26,149 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:26,151 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,153 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,153 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,153 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5783#true} #1214#return; {5783#true} is VALID [2022-02-20 18:02:26,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:26,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5859#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:26,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {5859#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5860#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:26,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {5860#(= |setClientId_#in~handle| 1)} assume true; {5860#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:26,169 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5860#(= |setClientId_#in~handle| 1)} {5793#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1216#return; {5784#false} is VALID [2022-02-20 18:02:26,169 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:26,171 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,173 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,174 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1218#return; {5784#false} is VALID [2022-02-20 18:02:26,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:26,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,178 INFO L290 TraceCheckUtils]: 0: Hoare triple {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,178 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,178 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,178 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1220#return; {5784#false} is VALID [2022-02-20 18:02:26,178 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:26,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,188 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1222#return; {5784#false} is VALID [2022-02-20 18:02:26,194 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 18:02:26,195 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,197 INFO L290 TraceCheckUtils]: 0: Hoare triple {5861#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,197 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,197 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,197 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1198#return; {5784#false} is VALID [2022-02-20 18:02:26,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:02:26,206 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,213 INFO L290 TraceCheckUtils]: 0: Hoare triple {5862#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,213 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1200#return; {5784#false} is VALID [2022-02-20 18:02:26,213 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:02:26,214 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,216 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~18; {5783#true} is VALID [2022-02-20 18:02:26,216 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {5783#true} is VALID [2022-02-20 18:02:26,217 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,217 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1140#return; {5784#false} is VALID [2022-02-20 18:02:26,217 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:02:26,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5783#true} is VALID [2022-02-20 18:02:26,220 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {5783#true} is VALID [2022-02-20 18:02:26,220 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,220 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1142#return; {5784#false} is VALID [2022-02-20 18:02:26,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:02:26,221 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,222 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~34; {5783#true} is VALID [2022-02-20 18:02:26,223 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {5783#true} is VALID [2022-02-20 18:02:26,223 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,223 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1160#return; {5784#false} is VALID [2022-02-20 18:02:26,223 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:02:26,224 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,226 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {5783#true} is VALID [2022-02-20 18:02:26,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle; {5783#true} is VALID [2022-02-20 18:02:26,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {5783#true} is VALID [2022-02-20 18:02:26,226 INFO L290 TraceCheckUtils]: 3: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,226 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5783#true} {5784#false} #1162#return; {5784#false} is VALID [2022-02-20 18:02:26,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:26,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {5861#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,229 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,229 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,229 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1168#return; {5784#false} is VALID [2022-02-20 18:02:26,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:02:26,230 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~34; {5783#true} is VALID [2022-02-20 18:02:26,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {5783#true} is VALID [2022-02-20 18:02:26,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,232 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1170#return; {5784#false} is VALID [2022-02-20 18:02:26,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:02:26,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,235 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~18; {5783#true} is VALID [2022-02-20 18:02:26,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {5783#true} is VALID [2022-02-20 18:02:26,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,235 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5784#false} #1172#return; {5784#false} is VALID [2022-02-20 18:02:26,235 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 18:02:26,237 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,239 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:26,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,242 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~37; {5783#true} is VALID [2022-02-20 18:02:26,242 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {5783#true} is VALID [2022-02-20 18:02:26,242 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,242 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5783#true} {5783#true} #1262#return; {5783#true} is VALID [2022-02-20 18:02:26,242 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L272 TraceCheckUtils]: 1: Hoare triple {5783#true} call #t~ret105#1 := isEncrypted(~msg#1); {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~37; {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L290 TraceCheckUtils]: 3: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L290 TraceCheckUtils]: 4: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {5783#true} {5783#true} #1262#return; {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L290 TraceCheckUtils]: 6: Hoare triple {5783#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L290 TraceCheckUtils]: 7: Hoare triple {5783#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L290 TraceCheckUtils]: 8: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,243 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {5783#true} {5784#false} #1184#return; {5784#false} is VALID [2022-02-20 18:02:26,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5783#true} is VALID [2022-02-20 18:02:26,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5783#true} is VALID [2022-02-20 18:02:26,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5783#true} is VALID [2022-02-20 18:02:26,244 INFO L290 TraceCheckUtils]: 3: Hoare triple {5783#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {5783#true} is VALID [2022-02-20 18:02:26,244 INFO L290 TraceCheckUtils]: 4: Hoare triple {5783#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5783#true} is VALID [2022-02-20 18:02:26,244 INFO L290 TraceCheckUtils]: 5: Hoare triple {5783#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5783#true} is VALID [2022-02-20 18:02:26,247 INFO L272 TraceCheckUtils]: 6: Hoare triple {5783#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:26,247 INFO L290 TraceCheckUtils]: 7: Hoare triple {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,247 INFO L290 TraceCheckUtils]: 8: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,248 INFO L290 TraceCheckUtils]: 9: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,248 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5783#true} {5783#true} #1212#return; {5783#true} is VALID [2022-02-20 18:02:26,248 INFO L290 TraceCheckUtils]: 11: Hoare triple {5783#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5783#true} is VALID [2022-02-20 18:02:26,248 INFO L272 TraceCheckUtils]: 12: Hoare triple {5783#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:26,248 INFO L290 TraceCheckUtils]: 13: Hoare triple {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,249 INFO L290 TraceCheckUtils]: 14: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,249 INFO L290 TraceCheckUtils]: 15: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,249 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5783#true} {5783#true} #1214#return; {5783#true} is VALID [2022-02-20 18:02:26,250 INFO L290 TraceCheckUtils]: 17: Hoare triple {5783#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5793#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:26,250 INFO L272 TraceCheckUtils]: 18: Hoare triple {5793#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:26,250 INFO L290 TraceCheckUtils]: 19: Hoare triple {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5859#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:26,251 INFO L290 TraceCheckUtils]: 20: Hoare triple {5859#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5860#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:26,251 INFO L290 TraceCheckUtils]: 21: Hoare triple {5860#(= |setClientId_#in~handle| 1)} assume true; {5860#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:26,251 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5860#(= |setClientId_#in~handle| 1)} {5793#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1216#return; {5784#false} is VALID [2022-02-20 18:02:26,252 INFO L290 TraceCheckUtils]: 23: Hoare triple {5784#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5784#false} is VALID [2022-02-20 18:02:26,252 INFO L272 TraceCheckUtils]: 24: Hoare triple {5784#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:26,252 INFO L290 TraceCheckUtils]: 25: Hoare triple {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,252 INFO L290 TraceCheckUtils]: 26: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,252 INFO L290 TraceCheckUtils]: 27: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,252 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5783#true} {5784#false} #1218#return; {5784#false} is VALID [2022-02-20 18:02:26,252 INFO L290 TraceCheckUtils]: 29: Hoare triple {5784#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5784#false} is VALID [2022-02-20 18:02:26,252 INFO L272 TraceCheckUtils]: 30: Hoare triple {5784#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:26,252 INFO L290 TraceCheckUtils]: 31: Hoare triple {5857#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,253 INFO L290 TraceCheckUtils]: 32: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,253 INFO L290 TraceCheckUtils]: 33: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,253 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5783#true} {5784#false} #1220#return; {5784#false} is VALID [2022-02-20 18:02:26,253 INFO L290 TraceCheckUtils]: 35: Hoare triple {5784#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5784#false} is VALID [2022-02-20 18:02:26,253 INFO L272 TraceCheckUtils]: 36: Hoare triple {5784#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:26,253 INFO L290 TraceCheckUtils]: 37: Hoare triple {5858#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,253 INFO L290 TraceCheckUtils]: 38: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,253 INFO L290 TraceCheckUtils]: 39: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,253 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5783#true} {5784#false} #1222#return; {5784#false} is VALID [2022-02-20 18:02:26,254 INFO L290 TraceCheckUtils]: 41: Hoare triple {5784#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5784#false} is VALID [2022-02-20 18:02:26,254 INFO L290 TraceCheckUtils]: 42: Hoare triple {5784#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5784#false} is VALID [2022-02-20 18:02:26,254 INFO L290 TraceCheckUtils]: 43: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:02:26,254 INFO L290 TraceCheckUtils]: 44: Hoare triple {5784#false} assume test_~splverifierCounter~0#1 < 4; {5784#false} is VALID [2022-02-20 18:02:26,254 INFO L290 TraceCheckUtils]: 45: Hoare triple {5784#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5784#false} is VALID [2022-02-20 18:02:26,254 INFO L290 TraceCheckUtils]: 46: Hoare triple {5784#false} assume !(0 == test_~op1~0#1); {5784#false} is VALID [2022-02-20 18:02:26,254 INFO L290 TraceCheckUtils]: 47: Hoare triple {5784#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {5784#false} is VALID [2022-02-20 18:02:26,254 INFO L290 TraceCheckUtils]: 48: Hoare triple {5784#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5784#false} is VALID [2022-02-20 18:02:26,255 INFO L290 TraceCheckUtils]: 49: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:02:26,255 INFO L290 TraceCheckUtils]: 50: Hoare triple {5784#false} assume !(test_~splverifierCounter~0#1 < 4); {5784#false} is VALID [2022-02-20 18:02:26,255 INFO L290 TraceCheckUtils]: 51: Hoare triple {5784#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5784#false} is VALID [2022-02-20 18:02:26,255 INFO L272 TraceCheckUtils]: 52: Hoare triple {5784#false} call sendEmail(~bob~0, ~rjh~0); {5784#false} is VALID [2022-02-20 18:02:26,255 INFO L290 TraceCheckUtils]: 53: Hoare triple {5784#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5784#false} is VALID [2022-02-20 18:02:26,255 INFO L272 TraceCheckUtils]: 54: Hoare triple {5784#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5861#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:26,255 INFO L290 TraceCheckUtils]: 55: Hoare triple {5861#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,255 INFO L290 TraceCheckUtils]: 56: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,255 INFO L290 TraceCheckUtils]: 57: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,256 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5783#true} {5784#false} #1198#return; {5784#false} is VALID [2022-02-20 18:02:26,256 INFO L272 TraceCheckUtils]: 59: Hoare triple {5784#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5862#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:26,256 INFO L290 TraceCheckUtils]: 60: Hoare triple {5862#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,256 INFO L290 TraceCheckUtils]: 61: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,256 INFO L290 TraceCheckUtils]: 62: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,256 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5783#true} {5784#false} #1200#return; {5784#false} is VALID [2022-02-20 18:02:26,256 INFO L290 TraceCheckUtils]: 64: Hoare triple {5784#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {5784#false} is VALID [2022-02-20 18:02:26,256 INFO L290 TraceCheckUtils]: 65: Hoare triple {5784#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {5784#false} is VALID [2022-02-20 18:02:26,256 INFO L272 TraceCheckUtils]: 66: Hoare triple {5784#false} call outgoing(~sender#1, ~email~0#1); {5784#false} is VALID [2022-02-20 18:02:26,256 INFO L290 TraceCheckUtils]: 67: Hoare triple {5784#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {5784#false} is VALID [2022-02-20 18:02:26,257 INFO L272 TraceCheckUtils]: 68: Hoare triple {5784#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {5783#true} is VALID [2022-02-20 18:02:26,257 INFO L290 TraceCheckUtils]: 69: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~18; {5783#true} is VALID [2022-02-20 18:02:26,257 INFO L290 TraceCheckUtils]: 70: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {5783#true} is VALID [2022-02-20 18:02:26,257 INFO L290 TraceCheckUtils]: 71: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,257 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {5783#true} {5784#false} #1140#return; {5784#false} is VALID [2022-02-20 18:02:26,257 INFO L290 TraceCheckUtils]: 73: Hoare triple {5784#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {5784#false} is VALID [2022-02-20 18:02:26,257 INFO L290 TraceCheckUtils]: 74: Hoare triple {5784#false} assume 0 == sign_~privkey~1#1; {5784#false} is VALID [2022-02-20 18:02:26,257 INFO L290 TraceCheckUtils]: 75: Hoare triple {5784#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {5784#false} is VALID [2022-02-20 18:02:26,257 INFO L272 TraceCheckUtils]: 76: Hoare triple {5784#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5783#true} is VALID [2022-02-20 18:02:26,257 INFO L290 TraceCheckUtils]: 77: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5783#true} is VALID [2022-02-20 18:02:26,258 INFO L290 TraceCheckUtils]: 78: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {5783#true} is VALID [2022-02-20 18:02:26,258 INFO L290 TraceCheckUtils]: 79: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,258 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5783#true} {5784#false} #1142#return; {5784#false} is VALID [2022-02-20 18:02:26,258 INFO L290 TraceCheckUtils]: 81: Hoare triple {5784#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {5784#false} is VALID [2022-02-20 18:02:26,258 INFO L290 TraceCheckUtils]: 82: Hoare triple {5784#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5784#false} is VALID [2022-02-20 18:02:26,258 INFO L272 TraceCheckUtils]: 83: Hoare triple {5784#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5784#false} is VALID [2022-02-20 18:02:26,258 INFO L290 TraceCheckUtils]: 84: Hoare triple {5784#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {5784#false} is VALID [2022-02-20 18:02:26,258 INFO L272 TraceCheckUtils]: 85: Hoare triple {5784#false} call #t~ret62#1 := getEmailTo(~msg#1); {5783#true} is VALID [2022-02-20 18:02:26,258 INFO L290 TraceCheckUtils]: 86: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~34; {5783#true} is VALID [2022-02-20 18:02:26,259 INFO L290 TraceCheckUtils]: 87: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {5783#true} is VALID [2022-02-20 18:02:26,259 INFO L290 TraceCheckUtils]: 88: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,259 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {5783#true} {5784#false} #1160#return; {5784#false} is VALID [2022-02-20 18:02:26,259 INFO L290 TraceCheckUtils]: 90: Hoare triple {5784#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {5784#false} is VALID [2022-02-20 18:02:26,259 INFO L272 TraceCheckUtils]: 91: Hoare triple {5784#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {5783#true} is VALID [2022-02-20 18:02:26,259 INFO L290 TraceCheckUtils]: 92: Hoare triple {5783#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {5783#true} is VALID [2022-02-20 18:02:26,259 INFO L290 TraceCheckUtils]: 93: Hoare triple {5783#true} assume 1 == ~handle; {5783#true} is VALID [2022-02-20 18:02:26,259 INFO L290 TraceCheckUtils]: 94: Hoare triple {5783#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {5783#true} is VALID [2022-02-20 18:02:26,259 INFO L290 TraceCheckUtils]: 95: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,259 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {5783#true} {5784#false} #1162#return; {5784#false} is VALID [2022-02-20 18:02:26,260 INFO L290 TraceCheckUtils]: 97: Hoare triple {5784#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {5784#false} is VALID [2022-02-20 18:02:26,260 INFO L290 TraceCheckUtils]: 98: Hoare triple {5784#false} assume !(0 != ~pubkey~0#1); {5784#false} is VALID [2022-02-20 18:02:26,260 INFO L290 TraceCheckUtils]: 99: Hoare triple {5784#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {5784#false} is VALID [2022-02-20 18:02:26,260 INFO L290 TraceCheckUtils]: 100: Hoare triple {5784#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {5784#false} is VALID [2022-02-20 18:02:26,260 INFO L290 TraceCheckUtils]: 101: Hoare triple {5784#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {5784#false} is VALID [2022-02-20 18:02:26,260 INFO L272 TraceCheckUtils]: 102: Hoare triple {5784#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {5861#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:26,260 INFO L290 TraceCheckUtils]: 103: Hoare triple {5861#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,260 INFO L290 TraceCheckUtils]: 104: Hoare triple {5783#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,260 INFO L290 TraceCheckUtils]: 105: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,261 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {5783#true} {5784#false} #1168#return; {5784#false} is VALID [2022-02-20 18:02:26,261 INFO L290 TraceCheckUtils]: 107: Hoare triple {5784#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {5784#false} is VALID [2022-02-20 18:02:26,261 INFO L272 TraceCheckUtils]: 108: Hoare triple {5784#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {5783#true} is VALID [2022-02-20 18:02:26,261 INFO L290 TraceCheckUtils]: 109: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~34; {5783#true} is VALID [2022-02-20 18:02:26,261 INFO L290 TraceCheckUtils]: 110: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {5783#true} is VALID [2022-02-20 18:02:26,261 INFO L290 TraceCheckUtils]: 111: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,261 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {5783#true} {5784#false} #1170#return; {5784#false} is VALID [2022-02-20 18:02:26,261 INFO L290 TraceCheckUtils]: 113: Hoare triple {5784#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {5784#false} is VALID [2022-02-20 18:02:26,261 INFO L272 TraceCheckUtils]: 114: Hoare triple {5784#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {5783#true} is VALID [2022-02-20 18:02:26,261 INFO L290 TraceCheckUtils]: 115: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~18; {5783#true} is VALID [2022-02-20 18:02:26,262 INFO L290 TraceCheckUtils]: 116: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {5783#true} is VALID [2022-02-20 18:02:26,262 INFO L290 TraceCheckUtils]: 117: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,262 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {5783#true} {5784#false} #1172#return; {5784#false} is VALID [2022-02-20 18:02:26,262 INFO L290 TraceCheckUtils]: 119: Hoare triple {5784#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {5784#false} is VALID [2022-02-20 18:02:26,262 INFO L290 TraceCheckUtils]: 120: Hoare triple {5784#false} assume !(0 != incoming_~privkey~0#1); {5784#false} is VALID [2022-02-20 18:02:26,262 INFO L290 TraceCheckUtils]: 121: Hoare triple {5784#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {5784#false} is VALID [2022-02-20 18:02:26,262 INFO L272 TraceCheckUtils]: 122: Hoare triple {5784#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {5783#true} is VALID [2022-02-20 18:02:26,262 INFO L290 TraceCheckUtils]: 123: Hoare triple {5783#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {5783#true} is VALID [2022-02-20 18:02:26,262 INFO L272 TraceCheckUtils]: 124: Hoare triple {5783#true} call #t~ret105#1 := isEncrypted(~msg#1); {5783#true} is VALID [2022-02-20 18:02:26,263 INFO L290 TraceCheckUtils]: 125: Hoare triple {5783#true} ~handle := #in~handle;havoc ~retValue_acc~37; {5783#true} is VALID [2022-02-20 18:02:26,263 INFO L290 TraceCheckUtils]: 126: Hoare triple {5783#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {5783#true} is VALID [2022-02-20 18:02:26,263 INFO L290 TraceCheckUtils]: 127: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,263 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {5783#true} {5783#true} #1262#return; {5783#true} is VALID [2022-02-20 18:02:26,263 INFO L290 TraceCheckUtils]: 129: Hoare triple {5783#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {5783#true} is VALID [2022-02-20 18:02:26,263 INFO L290 TraceCheckUtils]: 130: Hoare triple {5783#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {5783#true} is VALID [2022-02-20 18:02:26,263 INFO L290 TraceCheckUtils]: 131: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,263 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {5783#true} {5784#false} #1184#return; {5784#false} is VALID [2022-02-20 18:02:26,263 INFO L290 TraceCheckUtils]: 133: Hoare triple {5784#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {5784#false} is VALID [2022-02-20 18:02:26,263 INFO L290 TraceCheckUtils]: 134: Hoare triple {5784#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {5784#false} is VALID [2022-02-20 18:02:26,264 INFO L290 TraceCheckUtils]: 135: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:02:26,264 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:02:26,264 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:26,264 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [909241708] [2022-02-20 18:02:26,264 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [909241708] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:26,264 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [628446311] [2022-02-20 18:02:26,265 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:26,265 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:26,265 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:26,266 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:26,267 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:02:26,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,544 INFO L263 TraceCheckSpWp]: Trace formula consists of 1173 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:02:26,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:26,593 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:26,789 INFO L290 TraceCheckUtils]: 0: Hoare triple {5783#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5783#true} is VALID [2022-02-20 18:02:26,790 INFO L290 TraceCheckUtils]: 1: Hoare triple {5783#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5783#true} is VALID [2022-02-20 18:02:26,790 INFO L290 TraceCheckUtils]: 2: Hoare triple {5783#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5783#true} is VALID [2022-02-20 18:02:26,790 INFO L290 TraceCheckUtils]: 3: Hoare triple {5783#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {5783#true} is VALID [2022-02-20 18:02:26,790 INFO L290 TraceCheckUtils]: 4: Hoare triple {5783#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5783#true} is VALID [2022-02-20 18:02:26,790 INFO L290 TraceCheckUtils]: 5: Hoare triple {5783#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5783#true} is VALID [2022-02-20 18:02:26,790 INFO L272 TraceCheckUtils]: 6: Hoare triple {5783#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L290 TraceCheckUtils]: 7: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L290 TraceCheckUtils]: 8: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L290 TraceCheckUtils]: 9: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5783#true} {5783#true} #1212#return; {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L290 TraceCheckUtils]: 11: Hoare triple {5783#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L272 TraceCheckUtils]: 12: Hoare triple {5783#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L290 TraceCheckUtils]: 13: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L290 TraceCheckUtils]: 14: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,791 INFO L290 TraceCheckUtils]: 15: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5783#true} {5783#true} #1214#return; {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L290 TraceCheckUtils]: 17: Hoare triple {5783#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L272 TraceCheckUtils]: 18: Hoare triple {5783#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L290 TraceCheckUtils]: 19: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L290 TraceCheckUtils]: 20: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L290 TraceCheckUtils]: 21: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5783#true} {5783#true} #1216#return; {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L290 TraceCheckUtils]: 23: Hoare triple {5783#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5783#true} is VALID [2022-02-20 18:02:26,792 INFO L272 TraceCheckUtils]: 24: Hoare triple {5783#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L290 TraceCheckUtils]: 25: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L290 TraceCheckUtils]: 26: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L290 TraceCheckUtils]: 27: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5783#true} {5783#true} #1218#return; {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L290 TraceCheckUtils]: 29: Hoare triple {5783#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L272 TraceCheckUtils]: 30: Hoare triple {5783#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L290 TraceCheckUtils]: 31: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L290 TraceCheckUtils]: 32: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,793 INFO L290 TraceCheckUtils]: 33: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,794 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5783#true} {5783#true} #1220#return; {5783#true} is VALID [2022-02-20 18:02:26,794 INFO L290 TraceCheckUtils]: 35: Hoare triple {5783#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5783#true} is VALID [2022-02-20 18:02:26,794 INFO L272 TraceCheckUtils]: 36: Hoare triple {5783#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5783#true} is VALID [2022-02-20 18:02:26,794 INFO L290 TraceCheckUtils]: 37: Hoare triple {5783#true} ~handle := #in~handle;~value := #in~value; {5783#true} is VALID [2022-02-20 18:02:26,794 INFO L290 TraceCheckUtils]: 38: Hoare triple {5783#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5783#true} is VALID [2022-02-20 18:02:26,794 INFO L290 TraceCheckUtils]: 39: Hoare triple {5783#true} assume true; {5783#true} is VALID [2022-02-20 18:02:26,794 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5783#true} {5783#true} #1222#return; {5783#true} is VALID [2022-02-20 18:02:26,794 INFO L290 TraceCheckUtils]: 41: Hoare triple {5783#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5783#true} is VALID [2022-02-20 18:02:26,795 INFO L290 TraceCheckUtils]: 42: Hoare triple {5783#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5996#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:26,795 INFO L290 TraceCheckUtils]: 43: Hoare triple {5996#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5996#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:26,795 INFO L290 TraceCheckUtils]: 44: Hoare triple {5996#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5996#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:26,796 INFO L290 TraceCheckUtils]: 45: Hoare triple {5996#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5996#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:26,796 INFO L290 TraceCheckUtils]: 46: Hoare triple {5996#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5784#false} is VALID [2022-02-20 18:02:26,796 INFO L290 TraceCheckUtils]: 47: Hoare triple {5784#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {5784#false} is VALID [2022-02-20 18:02:26,796 INFO L290 TraceCheckUtils]: 48: Hoare triple {5784#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5784#false} is VALID [2022-02-20 18:02:26,796 INFO L290 TraceCheckUtils]: 49: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:02:26,796 INFO L290 TraceCheckUtils]: 50: Hoare triple {5784#false} assume !(test_~splverifierCounter~0#1 < 4); {5784#false} is VALID [2022-02-20 18:02:26,796 INFO L290 TraceCheckUtils]: 51: Hoare triple {5784#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5784#false} is VALID [2022-02-20 18:02:26,796 INFO L272 TraceCheckUtils]: 52: Hoare triple {5784#false} call sendEmail(~bob~0, ~rjh~0); {5784#false} is VALID [2022-02-20 18:02:26,797 INFO L290 TraceCheckUtils]: 53: Hoare triple {5784#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5784#false} is VALID [2022-02-20 18:02:26,797 INFO L272 TraceCheckUtils]: 54: Hoare triple {5784#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5784#false} is VALID [2022-02-20 18:02:26,797 INFO L290 TraceCheckUtils]: 55: Hoare triple {5784#false} ~handle := #in~handle;~value := #in~value; {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L290 TraceCheckUtils]: 56: Hoare triple {5784#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L290 TraceCheckUtils]: 57: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5784#false} {5784#false} #1198#return; {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L272 TraceCheckUtils]: 59: Hoare triple {5784#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L290 TraceCheckUtils]: 60: Hoare triple {5784#false} ~handle := #in~handle;~value := #in~value; {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L290 TraceCheckUtils]: 61: Hoare triple {5784#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L290 TraceCheckUtils]: 62: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5784#false} {5784#false} #1200#return; {5784#false} is VALID [2022-02-20 18:02:26,798 INFO L290 TraceCheckUtils]: 64: Hoare triple {5784#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L290 TraceCheckUtils]: 65: Hoare triple {5784#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L272 TraceCheckUtils]: 66: Hoare triple {5784#false} call outgoing(~sender#1, ~email~0#1); {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L290 TraceCheckUtils]: 67: Hoare triple {5784#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L272 TraceCheckUtils]: 68: Hoare triple {5784#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L290 TraceCheckUtils]: 69: Hoare triple {5784#false} ~handle := #in~handle;havoc ~retValue_acc~18; {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L290 TraceCheckUtils]: 70: Hoare triple {5784#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L290 TraceCheckUtils]: 71: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {5784#false} {5784#false} #1140#return; {5784#false} is VALID [2022-02-20 18:02:26,799 INFO L290 TraceCheckUtils]: 73: Hoare triple {5784#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L290 TraceCheckUtils]: 74: Hoare triple {5784#false} assume 0 == sign_~privkey~1#1; {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L290 TraceCheckUtils]: 75: Hoare triple {5784#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L272 TraceCheckUtils]: 76: Hoare triple {5784#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L290 TraceCheckUtils]: 77: Hoare triple {5784#false} ~handle := #in~handle;havoc ~retValue_acc~12; {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L290 TraceCheckUtils]: 78: Hoare triple {5784#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L290 TraceCheckUtils]: 79: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5784#false} {5784#false} #1142#return; {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L290 TraceCheckUtils]: 81: Hoare triple {5784#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L290 TraceCheckUtils]: 82: Hoare triple {5784#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5784#false} is VALID [2022-02-20 18:02:26,800 INFO L272 TraceCheckUtils]: 83: Hoare triple {5784#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L290 TraceCheckUtils]: 84: Hoare triple {5784#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L272 TraceCheckUtils]: 85: Hoare triple {5784#false} call #t~ret62#1 := getEmailTo(~msg#1); {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L290 TraceCheckUtils]: 86: Hoare triple {5784#false} ~handle := #in~handle;havoc ~retValue_acc~34; {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L290 TraceCheckUtils]: 87: Hoare triple {5784#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L290 TraceCheckUtils]: 88: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {5784#false} {5784#false} #1160#return; {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L290 TraceCheckUtils]: 90: Hoare triple {5784#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L272 TraceCheckUtils]: 91: Hoare triple {5784#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {5784#false} is VALID [2022-02-20 18:02:26,801 INFO L290 TraceCheckUtils]: 92: Hoare triple {5784#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L290 TraceCheckUtils]: 93: Hoare triple {5784#false} assume 1 == ~handle; {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L290 TraceCheckUtils]: 94: Hoare triple {5784#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L290 TraceCheckUtils]: 95: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {5784#false} {5784#false} #1162#return; {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L290 TraceCheckUtils]: 97: Hoare triple {5784#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L290 TraceCheckUtils]: 98: Hoare triple {5784#false} assume !(0 != ~pubkey~0#1); {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L290 TraceCheckUtils]: 99: Hoare triple {5784#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L290 TraceCheckUtils]: 100: Hoare triple {5784#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {5784#false} is VALID [2022-02-20 18:02:26,802 INFO L290 TraceCheckUtils]: 101: Hoare triple {5784#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L272 TraceCheckUtils]: 102: Hoare triple {5784#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L290 TraceCheckUtils]: 103: Hoare triple {5784#false} ~handle := #in~handle;~value := #in~value; {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L290 TraceCheckUtils]: 104: Hoare triple {5784#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L290 TraceCheckUtils]: 105: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {5784#false} {5784#false} #1168#return; {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L290 TraceCheckUtils]: 107: Hoare triple {5784#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L272 TraceCheckUtils]: 108: Hoare triple {5784#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L290 TraceCheckUtils]: 109: Hoare triple {5784#false} ~handle := #in~handle;havoc ~retValue_acc~34; {5784#false} is VALID [2022-02-20 18:02:26,803 INFO L290 TraceCheckUtils]: 110: Hoare triple {5784#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L290 TraceCheckUtils]: 111: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {5784#false} {5784#false} #1170#return; {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L290 TraceCheckUtils]: 113: Hoare triple {5784#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L272 TraceCheckUtils]: 114: Hoare triple {5784#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L290 TraceCheckUtils]: 115: Hoare triple {5784#false} ~handle := #in~handle;havoc ~retValue_acc~18; {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L290 TraceCheckUtils]: 116: Hoare triple {5784#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L290 TraceCheckUtils]: 117: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {5784#false} {5784#false} #1172#return; {5784#false} is VALID [2022-02-20 18:02:26,804 INFO L290 TraceCheckUtils]: 119: Hoare triple {5784#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L290 TraceCheckUtils]: 120: Hoare triple {5784#false} assume !(0 != incoming_~privkey~0#1); {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L290 TraceCheckUtils]: 121: Hoare triple {5784#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L272 TraceCheckUtils]: 122: Hoare triple {5784#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L290 TraceCheckUtils]: 123: Hoare triple {5784#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L272 TraceCheckUtils]: 124: Hoare triple {5784#false} call #t~ret105#1 := isEncrypted(~msg#1); {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L290 TraceCheckUtils]: 125: Hoare triple {5784#false} ~handle := #in~handle;havoc ~retValue_acc~37; {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L290 TraceCheckUtils]: 126: Hoare triple {5784#false} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L290 TraceCheckUtils]: 127: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,805 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {5784#false} {5784#false} #1262#return; {5784#false} is VALID [2022-02-20 18:02:26,806 INFO L290 TraceCheckUtils]: 129: Hoare triple {5784#false} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {5784#false} is VALID [2022-02-20 18:02:26,806 INFO L290 TraceCheckUtils]: 130: Hoare triple {5784#false} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {5784#false} is VALID [2022-02-20 18:02:26,806 INFO L290 TraceCheckUtils]: 131: Hoare triple {5784#false} assume true; {5784#false} is VALID [2022-02-20 18:02:26,806 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {5784#false} {5784#false} #1184#return; {5784#false} is VALID [2022-02-20 18:02:26,806 INFO L290 TraceCheckUtils]: 133: Hoare triple {5784#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {5784#false} is VALID [2022-02-20 18:02:26,806 INFO L290 TraceCheckUtils]: 134: Hoare triple {5784#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {5784#false} is VALID [2022-02-20 18:02:26,806 INFO L290 TraceCheckUtils]: 135: Hoare triple {5784#false} assume !false; {5784#false} is VALID [2022-02-20 18:02:26,807 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 18:02:26,807 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:26,807 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [628446311] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:26,807 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:26,807 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:02:26,808 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [887942007] [2022-02-20 18:02:26,808 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:26,809 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 136 [2022-02-20 18:02:26,811 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:26,812 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:26,878 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:26,879 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:02:26,879 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:26,879 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:02:26,879 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:26,880 INFO L87 Difference]: Start difference. First operand 400 states and 601 transitions. Second operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:27,430 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:27,430 INFO L93 Difference]: Finished difference Result 843 states and 1286 transitions. [2022-02-20 18:02:27,430 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:27,431 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 136 [2022-02-20 18:02:27,431 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:27,431 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:27,441 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1284 transitions. [2022-02-20 18:02:27,442 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:27,488 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1284 transitions. [2022-02-20 18:02:27,488 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1284 transitions. [2022-02-20 18:02:28,240 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1284 edges. 1284 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:28,254 INFO L225 Difference]: With dead ends: 843 [2022-02-20 18:02:28,254 INFO L226 Difference]: Without dead ends: 470 [2022-02-20 18:02:28,255 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 173 GetRequests, 165 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:28,258 INFO L933 BasicCegarLoop]: 616 mSDtfsCounter, 126 mSDsluCounter, 551 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1167 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:28,261 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1167 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:28,263 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 470 states. [2022-02-20 18:02:28,273 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 470 to 462. [2022-02-20 18:02:28,273 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:28,275 INFO L82 GeneralOperation]: Start isEquivalent. First operand 470 states. Second operand has 462 states, 357 states have (on average 1.5658263305322129) internal successors, (559), 361 states have internal predecessors, (559), 76 states have call successors, (76), 28 states have call predecessors, (76), 28 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:02:28,275 INFO L74 IsIncluded]: Start isIncluded. First operand 470 states. Second operand has 462 states, 357 states have (on average 1.5658263305322129) internal successors, (559), 361 states have internal predecessors, (559), 76 states have call successors, (76), 28 states have call predecessors, (76), 28 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:02:28,276 INFO L87 Difference]: Start difference. First operand 470 states. Second operand has 462 states, 357 states have (on average 1.5658263305322129) internal successors, (559), 361 states have internal predecessors, (559), 76 states have call successors, (76), 28 states have call predecessors, (76), 28 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:02:28,289 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:28,289 INFO L93 Difference]: Finished difference Result 470 states and 719 transitions. [2022-02-20 18:02:28,289 INFO L276 IsEmpty]: Start isEmpty. Operand 470 states and 719 transitions. [2022-02-20 18:02:28,290 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:28,291 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:28,292 INFO L74 IsIncluded]: Start isIncluded. First operand has 462 states, 357 states have (on average 1.5658263305322129) internal successors, (559), 361 states have internal predecessors, (559), 76 states have call successors, (76), 28 states have call predecessors, (76), 28 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) Second operand 470 states. [2022-02-20 18:02:28,293 INFO L87 Difference]: Start difference. First operand has 462 states, 357 states have (on average 1.5658263305322129) internal successors, (559), 361 states have internal predecessors, (559), 76 states have call successors, (76), 28 states have call predecessors, (76), 28 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) Second operand 470 states. [2022-02-20 18:02:28,322 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:28,323 INFO L93 Difference]: Finished difference Result 470 states and 719 transitions. [2022-02-20 18:02:28,323 INFO L276 IsEmpty]: Start isEmpty. Operand 470 states and 719 transitions. [2022-02-20 18:02:28,324 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:28,324 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:28,324 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:28,324 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:28,325 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 462 states, 357 states have (on average 1.5658263305322129) internal successors, (559), 361 states have internal predecessors, (559), 76 states have call successors, (76), 28 states have call predecessors, (76), 28 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:02:28,356 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 462 states to 462 states and 710 transitions. [2022-02-20 18:02:28,356 INFO L78 Accepts]: Start accepts. Automaton has 462 states and 710 transitions. Word has length 136 [2022-02-20 18:02:28,357 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:28,357 INFO L470 AbstractCegarLoop]: Abstraction has 462 states and 710 transitions. [2022-02-20 18:02:28,371 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 18:02:28,372 INFO L276 IsEmpty]: Start isEmpty. Operand 462 states and 710 transitions. [2022-02-20 18:02:28,373 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 138 [2022-02-20 18:02:28,373 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:28,374 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:28,406 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:28,593 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:28,593 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:28,594 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:28,594 INFO L85 PathProgramCache]: Analyzing trace with hash 2043173099, now seen corresponding path program 1 times [2022-02-20 18:02:28,594 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:28,594 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1524371214] [2022-02-20 18:02:28,594 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:28,594 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:28,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:28,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,643 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9004#true} #1212#return; {9004#true} is VALID [2022-02-20 18:02:28,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:28,650 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,682 INFO L290 TraceCheckUtils]: 0: Hoare triple {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,682 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9004#true} #1214#return; {9004#true} is VALID [2022-02-20 18:02:28,682 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:28,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9080#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:28,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {9080#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9081#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:28,696 INFO L290 TraceCheckUtils]: 2: Hoare triple {9081#(= |setClientId_#in~handle| 1)} assume true; {9081#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:28,696 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9081#(= |setClientId_#in~handle| 1)} {9014#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1216#return; {9005#false} is VALID [2022-02-20 18:02:28,696 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:28,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,700 INFO L290 TraceCheckUtils]: 0: Hoare triple {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,700 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,700 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,700 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1218#return; {9005#false} is VALID [2022-02-20 18:02:28,700 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:28,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,706 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1220#return; {9005#false} is VALID [2022-02-20 18:02:28,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:28,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,711 INFO L290 TraceCheckUtils]: 0: Hoare triple {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,711 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1222#return; {9005#false} is VALID [2022-02-20 18:02:28,716 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:02:28,718 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,719 INFO L290 TraceCheckUtils]: 0: Hoare triple {9082#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,720 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,720 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1198#return; {9005#false} is VALID [2022-02-20 18:02:28,726 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:02:28,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,730 INFO L290 TraceCheckUtils]: 0: Hoare triple {9083#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,730 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,730 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1200#return; {9005#false} is VALID [2022-02-20 18:02:28,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:02:28,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,733 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~18; {9004#true} is VALID [2022-02-20 18:02:28,733 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {9004#true} is VALID [2022-02-20 18:02:28,733 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,733 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1140#return; {9005#false} is VALID [2022-02-20 18:02:28,734 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:02:28,735 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~12; {9004#true} is VALID [2022-02-20 18:02:28,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {9004#true} is VALID [2022-02-20 18:02:28,737 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,737 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1142#return; {9005#false} is VALID [2022-02-20 18:02:28,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:02:28,738 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~34; {9004#true} is VALID [2022-02-20 18:02:28,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {9004#true} is VALID [2022-02-20 18:02:28,740 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,740 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1160#return; {9005#false} is VALID [2022-02-20 18:02:28,740 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:02:28,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {9004#true} is VALID [2022-02-20 18:02:28,743 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle; {9004#true} is VALID [2022-02-20 18:02:28,743 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {9004#true} is VALID [2022-02-20 18:02:28,743 INFO L290 TraceCheckUtils]: 3: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,743 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9004#true} {9005#false} #1162#return; {9005#false} is VALID [2022-02-20 18:02:28,743 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:02:28,744 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,746 INFO L290 TraceCheckUtils]: 0: Hoare triple {9082#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,746 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,746 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,746 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1168#return; {9005#false} is VALID [2022-02-20 18:02:28,746 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:02:28,747 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,749 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~34; {9004#true} is VALID [2022-02-20 18:02:28,750 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {9004#true} is VALID [2022-02-20 18:02:28,750 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,750 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1170#return; {9005#false} is VALID [2022-02-20 18:02:28,750 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 18:02:28,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,753 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~18; {9004#true} is VALID [2022-02-20 18:02:28,753 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {9004#true} is VALID [2022-02-20 18:02:28,753 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,753 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9005#false} #1172#return; {9005#false} is VALID [2022-02-20 18:02:28,753 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 18:02:28,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:28,761 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:28,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~37; {9004#true} is VALID [2022-02-20 18:02:28,763 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {9004#true} is VALID [2022-02-20 18:02:28,763 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,763 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9004#true} {9004#true} #1262#return; {9004#true} is VALID [2022-02-20 18:02:28,764 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {9004#true} is VALID [2022-02-20 18:02:28,764 INFO L272 TraceCheckUtils]: 1: Hoare triple {9004#true} call #t~ret105#1 := isEncrypted(~msg#1); {9004#true} is VALID [2022-02-20 18:02:28,764 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~37; {9004#true} is VALID [2022-02-20 18:02:28,764 INFO L290 TraceCheckUtils]: 3: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {9004#true} is VALID [2022-02-20 18:02:28,764 INFO L290 TraceCheckUtils]: 4: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,764 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {9004#true} {9004#true} #1262#return; {9004#true} is VALID [2022-02-20 18:02:28,764 INFO L290 TraceCheckUtils]: 6: Hoare triple {9004#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {9004#true} is VALID [2022-02-20 18:02:28,764 INFO L290 TraceCheckUtils]: 7: Hoare triple {9004#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {9004#true} is VALID [2022-02-20 18:02:28,765 INFO L290 TraceCheckUtils]: 8: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,765 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {9004#true} {9005#false} #1184#return; {9005#false} is VALID [2022-02-20 18:02:28,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {9004#true} is VALID [2022-02-20 18:02:28,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {9004#true} is VALID [2022-02-20 18:02:28,765 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9004#true} is VALID [2022-02-20 18:02:28,765 INFO L290 TraceCheckUtils]: 3: Hoare triple {9004#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {9004#true} is VALID [2022-02-20 18:02:28,765 INFO L290 TraceCheckUtils]: 4: Hoare triple {9004#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {9004#true} is VALID [2022-02-20 18:02:28,766 INFO L290 TraceCheckUtils]: 5: Hoare triple {9004#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9004#true} is VALID [2022-02-20 18:02:28,766 INFO L272 TraceCheckUtils]: 6: Hoare triple {9004#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:28,766 INFO L290 TraceCheckUtils]: 7: Hoare triple {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,767 INFO L290 TraceCheckUtils]: 8: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,767 INFO L290 TraceCheckUtils]: 9: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,767 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9004#true} {9004#true} #1212#return; {9004#true} is VALID [2022-02-20 18:02:28,767 INFO L290 TraceCheckUtils]: 11: Hoare triple {9004#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9004#true} is VALID [2022-02-20 18:02:28,767 INFO L272 TraceCheckUtils]: 12: Hoare triple {9004#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:28,768 INFO L290 TraceCheckUtils]: 13: Hoare triple {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,768 INFO L290 TraceCheckUtils]: 14: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,768 INFO L290 TraceCheckUtils]: 15: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,768 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9004#true} {9004#true} #1214#return; {9004#true} is VALID [2022-02-20 18:02:28,768 INFO L290 TraceCheckUtils]: 17: Hoare triple {9004#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9014#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:28,769 INFO L272 TraceCheckUtils]: 18: Hoare triple {9014#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:28,769 INFO L290 TraceCheckUtils]: 19: Hoare triple {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9080#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:28,770 INFO L290 TraceCheckUtils]: 20: Hoare triple {9080#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9081#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:28,770 INFO L290 TraceCheckUtils]: 21: Hoare triple {9081#(= |setClientId_#in~handle| 1)} assume true; {9081#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:28,770 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9081#(= |setClientId_#in~handle| 1)} {9014#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1216#return; {9005#false} is VALID [2022-02-20 18:02:28,770 INFO L290 TraceCheckUtils]: 23: Hoare triple {9005#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9005#false} is VALID [2022-02-20 18:02:28,771 INFO L272 TraceCheckUtils]: 24: Hoare triple {9005#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:28,771 INFO L290 TraceCheckUtils]: 25: Hoare triple {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,771 INFO L290 TraceCheckUtils]: 26: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,771 INFO L290 TraceCheckUtils]: 27: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,771 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9004#true} {9005#false} #1218#return; {9005#false} is VALID [2022-02-20 18:02:28,771 INFO L290 TraceCheckUtils]: 29: Hoare triple {9005#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9005#false} is VALID [2022-02-20 18:02:28,771 INFO L272 TraceCheckUtils]: 30: Hoare triple {9005#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:28,771 INFO L290 TraceCheckUtils]: 31: Hoare triple {9078#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,772 INFO L290 TraceCheckUtils]: 32: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,772 INFO L290 TraceCheckUtils]: 33: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,772 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9004#true} {9005#false} #1220#return; {9005#false} is VALID [2022-02-20 18:02:28,772 INFO L290 TraceCheckUtils]: 35: Hoare triple {9005#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9005#false} is VALID [2022-02-20 18:02:28,772 INFO L272 TraceCheckUtils]: 36: Hoare triple {9005#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:28,772 INFO L290 TraceCheckUtils]: 37: Hoare triple {9079#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,772 INFO L290 TraceCheckUtils]: 38: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,772 INFO L290 TraceCheckUtils]: 39: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,773 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9004#true} {9005#false} #1222#return; {9005#false} is VALID [2022-02-20 18:02:28,773 INFO L290 TraceCheckUtils]: 41: Hoare triple {9005#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {9005#false} is VALID [2022-02-20 18:02:28,773 INFO L290 TraceCheckUtils]: 42: Hoare triple {9005#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9005#false} is VALID [2022-02-20 18:02:28,773 INFO L290 TraceCheckUtils]: 43: Hoare triple {9005#false} assume !false; {9005#false} is VALID [2022-02-20 18:02:28,773 INFO L290 TraceCheckUtils]: 44: Hoare triple {9005#false} assume test_~splverifierCounter~0#1 < 4; {9005#false} is VALID [2022-02-20 18:02:28,773 INFO L290 TraceCheckUtils]: 45: Hoare triple {9005#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9005#false} is VALID [2022-02-20 18:02:28,773 INFO L290 TraceCheckUtils]: 46: Hoare triple {9005#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {9005#false} is VALID [2022-02-20 18:02:28,773 INFO L290 TraceCheckUtils]: 47: Hoare triple {9005#false} assume !(0 != test_~tmp___9~0#1); {9005#false} is VALID [2022-02-20 18:02:28,774 INFO L290 TraceCheckUtils]: 48: Hoare triple {9005#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {9005#false} is VALID [2022-02-20 18:02:28,777 INFO L290 TraceCheckUtils]: 49: Hoare triple {9005#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9005#false} is VALID [2022-02-20 18:02:28,777 INFO L290 TraceCheckUtils]: 50: Hoare triple {9005#false} assume !false; {9005#false} is VALID [2022-02-20 18:02:28,777 INFO L290 TraceCheckUtils]: 51: Hoare triple {9005#false} assume !(test_~splverifierCounter~0#1 < 4); {9005#false} is VALID [2022-02-20 18:02:28,777 INFO L290 TraceCheckUtils]: 52: Hoare triple {9005#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {9005#false} is VALID [2022-02-20 18:02:28,777 INFO L272 TraceCheckUtils]: 53: Hoare triple {9005#false} call sendEmail(~bob~0, ~rjh~0); {9005#false} is VALID [2022-02-20 18:02:28,777 INFO L290 TraceCheckUtils]: 54: Hoare triple {9005#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9005#false} is VALID [2022-02-20 18:02:28,778 INFO L272 TraceCheckUtils]: 55: Hoare triple {9005#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9082#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:28,778 INFO L290 TraceCheckUtils]: 56: Hoare triple {9082#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,778 INFO L290 TraceCheckUtils]: 57: Hoare triple {9004#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,778 INFO L290 TraceCheckUtils]: 58: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,778 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {9004#true} {9005#false} #1198#return; {9005#false} is VALID [2022-02-20 18:02:28,778 INFO L272 TraceCheckUtils]: 60: Hoare triple {9005#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9083#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:28,778 INFO L290 TraceCheckUtils]: 61: Hoare triple {9083#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,778 INFO L290 TraceCheckUtils]: 62: Hoare triple {9004#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,779 INFO L290 TraceCheckUtils]: 63: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,779 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {9004#true} {9005#false} #1200#return; {9005#false} is VALID [2022-02-20 18:02:28,779 INFO L290 TraceCheckUtils]: 65: Hoare triple {9005#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {9005#false} is VALID [2022-02-20 18:02:28,779 INFO L290 TraceCheckUtils]: 66: Hoare triple {9005#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {9005#false} is VALID [2022-02-20 18:02:28,779 INFO L272 TraceCheckUtils]: 67: Hoare triple {9005#false} call outgoing(~sender#1, ~email~0#1); {9005#false} is VALID [2022-02-20 18:02:28,779 INFO L290 TraceCheckUtils]: 68: Hoare triple {9005#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {9005#false} is VALID [2022-02-20 18:02:28,779 INFO L272 TraceCheckUtils]: 69: Hoare triple {9005#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {9004#true} is VALID [2022-02-20 18:02:28,779 INFO L290 TraceCheckUtils]: 70: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~18; {9004#true} is VALID [2022-02-20 18:02:28,780 INFO L290 TraceCheckUtils]: 71: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {9004#true} is VALID [2022-02-20 18:02:28,780 INFO L290 TraceCheckUtils]: 72: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,780 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {9004#true} {9005#false} #1140#return; {9005#false} is VALID [2022-02-20 18:02:28,780 INFO L290 TraceCheckUtils]: 74: Hoare triple {9005#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {9005#false} is VALID [2022-02-20 18:02:28,780 INFO L290 TraceCheckUtils]: 75: Hoare triple {9005#false} assume 0 == sign_~privkey~1#1; {9005#false} is VALID [2022-02-20 18:02:28,780 INFO L290 TraceCheckUtils]: 76: Hoare triple {9005#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {9005#false} is VALID [2022-02-20 18:02:28,780 INFO L272 TraceCheckUtils]: 77: Hoare triple {9005#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {9004#true} is VALID [2022-02-20 18:02:28,780 INFO L290 TraceCheckUtils]: 78: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~12; {9004#true} is VALID [2022-02-20 18:02:28,780 INFO L290 TraceCheckUtils]: 79: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {9004#true} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 80: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,781 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {9004#true} {9005#false} #1142#return; {9005#false} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 82: Hoare triple {9005#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {9005#false} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 83: Hoare triple {9005#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {9005#false} is VALID [2022-02-20 18:02:28,781 INFO L272 TraceCheckUtils]: 84: Hoare triple {9005#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {9005#false} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 85: Hoare triple {9005#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {9005#false} is VALID [2022-02-20 18:02:28,781 INFO L272 TraceCheckUtils]: 86: Hoare triple {9005#false} call #t~ret62#1 := getEmailTo(~msg#1); {9004#true} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 87: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~34; {9004#true} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 88: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {9004#true} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 89: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,781 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {9004#true} {9005#false} #1160#return; {9005#false} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 91: Hoare triple {9005#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {9005#false} is VALID [2022-02-20 18:02:28,781 INFO L272 TraceCheckUtils]: 92: Hoare triple {9005#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {9004#true} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 93: Hoare triple {9004#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {9004#true} is VALID [2022-02-20 18:02:28,781 INFO L290 TraceCheckUtils]: 94: Hoare triple {9004#true} assume 1 == ~handle; {9004#true} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 95: Hoare triple {9004#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {9004#true} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 96: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,782 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {9004#true} {9005#false} #1162#return; {9005#false} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 98: Hoare triple {9005#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {9005#false} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 99: Hoare triple {9005#false} assume !(0 != ~pubkey~0#1); {9005#false} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 100: Hoare triple {9005#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {9005#false} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 101: Hoare triple {9005#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {9005#false} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 102: Hoare triple {9005#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {9005#false} is VALID [2022-02-20 18:02:28,782 INFO L272 TraceCheckUtils]: 103: Hoare triple {9005#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {9082#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 104: Hoare triple {9082#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 105: Hoare triple {9004#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 106: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,782 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {9004#true} {9005#false} #1168#return; {9005#false} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 108: Hoare triple {9005#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {9005#false} is VALID [2022-02-20 18:02:28,782 INFO L272 TraceCheckUtils]: 109: Hoare triple {9005#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {9004#true} is VALID [2022-02-20 18:02:28,782 INFO L290 TraceCheckUtils]: 110: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~34; {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 111: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 112: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {9004#true} {9005#false} #1170#return; {9005#false} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 114: Hoare triple {9005#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {9005#false} is VALID [2022-02-20 18:02:28,783 INFO L272 TraceCheckUtils]: 115: Hoare triple {9005#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 116: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~18; {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 117: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 118: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {9004#true} {9005#false} #1172#return; {9005#false} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 120: Hoare triple {9005#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {9005#false} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 121: Hoare triple {9005#false} assume !(0 != incoming_~privkey~0#1); {9005#false} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 122: Hoare triple {9005#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {9005#false} is VALID [2022-02-20 18:02:28,783 INFO L272 TraceCheckUtils]: 123: Hoare triple {9005#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L290 TraceCheckUtils]: 124: Hoare triple {9004#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {9004#true} is VALID [2022-02-20 18:02:28,783 INFO L272 TraceCheckUtils]: 125: Hoare triple {9004#true} call #t~ret105#1 := isEncrypted(~msg#1); {9004#true} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 126: Hoare triple {9004#true} ~handle := #in~handle;havoc ~retValue_acc~37; {9004#true} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 127: Hoare triple {9004#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {9004#true} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 128: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,784 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {9004#true} {9004#true} #1262#return; {9004#true} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 130: Hoare triple {9004#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {9004#true} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 131: Hoare triple {9004#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {9004#true} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 132: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:28,784 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {9004#true} {9005#false} #1184#return; {9005#false} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 134: Hoare triple {9005#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {9005#false} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 135: Hoare triple {9005#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {9005#false} is VALID [2022-02-20 18:02:28,784 INFO L290 TraceCheckUtils]: 136: Hoare triple {9005#false} assume !false; {9005#false} is VALID [2022-02-20 18:02:28,785 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:02:28,787 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:28,788 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1524371214] [2022-02-20 18:02:28,788 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1524371214] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:28,788 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [609866266] [2022-02-20 18:02:28,788 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:28,788 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:28,788 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:28,789 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:28,791 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:02:28,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:29,004 INFO L263 TraceCheckSpWp]: Trace formula consists of 1180 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:02:29,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:29,049 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:29,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {9004#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {9004#true} is VALID [2022-02-20 18:02:29,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {9004#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {9004#true} is VALID [2022-02-20 18:02:29,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {9004#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9004#true} is VALID [2022-02-20 18:02:29,379 INFO L290 TraceCheckUtils]: 3: Hoare triple {9004#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {9004#true} is VALID [2022-02-20 18:02:29,379 INFO L290 TraceCheckUtils]: 4: Hoare triple {9004#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {9004#true} is VALID [2022-02-20 18:02:29,379 INFO L290 TraceCheckUtils]: 5: Hoare triple {9004#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9004#true} is VALID [2022-02-20 18:02:29,379 INFO L272 TraceCheckUtils]: 6: Hoare triple {9004#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9004#true} is VALID [2022-02-20 18:02:29,379 INFO L290 TraceCheckUtils]: 7: Hoare triple {9004#true} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L290 TraceCheckUtils]: 8: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L290 TraceCheckUtils]: 9: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9004#true} {9004#true} #1212#return; {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L290 TraceCheckUtils]: 11: Hoare triple {9004#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L272 TraceCheckUtils]: 12: Hoare triple {9004#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L290 TraceCheckUtils]: 13: Hoare triple {9004#true} ~handle := #in~handle;~value := #in~value; {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L290 TraceCheckUtils]: 14: Hoare triple {9004#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L290 TraceCheckUtils]: 15: Hoare triple {9004#true} assume true; {9004#true} is VALID [2022-02-20 18:02:29,380 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9004#true} {9004#true} #1214#return; {9004#true} is VALID [2022-02-20 18:02:29,384 INFO L290 TraceCheckUtils]: 17: Hoare triple {9004#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9142#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:29,384 INFO L272 TraceCheckUtils]: 18: Hoare triple {9142#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9004#true} is VALID [2022-02-20 18:02:29,384 INFO L290 TraceCheckUtils]: 19: Hoare triple {9004#true} ~handle := #in~handle;~value := #in~value; {9149#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:02:29,385 INFO L290 TraceCheckUtils]: 20: Hoare triple {9149#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9153#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:29,385 INFO L290 TraceCheckUtils]: 21: Hoare triple {9153#(<= |setClientId_#in~handle| 1)} assume true; {9153#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:29,386 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9153#(<= |setClientId_#in~handle| 1)} {9142#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1216#return; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 23: Hoare triple {9005#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L272 TraceCheckUtils]: 24: Hoare triple {9005#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 25: Hoare triple {9005#false} ~handle := #in~handle;~value := #in~value; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 26: Hoare triple {9005#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 27: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9005#false} {9005#false} #1218#return; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 29: Hoare triple {9005#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L272 TraceCheckUtils]: 30: Hoare triple {9005#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 31: Hoare triple {9005#false} ~handle := #in~handle;~value := #in~value; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 32: Hoare triple {9005#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 33: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9005#false} {9005#false} #1220#return; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 35: Hoare triple {9005#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L272 TraceCheckUtils]: 36: Hoare triple {9005#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 37: Hoare triple {9005#false} ~handle := #in~handle;~value := #in~value; {9005#false} is VALID [2022-02-20 18:02:29,386 INFO L290 TraceCheckUtils]: 38: Hoare triple {9005#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 39: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9005#false} {9005#false} #1222#return; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 41: Hoare triple {9005#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 42: Hoare triple {9005#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 43: Hoare triple {9005#false} assume !false; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 44: Hoare triple {9005#false} assume test_~splverifierCounter~0#1 < 4; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 45: Hoare triple {9005#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 46: Hoare triple {9005#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 47: Hoare triple {9005#false} assume !(0 != test_~tmp___9~0#1); {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 48: Hoare triple {9005#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 49: Hoare triple {9005#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 50: Hoare triple {9005#false} assume !false; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 51: Hoare triple {9005#false} assume !(test_~splverifierCounter~0#1 < 4); {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 52: Hoare triple {9005#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L272 TraceCheckUtils]: 53: Hoare triple {9005#false} call sendEmail(~bob~0, ~rjh~0); {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 54: Hoare triple {9005#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L272 TraceCheckUtils]: 55: Hoare triple {9005#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 56: Hoare triple {9005#false} ~handle := #in~handle;~value := #in~value; {9005#false} is VALID [2022-02-20 18:02:29,387 INFO L290 TraceCheckUtils]: 57: Hoare triple {9005#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 58: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {9005#false} {9005#false} #1198#return; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L272 TraceCheckUtils]: 60: Hoare triple {9005#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 61: Hoare triple {9005#false} ~handle := #in~handle;~value := #in~value; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 62: Hoare triple {9005#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 63: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {9005#false} {9005#false} #1200#return; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 65: Hoare triple {9005#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 66: Hoare triple {9005#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L272 TraceCheckUtils]: 67: Hoare triple {9005#false} call outgoing(~sender#1, ~email~0#1); {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 68: Hoare triple {9005#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L272 TraceCheckUtils]: 69: Hoare triple {9005#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 70: Hoare triple {9005#false} ~handle := #in~handle;havoc ~retValue_acc~18; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 71: Hoare triple {9005#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 72: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {9005#false} {9005#false} #1140#return; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 74: Hoare triple {9005#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 75: Hoare triple {9005#false} assume 0 == sign_~privkey~1#1; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L290 TraceCheckUtils]: 76: Hoare triple {9005#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {9005#false} is VALID [2022-02-20 18:02:29,388 INFO L272 TraceCheckUtils]: 77: Hoare triple {9005#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 78: Hoare triple {9005#false} ~handle := #in~handle;havoc ~retValue_acc~12; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 79: Hoare triple {9005#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 80: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {9005#false} {9005#false} #1142#return; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 82: Hoare triple {9005#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 83: Hoare triple {9005#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L272 TraceCheckUtils]: 84: Hoare triple {9005#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 85: Hoare triple {9005#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L272 TraceCheckUtils]: 86: Hoare triple {9005#false} call #t~ret62#1 := getEmailTo(~msg#1); {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 87: Hoare triple {9005#false} ~handle := #in~handle;havoc ~retValue_acc~34; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 88: Hoare triple {9005#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 89: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {9005#false} {9005#false} #1160#return; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 91: Hoare triple {9005#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L272 TraceCheckUtils]: 92: Hoare triple {9005#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 93: Hoare triple {9005#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 94: Hoare triple {9005#false} assume 1 == ~handle; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 95: Hoare triple {9005#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L290 TraceCheckUtils]: 96: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,389 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {9005#false} {9005#false} #1162#return; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 98: Hoare triple {9005#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 99: Hoare triple {9005#false} assume !(0 != ~pubkey~0#1); {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 100: Hoare triple {9005#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 101: Hoare triple {9005#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 102: Hoare triple {9005#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L272 TraceCheckUtils]: 103: Hoare triple {9005#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 104: Hoare triple {9005#false} ~handle := #in~handle;~value := #in~value; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 105: Hoare triple {9005#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 106: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {9005#false} {9005#false} #1168#return; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 108: Hoare triple {9005#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L272 TraceCheckUtils]: 109: Hoare triple {9005#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 110: Hoare triple {9005#false} ~handle := #in~handle;havoc ~retValue_acc~34; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 111: Hoare triple {9005#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 112: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {9005#false} {9005#false} #1170#return; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 114: Hoare triple {9005#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L272 TraceCheckUtils]: 115: Hoare triple {9005#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 116: Hoare triple {9005#false} ~handle := #in~handle;havoc ~retValue_acc~18; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 117: Hoare triple {9005#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {9005#false} is VALID [2022-02-20 18:02:29,390 INFO L290 TraceCheckUtils]: 118: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {9005#false} {9005#false} #1172#return; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 120: Hoare triple {9005#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 121: Hoare triple {9005#false} assume !(0 != incoming_~privkey~0#1); {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 122: Hoare triple {9005#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L272 TraceCheckUtils]: 123: Hoare triple {9005#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 124: Hoare triple {9005#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L272 TraceCheckUtils]: 125: Hoare triple {9005#false} call #t~ret105#1 := isEncrypted(~msg#1); {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 126: Hoare triple {9005#false} ~handle := #in~handle;havoc ~retValue_acc~37; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 127: Hoare triple {9005#false} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 128: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {9005#false} {9005#false} #1262#return; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 130: Hoare triple {9005#false} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 131: Hoare triple {9005#false} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 132: Hoare triple {9005#false} assume true; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {9005#false} {9005#false} #1184#return; {9005#false} is VALID [2022-02-20 18:02:29,391 INFO L290 TraceCheckUtils]: 134: Hoare triple {9005#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {9005#false} is VALID [2022-02-20 18:02:29,394 INFO L290 TraceCheckUtils]: 135: Hoare triple {9005#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {9005#false} is VALID [2022-02-20 18:02:29,395 INFO L290 TraceCheckUtils]: 136: Hoare triple {9005#false} assume !false; {9005#false} is VALID [2022-02-20 18:02:29,395 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 19 trivial. 0 not checked. [2022-02-20 18:02:29,395 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:29,395 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [609866266] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:29,395 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:29,395 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:02:29,395 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [776088293] [2022-02-20 18:02:29,395 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:29,396 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 137 [2022-02-20 18:02:29,396 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:29,396 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:29,494 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:29,494 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:29,495 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:29,495 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:29,495 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:29,495 INFO L87 Difference]: Start difference. First operand 462 states and 710 transitions. Second operand has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:30,549 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:30,549 INFO L93 Difference]: Finished difference Result 915 states and 1410 transitions. [2022-02-20 18:02:30,549 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:02:30,549 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 137 [2022-02-20 18:02:30,549 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:30,549 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:30,558 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1188 transitions. [2022-02-20 18:02:30,558 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:30,567 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1188 transitions. [2022-02-20 18:02:30,567 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1188 transitions. [2022-02-20 18:02:31,278 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1188 edges. 1188 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:31,289 INFO L225 Difference]: With dead ends: 915 [2022-02-20 18:02:31,290 INFO L226 Difference]: Without dead ends: 464 [2022-02-20 18:02:31,291 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 175 GetRequests, 164 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:31,292 INFO L933 BasicCegarLoop]: 590 mSDtfsCounter, 144 mSDsluCounter, 1604 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 167 SdHoareTripleChecker+Valid, 2194 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:31,292 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [167 Valid, 2194 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:31,293 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 464 states. [2022-02-20 18:02:31,347 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 464 to 464. [2022-02-20 18:02:31,347 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:31,348 INFO L82 GeneralOperation]: Start isEquivalent. First operand 464 states. Second operand has 464 states, 358 states have (on average 1.5642458100558658) internal successors, (560), 363 states have internal predecessors, (560), 76 states have call successors, (76), 28 states have call predecessors, (76), 29 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:02:31,350 INFO L74 IsIncluded]: Start isIncluded. First operand 464 states. Second operand has 464 states, 358 states have (on average 1.5642458100558658) internal successors, (560), 363 states have internal predecessors, (560), 76 states have call successors, (76), 28 states have call predecessors, (76), 29 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:02:31,350 INFO L87 Difference]: Start difference. First operand 464 states. Second operand has 464 states, 358 states have (on average 1.5642458100558658) internal successors, (560), 363 states have internal predecessors, (560), 76 states have call successors, (76), 28 states have call predecessors, (76), 29 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:02:31,363 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:31,364 INFO L93 Difference]: Finished difference Result 464 states and 713 transitions. [2022-02-20 18:02:31,364 INFO L276 IsEmpty]: Start isEmpty. Operand 464 states and 713 transitions. [2022-02-20 18:02:31,365 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:31,366 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:31,367 INFO L74 IsIncluded]: Start isIncluded. First operand has 464 states, 358 states have (on average 1.5642458100558658) internal successors, (560), 363 states have internal predecessors, (560), 76 states have call successors, (76), 28 states have call predecessors, (76), 29 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) Second operand 464 states. [2022-02-20 18:02:31,368 INFO L87 Difference]: Start difference. First operand has 464 states, 358 states have (on average 1.5642458100558658) internal successors, (560), 363 states have internal predecessors, (560), 76 states have call successors, (76), 28 states have call predecessors, (76), 29 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) Second operand 464 states. [2022-02-20 18:02:31,383 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:31,384 INFO L93 Difference]: Finished difference Result 464 states and 713 transitions. [2022-02-20 18:02:31,384 INFO L276 IsEmpty]: Start isEmpty. Operand 464 states and 713 transitions. [2022-02-20 18:02:31,385 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:31,385 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:31,385 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:31,385 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:31,386 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 464 states, 358 states have (on average 1.5642458100558658) internal successors, (560), 363 states have internal predecessors, (560), 76 states have call successors, (76), 28 states have call predecessors, (76), 29 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:02:31,417 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 464 states to 464 states and 713 transitions. [2022-02-20 18:02:31,418 INFO L78 Accepts]: Start accepts. Automaton has 464 states and 713 transitions. Word has length 137 [2022-02-20 18:02:31,418 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:31,418 INFO L470 AbstractCegarLoop]: Abstraction has 464 states and 713 transitions. [2022-02-20 18:02:31,418 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:31,419 INFO L276 IsEmpty]: Start isEmpty. Operand 464 states and 713 transitions. [2022-02-20 18:02:31,421 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 139 [2022-02-20 18:02:31,421 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:31,421 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:31,442 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:31,637 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:31,638 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:31,638 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:31,638 INFO L85 PathProgramCache]: Analyzing trace with hash -2087348210, now seen corresponding path program 1 times [2022-02-20 18:02:31,638 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:31,639 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [653793720] [2022-02-20 18:02:31,639 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:31,639 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:31,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:31,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,718 INFO L290 TraceCheckUtils]: 0: Hoare triple {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,718 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,719 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,719 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12330#true} #1212#return; {12330#true} is VALID [2022-02-20 18:02:31,724 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:31,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,728 INFO L290 TraceCheckUtils]: 0: Hoare triple {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,728 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,728 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,728 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12330#true} #1214#return; {12330#true} is VALID [2022-02-20 18:02:31,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:31,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,743 INFO L290 TraceCheckUtils]: 0: Hoare triple {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,743 INFO L290 TraceCheckUtils]: 1: Hoare triple {12408#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {12408#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12409#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,744 INFO L290 TraceCheckUtils]: 3: Hoare triple {12409#(= 2 |setClientId_#in~handle|)} assume true; {12409#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,744 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12409#(= 2 |setClientId_#in~handle|)} {12340#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1216#return; {12346#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:31,745 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:31,747 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,760 INFO L290 TraceCheckUtils]: 0: Hoare triple {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12410#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:31,761 INFO L290 TraceCheckUtils]: 1: Hoare triple {12410#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12411#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:31,761 INFO L290 TraceCheckUtils]: 2: Hoare triple {12411#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12411#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:31,761 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12411#(= |setClientPrivateKey_#in~handle| 1)} {12346#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1218#return; {12331#false} is VALID [2022-02-20 18:02:31,761 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:02:31,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,767 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1220#return; {12331#false} is VALID [2022-02-20 18:02:31,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:02:31,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,772 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1222#return; {12331#false} is VALID [2022-02-20 18:02:31,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:02:31,781 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,783 INFO L290 TraceCheckUtils]: 0: Hoare triple {12412#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,783 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,783 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,783 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1198#return; {12331#false} is VALID [2022-02-20 18:02:31,790 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:31,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,795 INFO L290 TraceCheckUtils]: 0: Hoare triple {12413#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,795 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,795 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,808 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1200#return; {12331#false} is VALID [2022-02-20 18:02:31,808 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:02:31,809 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~18; {12330#true} is VALID [2022-02-20 18:02:31,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {12330#true} is VALID [2022-02-20 18:02:31,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,822 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1140#return; {12331#false} is VALID [2022-02-20 18:02:31,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:02:31,823 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,825 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~12; {12330#true} is VALID [2022-02-20 18:02:31,825 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {12330#true} is VALID [2022-02-20 18:02:31,825 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,825 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1142#return; {12331#false} is VALID [2022-02-20 18:02:31,825 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:02:31,826 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,828 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~34; {12330#true} is VALID [2022-02-20 18:02:31,828 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {12330#true} is VALID [2022-02-20 18:02:31,828 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,828 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1160#return; {12331#false} is VALID [2022-02-20 18:02:31,828 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:02:31,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {12330#true} is VALID [2022-02-20 18:02:31,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle; {12330#true} is VALID [2022-02-20 18:02:31,831 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {12330#true} is VALID [2022-02-20 18:02:31,831 INFO L290 TraceCheckUtils]: 3: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,831 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12330#true} {12331#false} #1162#return; {12331#false} is VALID [2022-02-20 18:02:31,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:02:31,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,834 INFO L290 TraceCheckUtils]: 0: Hoare triple {12412#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,834 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,834 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1168#return; {12331#false} is VALID [2022-02-20 18:02:31,835 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:02:31,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,838 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~34; {12330#true} is VALID [2022-02-20 18:02:31,838 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {12330#true} is VALID [2022-02-20 18:02:31,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,838 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1170#return; {12331#false} is VALID [2022-02-20 18:02:31,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:02:31,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,841 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~18; {12330#true} is VALID [2022-02-20 18:02:31,841 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {12330#true} is VALID [2022-02-20 18:02:31,842 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,842 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12331#false} #1172#return; {12331#false} is VALID [2022-02-20 18:02:31,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 18:02:31,844 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,846 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:31,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:31,849 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~37; {12330#true} is VALID [2022-02-20 18:02:31,849 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {12330#true} is VALID [2022-02-20 18:02:31,849 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,849 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12330#true} {12330#true} #1262#return; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L272 TraceCheckUtils]: 1: Hoare triple {12330#true} call #t~ret105#1 := isEncrypted(~msg#1); {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~37; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L290 TraceCheckUtils]: 3: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L290 TraceCheckUtils]: 4: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {12330#true} {12330#true} #1262#return; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L290 TraceCheckUtils]: 6: Hoare triple {12330#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L290 TraceCheckUtils]: 7: Hoare triple {12330#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L290 TraceCheckUtils]: 8: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,850 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {12330#true} {12331#false} #1184#return; {12331#false} is VALID [2022-02-20 18:02:31,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {12330#true} is VALID [2022-02-20 18:02:31,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {12330#true} is VALID [2022-02-20 18:02:31,851 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12330#true} is VALID [2022-02-20 18:02:31,851 INFO L290 TraceCheckUtils]: 3: Hoare triple {12330#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {12330#true} is VALID [2022-02-20 18:02:31,851 INFO L290 TraceCheckUtils]: 4: Hoare triple {12330#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {12330#true} is VALID [2022-02-20 18:02:31,851 INFO L290 TraceCheckUtils]: 5: Hoare triple {12330#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12330#true} is VALID [2022-02-20 18:02:31,852 INFO L272 TraceCheckUtils]: 6: Hoare triple {12330#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,852 INFO L290 TraceCheckUtils]: 7: Hoare triple {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,852 INFO L290 TraceCheckUtils]: 8: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,852 INFO L290 TraceCheckUtils]: 9: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,852 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12330#true} {12330#true} #1212#return; {12330#true} is VALID [2022-02-20 18:02:31,852 INFO L290 TraceCheckUtils]: 11: Hoare triple {12330#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12330#true} is VALID [2022-02-20 18:02:31,853 INFO L272 TraceCheckUtils]: 12: Hoare triple {12330#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:31,853 INFO L290 TraceCheckUtils]: 13: Hoare triple {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,853 INFO L290 TraceCheckUtils]: 14: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,853 INFO L290 TraceCheckUtils]: 15: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,853 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12330#true} {12330#true} #1214#return; {12330#true} is VALID [2022-02-20 18:02:31,854 INFO L290 TraceCheckUtils]: 17: Hoare triple {12330#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12340#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:31,854 INFO L272 TraceCheckUtils]: 18: Hoare triple {12340#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,854 INFO L290 TraceCheckUtils]: 19: Hoare triple {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,855 INFO L290 TraceCheckUtils]: 20: Hoare triple {12408#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,855 INFO L290 TraceCheckUtils]: 21: Hoare triple {12408#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12409#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,855 INFO L290 TraceCheckUtils]: 22: Hoare triple {12409#(= 2 |setClientId_#in~handle|)} assume true; {12409#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:31,856 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12409#(= 2 |setClientId_#in~handle|)} {12340#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1216#return; {12346#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:31,856 INFO L290 TraceCheckUtils]: 24: Hoare triple {12346#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {12346#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:31,856 INFO L272 TraceCheckUtils]: 25: Hoare triple {12346#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:31,857 INFO L290 TraceCheckUtils]: 26: Hoare triple {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12410#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:31,857 INFO L290 TraceCheckUtils]: 27: Hoare triple {12410#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12411#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:31,857 INFO L290 TraceCheckUtils]: 28: Hoare triple {12411#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12411#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:31,858 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12411#(= |setClientPrivateKey_#in~handle| 1)} {12346#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1218#return; {12331#false} is VALID [2022-02-20 18:02:31,858 INFO L290 TraceCheckUtils]: 30: Hoare triple {12331#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12331#false} is VALID [2022-02-20 18:02:31,858 INFO L272 TraceCheckUtils]: 31: Hoare triple {12331#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:31,858 INFO L290 TraceCheckUtils]: 32: Hoare triple {12406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,858 INFO L290 TraceCheckUtils]: 33: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,858 INFO L290 TraceCheckUtils]: 34: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,858 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12330#true} {12331#false} #1220#return; {12331#false} is VALID [2022-02-20 18:02:31,858 INFO L290 TraceCheckUtils]: 36: Hoare triple {12331#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12331#false} is VALID [2022-02-20 18:02:31,859 INFO L272 TraceCheckUtils]: 37: Hoare triple {12331#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:31,859 INFO L290 TraceCheckUtils]: 38: Hoare triple {12407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,859 INFO L290 TraceCheckUtils]: 39: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,859 INFO L290 TraceCheckUtils]: 40: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,859 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12330#true} {12331#false} #1222#return; {12331#false} is VALID [2022-02-20 18:02:31,859 INFO L290 TraceCheckUtils]: 42: Hoare triple {12331#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {12331#false} is VALID [2022-02-20 18:02:31,859 INFO L290 TraceCheckUtils]: 43: Hoare triple {12331#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12331#false} is VALID [2022-02-20 18:02:31,859 INFO L290 TraceCheckUtils]: 44: Hoare triple {12331#false} assume !false; {12331#false} is VALID [2022-02-20 18:02:31,859 INFO L290 TraceCheckUtils]: 45: Hoare triple {12331#false} assume test_~splverifierCounter~0#1 < 4; {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 46: Hoare triple {12331#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 47: Hoare triple {12331#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 48: Hoare triple {12331#false} assume !(0 != test_~tmp___9~0#1); {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 49: Hoare triple {12331#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 50: Hoare triple {12331#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 51: Hoare triple {12331#false} assume !false; {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 52: Hoare triple {12331#false} assume !(test_~splverifierCounter~0#1 < 4); {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 53: Hoare triple {12331#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L272 TraceCheckUtils]: 54: Hoare triple {12331#false} call sendEmail(~bob~0, ~rjh~0); {12331#false} is VALID [2022-02-20 18:02:31,860 INFO L290 TraceCheckUtils]: 55: Hoare triple {12331#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12331#false} is VALID [2022-02-20 18:02:31,861 INFO L272 TraceCheckUtils]: 56: Hoare triple {12331#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12412#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:31,861 INFO L290 TraceCheckUtils]: 57: Hoare triple {12412#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,861 INFO L290 TraceCheckUtils]: 58: Hoare triple {12330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,861 INFO L290 TraceCheckUtils]: 59: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,861 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {12330#true} {12331#false} #1198#return; {12331#false} is VALID [2022-02-20 18:02:31,861 INFO L272 TraceCheckUtils]: 61: Hoare triple {12331#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12413#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:31,861 INFO L290 TraceCheckUtils]: 62: Hoare triple {12413#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,861 INFO L290 TraceCheckUtils]: 63: Hoare triple {12330#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,861 INFO L290 TraceCheckUtils]: 64: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,862 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {12330#true} {12331#false} #1200#return; {12331#false} is VALID [2022-02-20 18:02:31,862 INFO L290 TraceCheckUtils]: 66: Hoare triple {12331#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {12331#false} is VALID [2022-02-20 18:02:31,862 INFO L290 TraceCheckUtils]: 67: Hoare triple {12331#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {12331#false} is VALID [2022-02-20 18:02:31,862 INFO L272 TraceCheckUtils]: 68: Hoare triple {12331#false} call outgoing(~sender#1, ~email~0#1); {12331#false} is VALID [2022-02-20 18:02:31,862 INFO L290 TraceCheckUtils]: 69: Hoare triple {12331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {12331#false} is VALID [2022-02-20 18:02:31,862 INFO L272 TraceCheckUtils]: 70: Hoare triple {12331#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {12330#true} is VALID [2022-02-20 18:02:31,862 INFO L290 TraceCheckUtils]: 71: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~18; {12330#true} is VALID [2022-02-20 18:02:31,862 INFO L290 TraceCheckUtils]: 72: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {12330#true} is VALID [2022-02-20 18:02:31,862 INFO L290 TraceCheckUtils]: 73: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,862 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12330#true} {12331#false} #1140#return; {12331#false} is VALID [2022-02-20 18:02:31,863 INFO L290 TraceCheckUtils]: 75: Hoare triple {12331#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {12331#false} is VALID [2022-02-20 18:02:31,863 INFO L290 TraceCheckUtils]: 76: Hoare triple {12331#false} assume 0 == sign_~privkey~1#1; {12331#false} is VALID [2022-02-20 18:02:31,863 INFO L290 TraceCheckUtils]: 77: Hoare triple {12331#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {12331#false} is VALID [2022-02-20 18:02:31,863 INFO L272 TraceCheckUtils]: 78: Hoare triple {12331#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {12330#true} is VALID [2022-02-20 18:02:31,863 INFO L290 TraceCheckUtils]: 79: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~12; {12330#true} is VALID [2022-02-20 18:02:31,863 INFO L290 TraceCheckUtils]: 80: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {12330#true} is VALID [2022-02-20 18:02:31,863 INFO L290 TraceCheckUtils]: 81: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,863 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {12330#true} {12331#false} #1142#return; {12331#false} is VALID [2022-02-20 18:02:31,863 INFO L290 TraceCheckUtils]: 83: Hoare triple {12331#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {12331#false} is VALID [2022-02-20 18:02:31,863 INFO L290 TraceCheckUtils]: 84: Hoare triple {12331#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {12331#false} is VALID [2022-02-20 18:02:31,864 INFO L272 TraceCheckUtils]: 85: Hoare triple {12331#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {12331#false} is VALID [2022-02-20 18:02:31,864 INFO L290 TraceCheckUtils]: 86: Hoare triple {12331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {12331#false} is VALID [2022-02-20 18:02:31,864 INFO L272 TraceCheckUtils]: 87: Hoare triple {12331#false} call #t~ret62#1 := getEmailTo(~msg#1); {12330#true} is VALID [2022-02-20 18:02:31,864 INFO L290 TraceCheckUtils]: 88: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~34; {12330#true} is VALID [2022-02-20 18:02:31,864 INFO L290 TraceCheckUtils]: 89: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {12330#true} is VALID [2022-02-20 18:02:31,864 INFO L290 TraceCheckUtils]: 90: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,864 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {12330#true} {12331#false} #1160#return; {12331#false} is VALID [2022-02-20 18:02:31,864 INFO L290 TraceCheckUtils]: 92: Hoare triple {12331#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {12331#false} is VALID [2022-02-20 18:02:31,864 INFO L272 TraceCheckUtils]: 93: Hoare triple {12331#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {12330#true} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 94: Hoare triple {12330#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {12330#true} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 95: Hoare triple {12330#true} assume 1 == ~handle; {12330#true} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 96: Hoare triple {12330#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {12330#true} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 97: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,865 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {12330#true} {12331#false} #1162#return; {12331#false} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 99: Hoare triple {12331#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {12331#false} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 100: Hoare triple {12331#false} assume !(0 != ~pubkey~0#1); {12331#false} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 101: Hoare triple {12331#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {12331#false} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 102: Hoare triple {12331#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {12331#false} is VALID [2022-02-20 18:02:31,865 INFO L290 TraceCheckUtils]: 103: Hoare triple {12331#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {12331#false} is VALID [2022-02-20 18:02:31,866 INFO L272 TraceCheckUtils]: 104: Hoare triple {12331#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {12412#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:31,866 INFO L290 TraceCheckUtils]: 105: Hoare triple {12412#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:31,866 INFO L290 TraceCheckUtils]: 106: Hoare triple {12330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:31,866 INFO L290 TraceCheckUtils]: 107: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,866 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {12330#true} {12331#false} #1168#return; {12331#false} is VALID [2022-02-20 18:02:31,866 INFO L290 TraceCheckUtils]: 109: Hoare triple {12331#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {12331#false} is VALID [2022-02-20 18:02:31,866 INFO L272 TraceCheckUtils]: 110: Hoare triple {12331#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {12330#true} is VALID [2022-02-20 18:02:31,866 INFO L290 TraceCheckUtils]: 111: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~34; {12330#true} is VALID [2022-02-20 18:02:31,866 INFO L290 TraceCheckUtils]: 112: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {12330#true} is VALID [2022-02-20 18:02:31,867 INFO L290 TraceCheckUtils]: 113: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,867 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {12330#true} {12331#false} #1170#return; {12331#false} is VALID [2022-02-20 18:02:31,867 INFO L290 TraceCheckUtils]: 115: Hoare triple {12331#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {12331#false} is VALID [2022-02-20 18:02:31,867 INFO L272 TraceCheckUtils]: 116: Hoare triple {12331#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {12330#true} is VALID [2022-02-20 18:02:31,867 INFO L290 TraceCheckUtils]: 117: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~18; {12330#true} is VALID [2022-02-20 18:02:31,867 INFO L290 TraceCheckUtils]: 118: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {12330#true} is VALID [2022-02-20 18:02:31,867 INFO L290 TraceCheckUtils]: 119: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,867 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {12330#true} {12331#false} #1172#return; {12331#false} is VALID [2022-02-20 18:02:31,867 INFO L290 TraceCheckUtils]: 121: Hoare triple {12331#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {12331#false} is VALID [2022-02-20 18:02:31,867 INFO L290 TraceCheckUtils]: 122: Hoare triple {12331#false} assume !(0 != incoming_~privkey~0#1); {12331#false} is VALID [2022-02-20 18:02:31,868 INFO L290 TraceCheckUtils]: 123: Hoare triple {12331#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {12331#false} is VALID [2022-02-20 18:02:31,868 INFO L272 TraceCheckUtils]: 124: Hoare triple {12331#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {12330#true} is VALID [2022-02-20 18:02:31,868 INFO L290 TraceCheckUtils]: 125: Hoare triple {12330#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {12330#true} is VALID [2022-02-20 18:02:31,868 INFO L272 TraceCheckUtils]: 126: Hoare triple {12330#true} call #t~ret105#1 := isEncrypted(~msg#1); {12330#true} is VALID [2022-02-20 18:02:31,868 INFO L290 TraceCheckUtils]: 127: Hoare triple {12330#true} ~handle := #in~handle;havoc ~retValue_acc~37; {12330#true} is VALID [2022-02-20 18:02:31,868 INFO L290 TraceCheckUtils]: 128: Hoare triple {12330#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {12330#true} is VALID [2022-02-20 18:02:31,868 INFO L290 TraceCheckUtils]: 129: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,868 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {12330#true} {12330#true} #1262#return; {12330#true} is VALID [2022-02-20 18:02:31,868 INFO L290 TraceCheckUtils]: 131: Hoare triple {12330#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {12330#true} is VALID [2022-02-20 18:02:31,868 INFO L290 TraceCheckUtils]: 132: Hoare triple {12330#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {12330#true} is VALID [2022-02-20 18:02:31,869 INFO L290 TraceCheckUtils]: 133: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:31,869 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {12330#true} {12331#false} #1184#return; {12331#false} is VALID [2022-02-20 18:02:31,869 INFO L290 TraceCheckUtils]: 135: Hoare triple {12331#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {12331#false} is VALID [2022-02-20 18:02:31,869 INFO L290 TraceCheckUtils]: 136: Hoare triple {12331#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {12331#false} is VALID [2022-02-20 18:02:31,869 INFO L290 TraceCheckUtils]: 137: Hoare triple {12331#false} assume !false; {12331#false} is VALID [2022-02-20 18:02:31,869 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:02:31,870 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:31,870 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [653793720] [2022-02-20 18:02:31,870 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [653793720] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:31,870 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1462807023] [2022-02-20 18:02:31,870 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:31,870 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:31,870 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:31,871 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:31,899 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:02:32,098 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:32,103 INFO L263 TraceCheckSpWp]: Trace formula consists of 1181 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:02:32,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:32,135 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:32,366 INFO L290 TraceCheckUtils]: 0: Hoare triple {12330#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {12330#true} is VALID [2022-02-20 18:02:32,366 INFO L290 TraceCheckUtils]: 1: Hoare triple {12330#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {12330#true} is VALID [2022-02-20 18:02:32,366 INFO L290 TraceCheckUtils]: 2: Hoare triple {12330#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12330#true} is VALID [2022-02-20 18:02:32,366 INFO L290 TraceCheckUtils]: 3: Hoare triple {12330#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {12330#true} is VALID [2022-02-20 18:02:32,366 INFO L290 TraceCheckUtils]: 4: Hoare triple {12330#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L290 TraceCheckUtils]: 5: Hoare triple {12330#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L272 TraceCheckUtils]: 6: Hoare triple {12330#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L290 TraceCheckUtils]: 7: Hoare triple {12330#true} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L290 TraceCheckUtils]: 8: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L290 TraceCheckUtils]: 9: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12330#true} {12330#true} #1212#return; {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L290 TraceCheckUtils]: 11: Hoare triple {12330#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L272 TraceCheckUtils]: 12: Hoare triple {12330#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L290 TraceCheckUtils]: 13: Hoare triple {12330#true} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:32,367 INFO L290 TraceCheckUtils]: 14: Hoare triple {12330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:32,368 INFO L290 TraceCheckUtils]: 15: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:32,368 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12330#true} {12330#true} #1214#return; {12330#true} is VALID [2022-02-20 18:02:32,368 INFO L290 TraceCheckUtils]: 17: Hoare triple {12330#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12472#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:32,368 INFO L272 TraceCheckUtils]: 18: Hoare triple {12472#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12330#true} is VALID [2022-02-20 18:02:32,368 INFO L290 TraceCheckUtils]: 19: Hoare triple {12330#true} ~handle := #in~handle;~value := #in~value; {12330#true} is VALID [2022-02-20 18:02:32,368 INFO L290 TraceCheckUtils]: 20: Hoare triple {12330#true} assume !(1 == ~handle); {12330#true} is VALID [2022-02-20 18:02:32,369 INFO L290 TraceCheckUtils]: 21: Hoare triple {12330#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12330#true} is VALID [2022-02-20 18:02:32,369 INFO L290 TraceCheckUtils]: 22: Hoare triple {12330#true} assume true; {12330#true} is VALID [2022-02-20 18:02:32,369 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12330#true} {12472#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1216#return; {12472#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:32,369 INFO L290 TraceCheckUtils]: 24: Hoare triple {12472#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {12472#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:32,369 INFO L272 TraceCheckUtils]: 25: Hoare triple {12472#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12330#true} is VALID [2022-02-20 18:02:32,370 INFO L290 TraceCheckUtils]: 26: Hoare triple {12330#true} ~handle := #in~handle;~value := #in~value; {12500#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:02:32,370 INFO L290 TraceCheckUtils]: 27: Hoare triple {12500#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12504#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:32,370 INFO L290 TraceCheckUtils]: 28: Hoare triple {12504#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {12504#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:32,371 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12504#(<= |setClientPrivateKey_#in~handle| 1)} {12472#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1218#return; {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L290 TraceCheckUtils]: 30: Hoare triple {12331#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L272 TraceCheckUtils]: 31: Hoare triple {12331#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L290 TraceCheckUtils]: 32: Hoare triple {12331#false} ~handle := #in~handle;~value := #in~value; {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L290 TraceCheckUtils]: 33: Hoare triple {12331#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L290 TraceCheckUtils]: 34: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12331#false} {12331#false} #1220#return; {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L290 TraceCheckUtils]: 36: Hoare triple {12331#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L272 TraceCheckUtils]: 37: Hoare triple {12331#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12331#false} is VALID [2022-02-20 18:02:32,372 INFO L290 TraceCheckUtils]: 38: Hoare triple {12331#false} ~handle := #in~handle;~value := #in~value; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L290 TraceCheckUtils]: 39: Hoare triple {12331#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L290 TraceCheckUtils]: 40: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12331#false} {12331#false} #1222#return; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L290 TraceCheckUtils]: 42: Hoare triple {12331#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L290 TraceCheckUtils]: 43: Hoare triple {12331#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L290 TraceCheckUtils]: 44: Hoare triple {12331#false} assume !false; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L290 TraceCheckUtils]: 45: Hoare triple {12331#false} assume test_~splverifierCounter~0#1 < 4; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L290 TraceCheckUtils]: 46: Hoare triple {12331#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12331#false} is VALID [2022-02-20 18:02:32,373 INFO L290 TraceCheckUtils]: 47: Hoare triple {12331#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L290 TraceCheckUtils]: 48: Hoare triple {12331#false} assume !(0 != test_~tmp___9~0#1); {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L290 TraceCheckUtils]: 49: Hoare triple {12331#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L290 TraceCheckUtils]: 50: Hoare triple {12331#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L290 TraceCheckUtils]: 51: Hoare triple {12331#false} assume !false; {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L290 TraceCheckUtils]: 52: Hoare triple {12331#false} assume !(test_~splverifierCounter~0#1 < 4); {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L290 TraceCheckUtils]: 53: Hoare triple {12331#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L272 TraceCheckUtils]: 54: Hoare triple {12331#false} call sendEmail(~bob~0, ~rjh~0); {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L290 TraceCheckUtils]: 55: Hoare triple {12331#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L272 TraceCheckUtils]: 56: Hoare triple {12331#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12331#false} is VALID [2022-02-20 18:02:32,374 INFO L290 TraceCheckUtils]: 57: Hoare triple {12331#false} ~handle := #in~handle;~value := #in~value; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L290 TraceCheckUtils]: 58: Hoare triple {12331#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L290 TraceCheckUtils]: 59: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {12331#false} {12331#false} #1198#return; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L272 TraceCheckUtils]: 61: Hoare triple {12331#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L290 TraceCheckUtils]: 62: Hoare triple {12331#false} ~handle := #in~handle;~value := #in~value; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L290 TraceCheckUtils]: 63: Hoare triple {12331#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L290 TraceCheckUtils]: 64: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {12331#false} {12331#false} #1200#return; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L290 TraceCheckUtils]: 66: Hoare triple {12331#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {12331#false} is VALID [2022-02-20 18:02:32,375 INFO L290 TraceCheckUtils]: 67: Hoare triple {12331#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L272 TraceCheckUtils]: 68: Hoare triple {12331#false} call outgoing(~sender#1, ~email~0#1); {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L290 TraceCheckUtils]: 69: Hoare triple {12331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L272 TraceCheckUtils]: 70: Hoare triple {12331#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L290 TraceCheckUtils]: 71: Hoare triple {12331#false} ~handle := #in~handle;havoc ~retValue_acc~18; {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L290 TraceCheckUtils]: 72: Hoare triple {12331#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L290 TraceCheckUtils]: 73: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12331#false} {12331#false} #1140#return; {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L290 TraceCheckUtils]: 75: Hoare triple {12331#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {12331#false} is VALID [2022-02-20 18:02:32,376 INFO L290 TraceCheckUtils]: 76: Hoare triple {12331#false} assume 0 == sign_~privkey~1#1; {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L290 TraceCheckUtils]: 77: Hoare triple {12331#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L272 TraceCheckUtils]: 78: Hoare triple {12331#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L290 TraceCheckUtils]: 79: Hoare triple {12331#false} ~handle := #in~handle;havoc ~retValue_acc~12; {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L290 TraceCheckUtils]: 80: Hoare triple {12331#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L290 TraceCheckUtils]: 81: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {12331#false} {12331#false} #1142#return; {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L290 TraceCheckUtils]: 83: Hoare triple {12331#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L290 TraceCheckUtils]: 84: Hoare triple {12331#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L272 TraceCheckUtils]: 85: Hoare triple {12331#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {12331#false} is VALID [2022-02-20 18:02:32,377 INFO L290 TraceCheckUtils]: 86: Hoare triple {12331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L272 TraceCheckUtils]: 87: Hoare triple {12331#false} call #t~ret62#1 := getEmailTo(~msg#1); {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L290 TraceCheckUtils]: 88: Hoare triple {12331#false} ~handle := #in~handle;havoc ~retValue_acc~34; {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L290 TraceCheckUtils]: 89: Hoare triple {12331#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L290 TraceCheckUtils]: 90: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {12331#false} {12331#false} #1160#return; {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L290 TraceCheckUtils]: 92: Hoare triple {12331#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L272 TraceCheckUtils]: 93: Hoare triple {12331#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L290 TraceCheckUtils]: 94: Hoare triple {12331#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L290 TraceCheckUtils]: 95: Hoare triple {12331#false} assume 1 == ~handle; {12331#false} is VALID [2022-02-20 18:02:32,378 INFO L290 TraceCheckUtils]: 96: Hoare triple {12331#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L290 TraceCheckUtils]: 97: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {12331#false} {12331#false} #1162#return; {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L290 TraceCheckUtils]: 99: Hoare triple {12331#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L290 TraceCheckUtils]: 100: Hoare triple {12331#false} assume !(0 != ~pubkey~0#1); {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L290 TraceCheckUtils]: 101: Hoare triple {12331#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L290 TraceCheckUtils]: 102: Hoare triple {12331#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L290 TraceCheckUtils]: 103: Hoare triple {12331#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L272 TraceCheckUtils]: 104: Hoare triple {12331#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {12331#false} is VALID [2022-02-20 18:02:32,379 INFO L290 TraceCheckUtils]: 105: Hoare triple {12331#false} ~handle := #in~handle;~value := #in~value; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L290 TraceCheckUtils]: 106: Hoare triple {12331#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L290 TraceCheckUtils]: 107: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {12331#false} {12331#false} #1168#return; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L290 TraceCheckUtils]: 109: Hoare triple {12331#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L272 TraceCheckUtils]: 110: Hoare triple {12331#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L290 TraceCheckUtils]: 111: Hoare triple {12331#false} ~handle := #in~handle;havoc ~retValue_acc~34; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L290 TraceCheckUtils]: 112: Hoare triple {12331#false} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L290 TraceCheckUtils]: 113: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {12331#false} {12331#false} #1170#return; {12331#false} is VALID [2022-02-20 18:02:32,380 INFO L290 TraceCheckUtils]: 115: Hoare triple {12331#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L272 TraceCheckUtils]: 116: Hoare triple {12331#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L290 TraceCheckUtils]: 117: Hoare triple {12331#false} ~handle := #in~handle;havoc ~retValue_acc~18; {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L290 TraceCheckUtils]: 118: Hoare triple {12331#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L290 TraceCheckUtils]: 119: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {12331#false} {12331#false} #1172#return; {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L290 TraceCheckUtils]: 121: Hoare triple {12331#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L290 TraceCheckUtils]: 122: Hoare triple {12331#false} assume !(0 != incoming_~privkey~0#1); {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L290 TraceCheckUtils]: 123: Hoare triple {12331#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {12331#false} is VALID [2022-02-20 18:02:32,381 INFO L272 TraceCheckUtils]: 124: Hoare triple {12331#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L290 TraceCheckUtils]: 125: Hoare triple {12331#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L272 TraceCheckUtils]: 126: Hoare triple {12331#false} call #t~ret105#1 := isEncrypted(~msg#1); {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L290 TraceCheckUtils]: 127: Hoare triple {12331#false} ~handle := #in~handle;havoc ~retValue_acc~37; {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L290 TraceCheckUtils]: 128: Hoare triple {12331#false} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L290 TraceCheckUtils]: 129: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {12331#false} {12331#false} #1262#return; {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L290 TraceCheckUtils]: 131: Hoare triple {12331#false} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L290 TraceCheckUtils]: 132: Hoare triple {12331#false} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L290 TraceCheckUtils]: 133: Hoare triple {12331#false} assume true; {12331#false} is VALID [2022-02-20 18:02:32,382 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {12331#false} {12331#false} #1184#return; {12331#false} is VALID [2022-02-20 18:02:32,383 INFO L290 TraceCheckUtils]: 135: Hoare triple {12331#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {12331#false} is VALID [2022-02-20 18:02:32,383 INFO L290 TraceCheckUtils]: 136: Hoare triple {12331#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {12331#false} is VALID [2022-02-20 18:02:32,383 INFO L290 TraceCheckUtils]: 137: Hoare triple {12331#false} assume !false; {12331#false} is VALID [2022-02-20 18:02:32,383 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 19 trivial. 0 not checked. [2022-02-20 18:02:32,383 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:32,383 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1462807023] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:32,384 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:32,384 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:02:32,384 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1295159467] [2022-02-20 18:02:32,384 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:32,384 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) Word has length 138 [2022-02-20 18:02:32,385 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:32,385 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:32,455 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 126 edges. 126 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:32,456 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:32,456 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:32,456 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:32,457 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:02:32,457 INFO L87 Difference]: Start difference. First operand 464 states and 713 transitions. Second operand has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:33,543 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:33,543 INFO L93 Difference]: Finished difference Result 917 states and 1415 transitions. [2022-02-20 18:02:33,543 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:02:33,543 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) Word has length 138 [2022-02-20 18:02:33,544 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:33,544 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:33,552 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1187 transitions. [2022-02-20 18:02:33,553 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:33,561 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1187 transitions. [2022-02-20 18:02:33,561 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1187 transitions. [2022-02-20 18:02:34,294 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1187 edges. 1187 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:34,306 INFO L225 Difference]: With dead ends: 917 [2022-02-20 18:02:34,306 INFO L226 Difference]: Without dead ends: 466 [2022-02-20 18:02:34,307 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 178 GetRequests, 164 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:02:34,307 INFO L933 BasicCegarLoop]: 588 mSDtfsCounter, 143 mSDsluCounter, 1595 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 166 SdHoareTripleChecker+Valid, 2183 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:34,308 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [166 Valid, 2183 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:34,308 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 466 states. [2022-02-20 18:02:34,435 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 466 to 466. [2022-02-20 18:02:34,435 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:34,436 INFO L82 GeneralOperation]: Start isEquivalent. First operand 466 states. Second operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:02:34,437 INFO L74 IsIncluded]: Start isIncluded. First operand 466 states. Second operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:02:34,438 INFO L87 Difference]: Start difference. First operand 466 states. Second operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:02:34,450 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:34,450 INFO L93 Difference]: Finished difference Result 466 states and 719 transitions. [2022-02-20 18:02:34,450 INFO L276 IsEmpty]: Start isEmpty. Operand 466 states and 719 transitions. [2022-02-20 18:02:34,451 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:34,451 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:34,452 INFO L74 IsIncluded]: Start isIncluded. First operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 466 states. [2022-02-20 18:02:34,453 INFO L87 Difference]: Start difference. First operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 466 states. [2022-02-20 18:02:34,464 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:34,465 INFO L93 Difference]: Finished difference Result 466 states and 719 transitions. [2022-02-20 18:02:34,465 INFO L276 IsEmpty]: Start isEmpty. Operand 466 states and 719 transitions. [2022-02-20 18:02:34,466 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:34,466 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:34,466 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:34,466 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:34,467 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:02:34,480 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 466 states to 466 states and 719 transitions. [2022-02-20 18:02:34,481 INFO L78 Accepts]: Start accepts. Automaton has 466 states and 719 transitions. Word has length 138 [2022-02-20 18:02:34,481 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:34,482 INFO L470 AbstractCegarLoop]: Abstraction has 466 states and 719 transitions. [2022-02-20 18:02:34,482 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:34,482 INFO L276 IsEmpty]: Start isEmpty. Operand 466 states and 719 transitions. [2022-02-20 18:02:34,485 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 140 [2022-02-20 18:02:34,485 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:34,485 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:34,503 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Ended with exit code 0 [2022-02-20 18:02:34,703 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:34,704 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:34,704 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:34,704 INFO L85 PathProgramCache]: Analyzing trace with hash -600290276, now seen corresponding path program 1 times [2022-02-20 18:02:34,704 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:34,704 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [891276313] [2022-02-20 18:02:34,704 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:34,705 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:34,737 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,763 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:34,765 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,767 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15669#true} #1212#return; {15669#true} is VALID [2022-02-20 18:02:34,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:34,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,775 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,776 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15669#true} #1214#return; {15669#true} is VALID [2022-02-20 18:02:34,776 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:34,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,782 INFO L290 TraceCheckUtils]: 0: Hoare triple {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,782 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume !(1 == ~handle); {15669#true} is VALID [2022-02-20 18:02:34,782 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,782 INFO L290 TraceCheckUtils]: 3: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,782 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15669#true} {15669#true} #1216#return; {15669#true} is VALID [2022-02-20 18:02:34,782 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:34,785 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,787 INFO L290 TraceCheckUtils]: 0: Hoare triple {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,787 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume !(1 == ~handle); {15669#true} is VALID [2022-02-20 18:02:34,787 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,787 INFO L290 TraceCheckUtils]: 3: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,787 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15669#true} {15669#true} #1218#return; {15669#true} is VALID [2022-02-20 18:02:34,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:34,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,799 INFO L290 TraceCheckUtils]: 0: Hoare triple {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15747#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {15747#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15748#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:34,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {15748#(= |setClientId_#in~handle| 1)} assume true; {15748#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:34,800 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15748#(= |setClientId_#in~handle| 1)} {15689#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {15670#false} is VALID [2022-02-20 18:02:34,800 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:34,802 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,804 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,804 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1222#return; {15670#false} is VALID [2022-02-20 18:02:34,809 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:02:34,810 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,811 INFO L290 TraceCheckUtils]: 0: Hoare triple {15749#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,811 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,811 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,812 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1198#return; {15670#false} is VALID [2022-02-20 18:02:34,829 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:02:34,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,832 INFO L290 TraceCheckUtils]: 0: Hoare triple {15750#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,832 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,832 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,832 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1200#return; {15670#false} is VALID [2022-02-20 18:02:34,832 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:02:34,833 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~18; {15669#true} is VALID [2022-02-20 18:02:34,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {15669#true} is VALID [2022-02-20 18:02:34,835 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,835 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1140#return; {15670#false} is VALID [2022-02-20 18:02:34,835 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:02:34,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,838 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~12; {15669#true} is VALID [2022-02-20 18:02:34,838 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {15669#true} is VALID [2022-02-20 18:02:34,838 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,838 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1142#return; {15670#false} is VALID [2022-02-20 18:02:34,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:02:34,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~34; {15669#true} is VALID [2022-02-20 18:02:34,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {15669#true} is VALID [2022-02-20 18:02:34,840 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,841 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1160#return; {15670#false} is VALID [2022-02-20 18:02:34,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:02:34,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {15669#true} is VALID [2022-02-20 18:02:34,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle; {15669#true} is VALID [2022-02-20 18:02:34,843 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {15669#true} is VALID [2022-02-20 18:02:34,844 INFO L290 TraceCheckUtils]: 3: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,844 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15669#true} {15670#false} #1162#return; {15670#false} is VALID [2022-02-20 18:02:34,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:02:34,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,846 INFO L290 TraceCheckUtils]: 0: Hoare triple {15749#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,846 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,846 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,846 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1168#return; {15670#false} is VALID [2022-02-20 18:02:34,847 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:02:34,847 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~34; {15669#true} is VALID [2022-02-20 18:02:34,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {15669#true} is VALID [2022-02-20 18:02:34,851 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,851 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1170#return; {15670#false} is VALID [2022-02-20 18:02:34,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:02:34,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~18; {15669#true} is VALID [2022-02-20 18:02:34,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {15669#true} is VALID [2022-02-20 18:02:34,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,854 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15670#false} #1172#return; {15670#false} is VALID [2022-02-20 18:02:34,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 18:02:34,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,860 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:34,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:34,863 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~37; {15669#true} is VALID [2022-02-20 18:02:34,863 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {15669#true} is VALID [2022-02-20 18:02:34,863 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,863 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15669#true} {15669#true} #1262#return; {15669#true} is VALID [2022-02-20 18:02:34,863 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {15669#true} is VALID [2022-02-20 18:02:34,863 INFO L272 TraceCheckUtils]: 1: Hoare triple {15669#true} call #t~ret105#1 := isEncrypted(~msg#1); {15669#true} is VALID [2022-02-20 18:02:34,864 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~37; {15669#true} is VALID [2022-02-20 18:02:34,864 INFO L290 TraceCheckUtils]: 3: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {15669#true} is VALID [2022-02-20 18:02:34,864 INFO L290 TraceCheckUtils]: 4: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,864 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {15669#true} {15669#true} #1262#return; {15669#true} is VALID [2022-02-20 18:02:34,864 INFO L290 TraceCheckUtils]: 6: Hoare triple {15669#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {15669#true} is VALID [2022-02-20 18:02:34,864 INFO L290 TraceCheckUtils]: 7: Hoare triple {15669#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {15669#true} is VALID [2022-02-20 18:02:34,864 INFO L290 TraceCheckUtils]: 8: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,864 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {15669#true} {15670#false} #1184#return; {15670#false} is VALID [2022-02-20 18:02:34,864 INFO L290 TraceCheckUtils]: 0: Hoare triple {15669#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {15669#true} is VALID [2022-02-20 18:02:34,865 INFO L290 TraceCheckUtils]: 1: Hoare triple {15669#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {15669#true} is VALID [2022-02-20 18:02:34,865 INFO L290 TraceCheckUtils]: 2: Hoare triple {15669#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15669#true} is VALID [2022-02-20 18:02:34,865 INFO L290 TraceCheckUtils]: 3: Hoare triple {15669#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {15669#true} is VALID [2022-02-20 18:02:34,865 INFO L290 TraceCheckUtils]: 4: Hoare triple {15669#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {15669#true} is VALID [2022-02-20 18:02:34,865 INFO L290 TraceCheckUtils]: 5: Hoare triple {15669#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15669#true} is VALID [2022-02-20 18:02:34,866 INFO L272 TraceCheckUtils]: 6: Hoare triple {15669#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:34,866 INFO L290 TraceCheckUtils]: 7: Hoare triple {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,866 INFO L290 TraceCheckUtils]: 8: Hoare triple {15669#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,866 INFO L290 TraceCheckUtils]: 9: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,866 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15669#true} {15669#true} #1212#return; {15669#true} is VALID [2022-02-20 18:02:34,866 INFO L290 TraceCheckUtils]: 11: Hoare triple {15669#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15669#true} is VALID [2022-02-20 18:02:34,867 INFO L272 TraceCheckUtils]: 12: Hoare triple {15669#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:34,867 INFO L290 TraceCheckUtils]: 13: Hoare triple {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,867 INFO L290 TraceCheckUtils]: 14: Hoare triple {15669#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,867 INFO L290 TraceCheckUtils]: 15: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,867 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15669#true} {15669#true} #1214#return; {15669#true} is VALID [2022-02-20 18:02:34,867 INFO L290 TraceCheckUtils]: 17: Hoare triple {15669#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15669#true} is VALID [2022-02-20 18:02:34,868 INFO L272 TraceCheckUtils]: 18: Hoare triple {15669#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:34,868 INFO L290 TraceCheckUtils]: 19: Hoare triple {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,868 INFO L290 TraceCheckUtils]: 20: Hoare triple {15669#true} assume !(1 == ~handle); {15669#true} is VALID [2022-02-20 18:02:34,868 INFO L290 TraceCheckUtils]: 21: Hoare triple {15669#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,868 INFO L290 TraceCheckUtils]: 22: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,868 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15669#true} {15669#true} #1216#return; {15669#true} is VALID [2022-02-20 18:02:34,868 INFO L290 TraceCheckUtils]: 24: Hoare triple {15669#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15669#true} is VALID [2022-02-20 18:02:34,869 INFO L272 TraceCheckUtils]: 25: Hoare triple {15669#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:34,869 INFO L290 TraceCheckUtils]: 26: Hoare triple {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,869 INFO L290 TraceCheckUtils]: 27: Hoare triple {15669#true} assume !(1 == ~handle); {15669#true} is VALID [2022-02-20 18:02:34,869 INFO L290 TraceCheckUtils]: 28: Hoare triple {15669#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,869 INFO L290 TraceCheckUtils]: 29: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,869 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15669#true} {15669#true} #1218#return; {15669#true} is VALID [2022-02-20 18:02:34,870 INFO L290 TraceCheckUtils]: 31: Hoare triple {15669#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15689#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:34,870 INFO L272 TraceCheckUtils]: 32: Hoare triple {15689#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:34,870 INFO L290 TraceCheckUtils]: 33: Hoare triple {15745#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15747#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:34,871 INFO L290 TraceCheckUtils]: 34: Hoare triple {15747#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15748#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:34,871 INFO L290 TraceCheckUtils]: 35: Hoare triple {15748#(= |setClientId_#in~handle| 1)} assume true; {15748#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:34,871 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {15748#(= |setClientId_#in~handle| 1)} {15689#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {15670#false} is VALID [2022-02-20 18:02:34,872 INFO L290 TraceCheckUtils]: 37: Hoare triple {15670#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15670#false} is VALID [2022-02-20 18:02:34,872 INFO L272 TraceCheckUtils]: 38: Hoare triple {15670#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:34,872 INFO L290 TraceCheckUtils]: 39: Hoare triple {15746#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,872 INFO L290 TraceCheckUtils]: 40: Hoare triple {15669#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,872 INFO L290 TraceCheckUtils]: 41: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,872 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {15669#true} {15670#false} #1222#return; {15670#false} is VALID [2022-02-20 18:02:34,872 INFO L290 TraceCheckUtils]: 43: Hoare triple {15670#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {15670#false} is VALID [2022-02-20 18:02:34,872 INFO L290 TraceCheckUtils]: 44: Hoare triple {15670#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15670#false} is VALID [2022-02-20 18:02:34,872 INFO L290 TraceCheckUtils]: 45: Hoare triple {15670#false} assume !false; {15670#false} is VALID [2022-02-20 18:02:34,872 INFO L290 TraceCheckUtils]: 46: Hoare triple {15670#false} assume test_~splverifierCounter~0#1 < 4; {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 47: Hoare triple {15670#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 48: Hoare triple {15670#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 49: Hoare triple {15670#false} assume !(0 != test_~tmp___9~0#1); {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 50: Hoare triple {15670#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 51: Hoare triple {15670#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 52: Hoare triple {15670#false} assume !false; {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 53: Hoare triple {15670#false} assume !(test_~splverifierCounter~0#1 < 4); {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 54: Hoare triple {15670#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L272 TraceCheckUtils]: 55: Hoare triple {15670#false} call sendEmail(~bob~0, ~rjh~0); {15670#false} is VALID [2022-02-20 18:02:34,873 INFO L290 TraceCheckUtils]: 56: Hoare triple {15670#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15670#false} is VALID [2022-02-20 18:02:34,874 INFO L272 TraceCheckUtils]: 57: Hoare triple {15670#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15749#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:34,874 INFO L290 TraceCheckUtils]: 58: Hoare triple {15749#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,874 INFO L290 TraceCheckUtils]: 59: Hoare triple {15669#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,874 INFO L290 TraceCheckUtils]: 60: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,874 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {15669#true} {15670#false} #1198#return; {15670#false} is VALID [2022-02-20 18:02:34,874 INFO L272 TraceCheckUtils]: 62: Hoare triple {15670#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {15750#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:34,874 INFO L290 TraceCheckUtils]: 63: Hoare triple {15750#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,874 INFO L290 TraceCheckUtils]: 64: Hoare triple {15669#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,874 INFO L290 TraceCheckUtils]: 65: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,875 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {15669#true} {15670#false} #1200#return; {15670#false} is VALID [2022-02-20 18:02:34,875 INFO L290 TraceCheckUtils]: 67: Hoare triple {15670#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {15670#false} is VALID [2022-02-20 18:02:34,875 INFO L290 TraceCheckUtils]: 68: Hoare triple {15670#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {15670#false} is VALID [2022-02-20 18:02:34,875 INFO L272 TraceCheckUtils]: 69: Hoare triple {15670#false} call outgoing(~sender#1, ~email~0#1); {15670#false} is VALID [2022-02-20 18:02:34,875 INFO L290 TraceCheckUtils]: 70: Hoare triple {15670#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {15670#false} is VALID [2022-02-20 18:02:34,875 INFO L272 TraceCheckUtils]: 71: Hoare triple {15670#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {15669#true} is VALID [2022-02-20 18:02:34,875 INFO L290 TraceCheckUtils]: 72: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~18; {15669#true} is VALID [2022-02-20 18:02:34,875 INFO L290 TraceCheckUtils]: 73: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {15669#true} is VALID [2022-02-20 18:02:34,875 INFO L290 TraceCheckUtils]: 74: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,875 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {15669#true} {15670#false} #1140#return; {15670#false} is VALID [2022-02-20 18:02:34,876 INFO L290 TraceCheckUtils]: 76: Hoare triple {15670#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {15670#false} is VALID [2022-02-20 18:02:34,876 INFO L290 TraceCheckUtils]: 77: Hoare triple {15670#false} assume 0 == sign_~privkey~1#1; {15670#false} is VALID [2022-02-20 18:02:34,876 INFO L290 TraceCheckUtils]: 78: Hoare triple {15670#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {15670#false} is VALID [2022-02-20 18:02:34,876 INFO L272 TraceCheckUtils]: 79: Hoare triple {15670#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {15669#true} is VALID [2022-02-20 18:02:34,876 INFO L290 TraceCheckUtils]: 80: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~12; {15669#true} is VALID [2022-02-20 18:02:34,876 INFO L290 TraceCheckUtils]: 81: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {15669#true} is VALID [2022-02-20 18:02:34,876 INFO L290 TraceCheckUtils]: 82: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,876 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {15669#true} {15670#false} #1142#return; {15670#false} is VALID [2022-02-20 18:02:34,876 INFO L290 TraceCheckUtils]: 84: Hoare triple {15670#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {15670#false} is VALID [2022-02-20 18:02:34,876 INFO L290 TraceCheckUtils]: 85: Hoare triple {15670#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {15670#false} is VALID [2022-02-20 18:02:34,877 INFO L272 TraceCheckUtils]: 86: Hoare triple {15670#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {15670#false} is VALID [2022-02-20 18:02:34,877 INFO L290 TraceCheckUtils]: 87: Hoare triple {15670#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {15670#false} is VALID [2022-02-20 18:02:34,877 INFO L272 TraceCheckUtils]: 88: Hoare triple {15670#false} call #t~ret62#1 := getEmailTo(~msg#1); {15669#true} is VALID [2022-02-20 18:02:34,877 INFO L290 TraceCheckUtils]: 89: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~34; {15669#true} is VALID [2022-02-20 18:02:34,877 INFO L290 TraceCheckUtils]: 90: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {15669#true} is VALID [2022-02-20 18:02:34,877 INFO L290 TraceCheckUtils]: 91: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,877 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {15669#true} {15670#false} #1160#return; {15670#false} is VALID [2022-02-20 18:02:34,877 INFO L290 TraceCheckUtils]: 93: Hoare triple {15670#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {15670#false} is VALID [2022-02-20 18:02:34,877 INFO L272 TraceCheckUtils]: 94: Hoare triple {15670#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {15669#true} is VALID [2022-02-20 18:02:34,877 INFO L290 TraceCheckUtils]: 95: Hoare triple {15669#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {15669#true} is VALID [2022-02-20 18:02:34,878 INFO L290 TraceCheckUtils]: 96: Hoare triple {15669#true} assume 1 == ~handle; {15669#true} is VALID [2022-02-20 18:02:34,878 INFO L290 TraceCheckUtils]: 97: Hoare triple {15669#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {15669#true} is VALID [2022-02-20 18:02:34,878 INFO L290 TraceCheckUtils]: 98: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,878 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {15669#true} {15670#false} #1162#return; {15670#false} is VALID [2022-02-20 18:02:34,878 INFO L290 TraceCheckUtils]: 100: Hoare triple {15670#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {15670#false} is VALID [2022-02-20 18:02:34,878 INFO L290 TraceCheckUtils]: 101: Hoare triple {15670#false} assume !(0 != ~pubkey~0#1); {15670#false} is VALID [2022-02-20 18:02:34,878 INFO L290 TraceCheckUtils]: 102: Hoare triple {15670#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {15670#false} is VALID [2022-02-20 18:02:34,878 INFO L290 TraceCheckUtils]: 103: Hoare triple {15670#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {15670#false} is VALID [2022-02-20 18:02:34,878 INFO L290 TraceCheckUtils]: 104: Hoare triple {15670#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {15670#false} is VALID [2022-02-20 18:02:34,878 INFO L272 TraceCheckUtils]: 105: Hoare triple {15670#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {15749#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:34,879 INFO L290 TraceCheckUtils]: 106: Hoare triple {15749#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15669#true} is VALID [2022-02-20 18:02:34,879 INFO L290 TraceCheckUtils]: 107: Hoare triple {15669#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15669#true} is VALID [2022-02-20 18:02:34,879 INFO L290 TraceCheckUtils]: 108: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,879 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {15669#true} {15670#false} #1168#return; {15670#false} is VALID [2022-02-20 18:02:34,879 INFO L290 TraceCheckUtils]: 110: Hoare triple {15670#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {15670#false} is VALID [2022-02-20 18:02:34,879 INFO L272 TraceCheckUtils]: 111: Hoare triple {15670#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {15669#true} is VALID [2022-02-20 18:02:34,879 INFO L290 TraceCheckUtils]: 112: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~34; {15669#true} is VALID [2022-02-20 18:02:34,879 INFO L290 TraceCheckUtils]: 113: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {15669#true} is VALID [2022-02-20 18:02:34,879 INFO L290 TraceCheckUtils]: 114: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,879 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {15669#true} {15670#false} #1170#return; {15670#false} is VALID [2022-02-20 18:02:34,880 INFO L290 TraceCheckUtils]: 116: Hoare triple {15670#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {15670#false} is VALID [2022-02-20 18:02:34,880 INFO L272 TraceCheckUtils]: 117: Hoare triple {15670#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {15669#true} is VALID [2022-02-20 18:02:34,880 INFO L290 TraceCheckUtils]: 118: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~18; {15669#true} is VALID [2022-02-20 18:02:34,880 INFO L290 TraceCheckUtils]: 119: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {15669#true} is VALID [2022-02-20 18:02:34,880 INFO L290 TraceCheckUtils]: 120: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,880 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {15669#true} {15670#false} #1172#return; {15670#false} is VALID [2022-02-20 18:02:34,880 INFO L290 TraceCheckUtils]: 122: Hoare triple {15670#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {15670#false} is VALID [2022-02-20 18:02:34,880 INFO L290 TraceCheckUtils]: 123: Hoare triple {15670#false} assume !(0 != incoming_~privkey~0#1); {15670#false} is VALID [2022-02-20 18:02:34,880 INFO L290 TraceCheckUtils]: 124: Hoare triple {15670#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {15670#false} is VALID [2022-02-20 18:02:34,881 INFO L272 TraceCheckUtils]: 125: Hoare triple {15670#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L290 TraceCheckUtils]: 126: Hoare triple {15669#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L272 TraceCheckUtils]: 127: Hoare triple {15669#true} call #t~ret105#1 := isEncrypted(~msg#1); {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L290 TraceCheckUtils]: 128: Hoare triple {15669#true} ~handle := #in~handle;havoc ~retValue_acc~37; {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L290 TraceCheckUtils]: 129: Hoare triple {15669#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L290 TraceCheckUtils]: 130: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {15669#true} {15669#true} #1262#return; {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L290 TraceCheckUtils]: 132: Hoare triple {15669#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L290 TraceCheckUtils]: 133: Hoare triple {15669#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {15669#true} is VALID [2022-02-20 18:02:34,881 INFO L290 TraceCheckUtils]: 134: Hoare triple {15669#true} assume true; {15669#true} is VALID [2022-02-20 18:02:34,882 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {15669#true} {15670#false} #1184#return; {15670#false} is VALID [2022-02-20 18:02:34,882 INFO L290 TraceCheckUtils]: 136: Hoare triple {15670#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {15670#false} is VALID [2022-02-20 18:02:34,882 INFO L290 TraceCheckUtils]: 137: Hoare triple {15670#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {15670#false} is VALID [2022-02-20 18:02:34,882 INFO L290 TraceCheckUtils]: 138: Hoare triple {15670#false} assume !false; {15670#false} is VALID [2022-02-20 18:02:34,882 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:02:34,882 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:34,882 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [891276313] [2022-02-20 18:02:34,883 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [891276313] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:34,883 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:34,883 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:34,883 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1838778450] [2022-02-20 18:02:34,883 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:34,884 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 139 [2022-02-20 18:02:34,884 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:34,884 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:34,951 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 122 edges. 122 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:34,952 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:34,952 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:34,952 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:34,953 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:34,953 INFO L87 Difference]: Start difference. First operand 466 states and 719 transitions. Second operand has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:41,627 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:41,627 INFO L93 Difference]: Finished difference Result 1008 states and 1574 transitions. [2022-02-20 18:02:41,627 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:02:41,628 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 139 [2022-02-20 18:02:41,628 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:41,628 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:41,638 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1338 transitions. [2022-02-20 18:02:41,638 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:41,648 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1338 transitions. [2022-02-20 18:02:41,648 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1338 transitions. [2022-02-20 18:02:42,723 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1338 edges. 1338 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:42,739 INFO L225 Difference]: With dead ends: 1008 [2022-02-20 18:02:42,739 INFO L226 Difference]: Without dead ends: 565 [2022-02-20 18:02:42,741 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:42,741 INFO L933 BasicCegarLoop]: 610 mSDtfsCounter, 1529 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 1968 mSolverCounterSat, 537 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1551 SdHoareTripleChecker+Valid, 1548 SdHoareTripleChecker+Invalid, 2505 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 537 IncrementalHoareTripleChecker+Valid, 1968 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:42,741 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1551 Valid, 1548 Invalid, 2505 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [537 Valid, 1968 Invalid, 0 Unknown, 0 Unchecked, 2.9s Time] [2022-02-20 18:02:42,742 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 565 states. [2022-02-20 18:02:42,829 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 565 to 466. [2022-02-20 18:02:42,830 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:42,831 INFO L82 GeneralOperation]: Start isEquivalent. First operand 565 states. Second operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:02:42,832 INFO L74 IsIncluded]: Start isIncluded. First operand 565 states. Second operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:02:42,832 INFO L87 Difference]: Start difference. First operand 565 states. Second operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:02:42,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:42,849 INFO L93 Difference]: Finished difference Result 565 states and 886 transitions. [2022-02-20 18:02:42,849 INFO L276 IsEmpty]: Start isEmpty. Operand 565 states and 886 transitions. [2022-02-20 18:02:42,852 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:42,852 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:42,853 INFO L74 IsIncluded]: Start isIncluded. First operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) Second operand 565 states. [2022-02-20 18:02:42,854 INFO L87 Difference]: Start difference. First operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) Second operand 565 states. [2022-02-20 18:02:42,870 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:42,871 INFO L93 Difference]: Finished difference Result 565 states and 886 transitions. [2022-02-20 18:02:42,871 INFO L276 IsEmpty]: Start isEmpty. Operand 565 states and 886 transitions. [2022-02-20 18:02:42,873 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:42,874 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:42,874 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:42,874 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:42,875 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 466 states, 359 states have (on average 1.5626740947075208) internal successors, (561), 365 states have internal predecessors, (561), 76 states have call successors, (76), 28 states have call predecessors, (76), 30 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:02:42,888 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 466 states to 466 states and 718 transitions. [2022-02-20 18:02:42,889 INFO L78 Accepts]: Start accepts. Automaton has 466 states and 718 transitions. Word has length 139 [2022-02-20 18:02:42,889 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:42,889 INFO L470 AbstractCegarLoop]: Abstraction has 466 states and 718 transitions. [2022-02-20 18:02:42,890 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:42,890 INFO L276 IsEmpty]: Start isEmpty. Operand 466 states and 718 transitions. [2022-02-20 18:02:42,892 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 141 [2022-02-20 18:02:42,892 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:42,892 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:42,893 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:02:42,893 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:42,893 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:42,893 INFO L85 PathProgramCache]: Analyzing trace with hash -1989729251, now seen corresponding path program 2 times [2022-02-20 18:02:42,893 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:42,893 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [45132201] [2022-02-20 18:02:42,894 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:42,894 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:42,927 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:42,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:42,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:42,954 INFO L290 TraceCheckUtils]: 0: Hoare triple {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:42,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:42,954 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:42,954 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18941#true} #1212#return; {18941#true} is VALID [2022-02-20 18:02:42,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:42,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:42,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:42,962 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:42,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:42,962 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18941#true} #1214#return; {18941#true} is VALID [2022-02-20 18:02:42,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:42,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:42,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:42,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume !(1 == ~handle); {18941#true} is VALID [2022-02-20 18:02:42,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:42,967 INFO L290 TraceCheckUtils]: 3: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:42,967 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18941#true} {18941#true} #1216#return; {18941#true} is VALID [2022-02-20 18:02:42,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:42,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:42,971 INFO L290 TraceCheckUtils]: 0: Hoare triple {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:42,971 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume !(1 == ~handle); {18941#true} is VALID [2022-02-20 18:02:42,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:42,971 INFO L290 TraceCheckUtils]: 3: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:42,971 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18941#true} {18941#true} #1218#return; {18941#true} is VALID [2022-02-20 18:02:42,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:42,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:42,984 INFO L290 TraceCheckUtils]: 0: Hoare triple {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19020#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:42,984 INFO L290 TraceCheckUtils]: 1: Hoare triple {19020#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19020#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:42,985 INFO L290 TraceCheckUtils]: 2: Hoare triple {19020#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19021#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:42,985 INFO L290 TraceCheckUtils]: 3: Hoare triple {19021#(= 2 |setClientId_#in~handle|)} assume true; {19021#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:42,985 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19021#(= 2 |setClientId_#in~handle|)} {18961#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {18942#false} is VALID [2022-02-20 18:02:42,985 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:02:42,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:42,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:42,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:42,999 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:42,999 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1222#return; {18942#false} is VALID [2022-02-20 18:02:43,005 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:43,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,007 INFO L290 TraceCheckUtils]: 0: Hoare triple {19022#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,008 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,008 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,008 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1198#return; {18942#false} is VALID [2022-02-20 18:02:43,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:02:43,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {19023#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,016 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1200#return; {18942#false} is VALID [2022-02-20 18:02:43,016 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:02:43,017 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~18; {18941#true} is VALID [2022-02-20 18:02:43,020 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {18941#true} is VALID [2022-02-20 18:02:43,020 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,020 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1140#return; {18942#false} is VALID [2022-02-20 18:02:43,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:02:43,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~12; {18941#true} is VALID [2022-02-20 18:02:43,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {18941#true} is VALID [2022-02-20 18:02:43,027 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1142#return; {18942#false} is VALID [2022-02-20 18:02:43,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:02:43,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~34; {18941#true} is VALID [2022-02-20 18:02:43,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {18941#true} is VALID [2022-02-20 18:02:43,029 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,029 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1160#return; {18942#false} is VALID [2022-02-20 18:02:43,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:02:43,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {18941#true} is VALID [2022-02-20 18:02:43,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle; {18941#true} is VALID [2022-02-20 18:02:43,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {18941#true} is VALID [2022-02-20 18:02:43,035 INFO L290 TraceCheckUtils]: 3: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,035 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18941#true} {18942#false} #1162#return; {18942#false} is VALID [2022-02-20 18:02:43,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:02:43,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {19022#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,044 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1168#return; {18942#false} is VALID [2022-02-20 18:02:43,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 18:02:43,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~34; {18941#true} is VALID [2022-02-20 18:02:43,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {18941#true} is VALID [2022-02-20 18:02:43,047 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,047 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1170#return; {18942#false} is VALID [2022-02-20 18:02:43,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:02:43,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,049 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~18; {18941#true} is VALID [2022-02-20 18:02:43,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {18941#true} is VALID [2022-02-20 18:02:43,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,049 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18942#false} #1172#return; {18942#false} is VALID [2022-02-20 18:02:43,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:02:43,051 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,056 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:43,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~37; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18941#true} {18941#true} #1262#return; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L272 TraceCheckUtils]: 1: Hoare triple {18941#true} call #t~ret105#1 := isEncrypted(~msg#1); {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~37; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 3: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 4: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {18941#true} {18941#true} #1262#return; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 6: Hoare triple {18941#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 7: Hoare triple {18941#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 8: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {18941#true} {18942#false} #1184#return; {18942#false} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 0: Hoare triple {18941#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 1: Hoare triple {18941#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 2: Hoare triple {18941#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 3: Hoare triple {18941#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {18941#true} is VALID [2022-02-20 18:02:43,059 INFO L290 TraceCheckUtils]: 4: Hoare triple {18941#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {18941#true} is VALID [2022-02-20 18:02:43,060 INFO L290 TraceCheckUtils]: 5: Hoare triple {18941#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18941#true} is VALID [2022-02-20 18:02:43,060 INFO L272 TraceCheckUtils]: 6: Hoare triple {18941#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,060 INFO L290 TraceCheckUtils]: 7: Hoare triple {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,060 INFO L290 TraceCheckUtils]: 8: Hoare triple {18941#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,060 INFO L290 TraceCheckUtils]: 9: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,061 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18941#true} {18941#true} #1212#return; {18941#true} is VALID [2022-02-20 18:02:43,061 INFO L290 TraceCheckUtils]: 11: Hoare triple {18941#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18941#true} is VALID [2022-02-20 18:02:43,061 INFO L272 TraceCheckUtils]: 12: Hoare triple {18941#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,061 INFO L290 TraceCheckUtils]: 13: Hoare triple {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,061 INFO L290 TraceCheckUtils]: 14: Hoare triple {18941#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,061 INFO L290 TraceCheckUtils]: 15: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,062 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18941#true} {18941#true} #1214#return; {18941#true} is VALID [2022-02-20 18:02:43,062 INFO L290 TraceCheckUtils]: 17: Hoare triple {18941#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18941#true} is VALID [2022-02-20 18:02:43,062 INFO L272 TraceCheckUtils]: 18: Hoare triple {18941#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,062 INFO L290 TraceCheckUtils]: 19: Hoare triple {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,062 INFO L290 TraceCheckUtils]: 20: Hoare triple {18941#true} assume !(1 == ~handle); {18941#true} is VALID [2022-02-20 18:02:43,062 INFO L290 TraceCheckUtils]: 21: Hoare triple {18941#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,063 INFO L290 TraceCheckUtils]: 22: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,063 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18941#true} {18941#true} #1216#return; {18941#true} is VALID [2022-02-20 18:02:43,063 INFO L290 TraceCheckUtils]: 24: Hoare triple {18941#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18941#true} is VALID [2022-02-20 18:02:43,063 INFO L272 TraceCheckUtils]: 25: Hoare triple {18941#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,063 INFO L290 TraceCheckUtils]: 26: Hoare triple {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,063 INFO L290 TraceCheckUtils]: 27: Hoare triple {18941#true} assume !(1 == ~handle); {18941#true} is VALID [2022-02-20 18:02:43,064 INFO L290 TraceCheckUtils]: 28: Hoare triple {18941#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,064 INFO L290 TraceCheckUtils]: 29: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,064 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18941#true} {18941#true} #1218#return; {18941#true} is VALID [2022-02-20 18:02:43,064 INFO L290 TraceCheckUtils]: 31: Hoare triple {18941#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18961#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:43,065 INFO L272 TraceCheckUtils]: 32: Hoare triple {18961#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,065 INFO L290 TraceCheckUtils]: 33: Hoare triple {19018#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19020#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,065 INFO L290 TraceCheckUtils]: 34: Hoare triple {19020#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19020#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,065 INFO L290 TraceCheckUtils]: 35: Hoare triple {19020#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19021#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,066 INFO L290 TraceCheckUtils]: 36: Hoare triple {19021#(= 2 |setClientId_#in~handle|)} assume true; {19021#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,066 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {19021#(= 2 |setClientId_#in~handle|)} {18961#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {18942#false} is VALID [2022-02-20 18:02:43,066 INFO L290 TraceCheckUtils]: 38: Hoare triple {18942#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {18942#false} is VALID [2022-02-20 18:02:43,066 INFO L272 TraceCheckUtils]: 39: Hoare triple {18942#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,066 INFO L290 TraceCheckUtils]: 40: Hoare triple {19019#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,066 INFO L290 TraceCheckUtils]: 41: Hoare triple {18941#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,067 INFO L290 TraceCheckUtils]: 42: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,067 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {18941#true} {18942#false} #1222#return; {18942#false} is VALID [2022-02-20 18:02:43,067 INFO L290 TraceCheckUtils]: 44: Hoare triple {18942#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {18942#false} is VALID [2022-02-20 18:02:43,067 INFO L290 TraceCheckUtils]: 45: Hoare triple {18942#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18942#false} is VALID [2022-02-20 18:02:43,067 INFO L290 TraceCheckUtils]: 46: Hoare triple {18942#false} assume !false; {18942#false} is VALID [2022-02-20 18:02:43,067 INFO L290 TraceCheckUtils]: 47: Hoare triple {18942#false} assume test_~splverifierCounter~0#1 < 4; {18942#false} is VALID [2022-02-20 18:02:43,067 INFO L290 TraceCheckUtils]: 48: Hoare triple {18942#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18942#false} is VALID [2022-02-20 18:02:43,067 INFO L290 TraceCheckUtils]: 49: Hoare triple {18942#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {18942#false} is VALID [2022-02-20 18:02:43,067 INFO L290 TraceCheckUtils]: 50: Hoare triple {18942#false} assume !(0 != test_~tmp___9~0#1); {18942#false} is VALID [2022-02-20 18:02:43,068 INFO L290 TraceCheckUtils]: 51: Hoare triple {18942#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {18942#false} is VALID [2022-02-20 18:02:43,068 INFO L290 TraceCheckUtils]: 52: Hoare triple {18942#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18942#false} is VALID [2022-02-20 18:02:43,068 INFO L290 TraceCheckUtils]: 53: Hoare triple {18942#false} assume !false; {18942#false} is VALID [2022-02-20 18:02:43,068 INFO L290 TraceCheckUtils]: 54: Hoare triple {18942#false} assume !(test_~splverifierCounter~0#1 < 4); {18942#false} is VALID [2022-02-20 18:02:43,068 INFO L290 TraceCheckUtils]: 55: Hoare triple {18942#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {18942#false} is VALID [2022-02-20 18:02:43,068 INFO L272 TraceCheckUtils]: 56: Hoare triple {18942#false} call sendEmail(~bob~0, ~rjh~0); {18942#false} is VALID [2022-02-20 18:02:43,068 INFO L290 TraceCheckUtils]: 57: Hoare triple {18942#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18942#false} is VALID [2022-02-20 18:02:43,068 INFO L272 TraceCheckUtils]: 58: Hoare triple {18942#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19022#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:43,068 INFO L290 TraceCheckUtils]: 59: Hoare triple {19022#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,068 INFO L290 TraceCheckUtils]: 60: Hoare triple {18941#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,069 INFO L290 TraceCheckUtils]: 61: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,069 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {18941#true} {18942#false} #1198#return; {18942#false} is VALID [2022-02-20 18:02:43,069 INFO L272 TraceCheckUtils]: 63: Hoare triple {18942#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19023#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:43,069 INFO L290 TraceCheckUtils]: 64: Hoare triple {19023#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,069 INFO L290 TraceCheckUtils]: 65: Hoare triple {18941#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,069 INFO L290 TraceCheckUtils]: 66: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,069 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {18941#true} {18942#false} #1200#return; {18942#false} is VALID [2022-02-20 18:02:43,069 INFO L290 TraceCheckUtils]: 68: Hoare triple {18942#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {18942#false} is VALID [2022-02-20 18:02:43,069 INFO L290 TraceCheckUtils]: 69: Hoare triple {18942#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {18942#false} is VALID [2022-02-20 18:02:43,069 INFO L272 TraceCheckUtils]: 70: Hoare triple {18942#false} call outgoing(~sender#1, ~email~0#1); {18942#false} is VALID [2022-02-20 18:02:43,070 INFO L290 TraceCheckUtils]: 71: Hoare triple {18942#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {18942#false} is VALID [2022-02-20 18:02:43,070 INFO L272 TraceCheckUtils]: 72: Hoare triple {18942#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {18941#true} is VALID [2022-02-20 18:02:43,070 INFO L290 TraceCheckUtils]: 73: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~18; {18941#true} is VALID [2022-02-20 18:02:43,070 INFO L290 TraceCheckUtils]: 74: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {18941#true} is VALID [2022-02-20 18:02:43,070 INFO L290 TraceCheckUtils]: 75: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,070 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18941#true} {18942#false} #1140#return; {18942#false} is VALID [2022-02-20 18:02:43,070 INFO L290 TraceCheckUtils]: 77: Hoare triple {18942#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {18942#false} is VALID [2022-02-20 18:02:43,070 INFO L290 TraceCheckUtils]: 78: Hoare triple {18942#false} assume 0 == sign_~privkey~1#1; {18942#false} is VALID [2022-02-20 18:02:43,070 INFO L290 TraceCheckUtils]: 79: Hoare triple {18942#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {18942#false} is VALID [2022-02-20 18:02:43,071 INFO L272 TraceCheckUtils]: 80: Hoare triple {18942#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {18941#true} is VALID [2022-02-20 18:02:43,071 INFO L290 TraceCheckUtils]: 81: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~12; {18941#true} is VALID [2022-02-20 18:02:43,071 INFO L290 TraceCheckUtils]: 82: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {18941#true} is VALID [2022-02-20 18:02:43,071 INFO L290 TraceCheckUtils]: 83: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,071 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {18941#true} {18942#false} #1142#return; {18942#false} is VALID [2022-02-20 18:02:43,071 INFO L290 TraceCheckUtils]: 85: Hoare triple {18942#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {18942#false} is VALID [2022-02-20 18:02:43,071 INFO L290 TraceCheckUtils]: 86: Hoare triple {18942#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {18942#false} is VALID [2022-02-20 18:02:43,071 INFO L272 TraceCheckUtils]: 87: Hoare triple {18942#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {18942#false} is VALID [2022-02-20 18:02:43,071 INFO L290 TraceCheckUtils]: 88: Hoare triple {18942#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {18942#false} is VALID [2022-02-20 18:02:43,071 INFO L272 TraceCheckUtils]: 89: Hoare triple {18942#false} call #t~ret62#1 := getEmailTo(~msg#1); {18941#true} is VALID [2022-02-20 18:02:43,072 INFO L290 TraceCheckUtils]: 90: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~34; {18941#true} is VALID [2022-02-20 18:02:43,072 INFO L290 TraceCheckUtils]: 91: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {18941#true} is VALID [2022-02-20 18:02:43,072 INFO L290 TraceCheckUtils]: 92: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,072 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {18941#true} {18942#false} #1160#return; {18942#false} is VALID [2022-02-20 18:02:43,072 INFO L290 TraceCheckUtils]: 94: Hoare triple {18942#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {18942#false} is VALID [2022-02-20 18:02:43,072 INFO L272 TraceCheckUtils]: 95: Hoare triple {18942#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {18941#true} is VALID [2022-02-20 18:02:43,072 INFO L290 TraceCheckUtils]: 96: Hoare triple {18941#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {18941#true} is VALID [2022-02-20 18:02:43,072 INFO L290 TraceCheckUtils]: 97: Hoare triple {18941#true} assume 1 == ~handle; {18941#true} is VALID [2022-02-20 18:02:43,072 INFO L290 TraceCheckUtils]: 98: Hoare triple {18941#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {18941#true} is VALID [2022-02-20 18:02:43,072 INFO L290 TraceCheckUtils]: 99: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,073 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {18941#true} {18942#false} #1162#return; {18942#false} is VALID [2022-02-20 18:02:43,073 INFO L290 TraceCheckUtils]: 101: Hoare triple {18942#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {18942#false} is VALID [2022-02-20 18:02:43,073 INFO L290 TraceCheckUtils]: 102: Hoare triple {18942#false} assume !(0 != ~pubkey~0#1); {18942#false} is VALID [2022-02-20 18:02:43,073 INFO L290 TraceCheckUtils]: 103: Hoare triple {18942#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {18942#false} is VALID [2022-02-20 18:02:43,073 INFO L290 TraceCheckUtils]: 104: Hoare triple {18942#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {18942#false} is VALID [2022-02-20 18:02:43,073 INFO L290 TraceCheckUtils]: 105: Hoare triple {18942#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {18942#false} is VALID [2022-02-20 18:02:43,073 INFO L272 TraceCheckUtils]: 106: Hoare triple {18942#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {19022#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:43,073 INFO L290 TraceCheckUtils]: 107: Hoare triple {19022#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18941#true} is VALID [2022-02-20 18:02:43,073 INFO L290 TraceCheckUtils]: 108: Hoare triple {18941#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18941#true} is VALID [2022-02-20 18:02:43,073 INFO L290 TraceCheckUtils]: 109: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,074 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {18941#true} {18942#false} #1168#return; {18942#false} is VALID [2022-02-20 18:02:43,074 INFO L290 TraceCheckUtils]: 111: Hoare triple {18942#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {18942#false} is VALID [2022-02-20 18:02:43,074 INFO L272 TraceCheckUtils]: 112: Hoare triple {18942#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {18941#true} is VALID [2022-02-20 18:02:43,074 INFO L290 TraceCheckUtils]: 113: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~34; {18941#true} is VALID [2022-02-20 18:02:43,074 INFO L290 TraceCheckUtils]: 114: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {18941#true} is VALID [2022-02-20 18:02:43,074 INFO L290 TraceCheckUtils]: 115: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,074 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {18941#true} {18942#false} #1170#return; {18942#false} is VALID [2022-02-20 18:02:43,074 INFO L290 TraceCheckUtils]: 117: Hoare triple {18942#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {18942#false} is VALID [2022-02-20 18:02:43,074 INFO L272 TraceCheckUtils]: 118: Hoare triple {18942#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {18941#true} is VALID [2022-02-20 18:02:43,075 INFO L290 TraceCheckUtils]: 119: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~18; {18941#true} is VALID [2022-02-20 18:02:43,075 INFO L290 TraceCheckUtils]: 120: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {18941#true} is VALID [2022-02-20 18:02:43,075 INFO L290 TraceCheckUtils]: 121: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,075 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {18941#true} {18942#false} #1172#return; {18942#false} is VALID [2022-02-20 18:02:43,075 INFO L290 TraceCheckUtils]: 123: Hoare triple {18942#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {18942#false} is VALID [2022-02-20 18:02:43,075 INFO L290 TraceCheckUtils]: 124: Hoare triple {18942#false} assume !(0 != incoming_~privkey~0#1); {18942#false} is VALID [2022-02-20 18:02:43,075 INFO L290 TraceCheckUtils]: 125: Hoare triple {18942#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {18942#false} is VALID [2022-02-20 18:02:43,075 INFO L272 TraceCheckUtils]: 126: Hoare triple {18942#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {18941#true} is VALID [2022-02-20 18:02:43,075 INFO L290 TraceCheckUtils]: 127: Hoare triple {18941#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {18941#true} is VALID [2022-02-20 18:02:43,075 INFO L272 TraceCheckUtils]: 128: Hoare triple {18941#true} call #t~ret105#1 := isEncrypted(~msg#1); {18941#true} is VALID [2022-02-20 18:02:43,076 INFO L290 TraceCheckUtils]: 129: Hoare triple {18941#true} ~handle := #in~handle;havoc ~retValue_acc~37; {18941#true} is VALID [2022-02-20 18:02:43,076 INFO L290 TraceCheckUtils]: 130: Hoare triple {18941#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {18941#true} is VALID [2022-02-20 18:02:43,076 INFO L290 TraceCheckUtils]: 131: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,076 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {18941#true} {18941#true} #1262#return; {18941#true} is VALID [2022-02-20 18:02:43,076 INFO L290 TraceCheckUtils]: 133: Hoare triple {18941#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {18941#true} is VALID [2022-02-20 18:02:43,076 INFO L290 TraceCheckUtils]: 134: Hoare triple {18941#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {18941#true} is VALID [2022-02-20 18:02:43,076 INFO L290 TraceCheckUtils]: 135: Hoare triple {18941#true} assume true; {18941#true} is VALID [2022-02-20 18:02:43,076 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {18941#true} {18942#false} #1184#return; {18942#false} is VALID [2022-02-20 18:02:43,076 INFO L290 TraceCheckUtils]: 137: Hoare triple {18942#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {18942#false} is VALID [2022-02-20 18:02:43,076 INFO L290 TraceCheckUtils]: 138: Hoare triple {18942#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {18942#false} is VALID [2022-02-20 18:02:43,077 INFO L290 TraceCheckUtils]: 139: Hoare triple {18942#false} assume !false; {18942#false} is VALID [2022-02-20 18:02:43,077 INFO L134 CoverageAnalysis]: Checked inductivity of 39 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:02:43,077 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:43,077 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [45132201] [2022-02-20 18:02:43,077 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [45132201] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:43,077 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:43,077 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:43,078 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [88066828] [2022-02-20 18:02:43,078 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:43,079 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 140 [2022-02-20 18:02:43,079 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:43,091 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:43,160 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:43,161 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:43,161 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:43,161 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:43,161 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:43,162 INFO L87 Difference]: Start difference. First operand 466 states and 718 transitions. Second operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:49,646 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:49,647 INFO L93 Difference]: Finished difference Result 1010 states and 1577 transitions. [2022-02-20 18:02:49,647 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:02:49,647 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 140 [2022-02-20 18:02:49,647 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:49,648 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:49,658 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1339 transitions. [2022-02-20 18:02:49,658 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:49,668 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1339 transitions. [2022-02-20 18:02:49,668 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1339 transitions. [2022-02-20 18:02:50,750 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1339 edges. 1339 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:50,766 INFO L225 Difference]: With dead ends: 1010 [2022-02-20 18:02:50,766 INFO L226 Difference]: Without dead ends: 567 [2022-02-20 18:02:50,768 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:50,768 INFO L933 BasicCegarLoop]: 620 mSDtfsCounter, 1508 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 2019 mSolverCounterSat, 518 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1531 SdHoareTripleChecker+Valid, 1558 SdHoareTripleChecker+Invalid, 2537 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 518 IncrementalHoareTripleChecker+Valid, 2019 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:50,768 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1531 Valid, 1558 Invalid, 2537 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [518 Valid, 2019 Invalid, 0 Unknown, 0 Unchecked, 2.9s Time] [2022-02-20 18:02:50,769 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 567 states. [2022-02-20 18:02:50,848 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 567 to 468. [2022-02-20 18:02:50,849 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:50,849 INFO L82 GeneralOperation]: Start isEquivalent. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:50,850 INFO L74 IsIncluded]: Start isIncluded. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:50,851 INFO L87 Difference]: Start difference. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:50,866 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:50,867 INFO L93 Difference]: Finished difference Result 567 states and 889 transitions. [2022-02-20 18:02:50,867 INFO L276 IsEmpty]: Start isEmpty. Operand 567 states and 889 transitions. [2022-02-20 18:02:50,869 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:50,869 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:50,870 INFO L74 IsIncluded]: Start isIncluded. First operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 567 states. [2022-02-20 18:02:50,871 INFO L87 Difference]: Start difference. First operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 567 states. [2022-02-20 18:02:50,886 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:50,886 INFO L93 Difference]: Finished difference Result 567 states and 889 transitions. [2022-02-20 18:02:50,887 INFO L276 IsEmpty]: Start isEmpty. Operand 567 states and 889 transitions. [2022-02-20 18:02:50,889 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:50,889 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:50,889 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:50,889 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:50,890 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:50,903 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 468 states to 468 states and 721 transitions. [2022-02-20 18:02:50,904 INFO L78 Accepts]: Start accepts. Automaton has 468 states and 721 transitions. Word has length 140 [2022-02-20 18:02:50,904 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:50,904 INFO L470 AbstractCegarLoop]: Abstraction has 468 states and 721 transitions. [2022-02-20 18:02:50,904 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 18:02:50,904 INFO L276 IsEmpty]: Start isEmpty. Operand 468 states and 721 transitions. [2022-02-20 18:02:50,906 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 161 [2022-02-20 18:02:50,906 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:50,906 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:50,906 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:02:50,907 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:50,907 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:50,907 INFO L85 PathProgramCache]: Analyzing trace with hash 282948770, now seen corresponding path program 1 times [2022-02-20 18:02:50,907 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:50,907 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1561485301] [2022-02-20 18:02:50,907 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:50,907 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:50,932 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:50,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:50,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:50,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:50,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:50,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:50,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22222#true} #1212#return; {22222#true} is VALID [2022-02-20 18:02:50,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:50,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:50,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:50,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:50,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:50,960 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22222#true} #1214#return; {22222#true} is VALID [2022-02-20 18:02:50,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:50,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:50,964 INFO L290 TraceCheckUtils]: 0: Hoare triple {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:50,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume !(1 == ~handle); {22222#true} is VALID [2022-02-20 18:02:50,964 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:50,964 INFO L290 TraceCheckUtils]: 3: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:50,964 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22222#true} {22222#true} #1216#return; {22222#true} is VALID [2022-02-20 18:02:50,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:50,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:50,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:50,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume !(1 == ~handle); {22222#true} is VALID [2022-02-20 18:02:50,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:50,967 INFO L290 TraceCheckUtils]: 3: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:50,967 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22222#true} {22222#true} #1218#return; {22222#true} is VALID [2022-02-20 18:02:50,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:50,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:50,980 INFO L290 TraceCheckUtils]: 0: Hoare triple {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22315#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:50,980 INFO L290 TraceCheckUtils]: 1: Hoare triple {22315#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22315#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:50,980 INFO L290 TraceCheckUtils]: 2: Hoare triple {22315#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22315#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:50,981 INFO L290 TraceCheckUtils]: 3: Hoare triple {22315#(= setClientId_~handle |setClientId_#in~handle|)} assume !(3 == ~handle); {22316#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 18:02:50,981 INFO L290 TraceCheckUtils]: 4: Hoare triple {22316#(not (= 3 |setClientId_#in~handle|))} assume true; {22316#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 18:02:50,982 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22316#(not (= 3 |setClientId_#in~handle|))} {22242#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {22223#false} is VALID [2022-02-20 18:02:50,982 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:50,983 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:50,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:50,985 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:50,985 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:50,985 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1222#return; {22223#false} is VALID [2022-02-20 18:02:50,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:02:50,992 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:50,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {22317#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:50,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:50,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:50,994 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1198#return; {22223#false} is VALID [2022-02-20 18:02:51,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:02:51,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,003 INFO L290 TraceCheckUtils]: 0: Hoare triple {22318#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,003 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,003 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,003 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1200#return; {22223#false} is VALID [2022-02-20 18:02:51,004 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:02:51,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,006 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~18; {22222#true} is VALID [2022-02-20 18:02:51,006 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {22222#true} is VALID [2022-02-20 18:02:51,006 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,006 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1140#return; {22223#false} is VALID [2022-02-20 18:02:51,006 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:02:51,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,008 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~12; {22222#true} is VALID [2022-02-20 18:02:51,009 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {22222#true} is VALID [2022-02-20 18:02:51,009 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,009 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1142#return; {22223#false} is VALID [2022-02-20 18:02:51,009 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:02:51,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,011 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1144#return; {22223#false} is VALID [2022-02-20 18:02:51,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:02:51,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~16; {22222#true} is VALID [2022-02-20 18:02:51,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle; {22222#true} is VALID [2022-02-20 18:02:51,014 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume 0 == ~index;~retValue_acc~16 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~16; {22222#true} is VALID [2022-02-20 18:02:51,014 INFO L290 TraceCheckUtils]: 3: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,014 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22222#true} {22223#false} #1146#return; {22223#false} is VALID [2022-02-20 18:02:51,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:51,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {22318#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,017 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1148#return; {22223#false} is VALID [2022-02-20 18:02:51,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:02:51,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,020 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,020 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1160#return; {22223#false} is VALID [2022-02-20 18:02:51,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 18:02:51,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {22222#true} is VALID [2022-02-20 18:02:51,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle; {22222#true} is VALID [2022-02-20 18:02:51,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {22222#true} is VALID [2022-02-20 18:02:51,022 INFO L290 TraceCheckUtils]: 3: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,022 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22222#true} {22223#false} #1162#return; {22223#false} is VALID [2022-02-20 18:02:51,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 18:02:51,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {22317#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,025 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1168#return; {22223#false} is VALID [2022-02-20 18:02:51,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 18:02:51,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,028 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,028 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,028 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,028 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1170#return; {22223#false} is VALID [2022-02-20 18:02:51,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 18:02:51,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,030 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~18; {22222#true} is VALID [2022-02-20 18:02:51,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {22222#true} is VALID [2022-02-20 18:02:51,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,031 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22223#false} #1172#return; {22223#false} is VALID [2022-02-20 18:02:51,031 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 146 [2022-02-20 18:02:51,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,034 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:51,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:51,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~37; {22222#true} is VALID [2022-02-20 18:02:51,036 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {22222#true} is VALID [2022-02-20 18:02:51,036 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,036 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22222#true} {22222#true} #1262#return; {22222#true} is VALID [2022-02-20 18:02:51,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L272 TraceCheckUtils]: 1: Hoare triple {22222#true} call #t~ret105#1 := isEncrypted(~msg#1); {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~37; {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L290 TraceCheckUtils]: 3: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L290 TraceCheckUtils]: 4: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22222#true} {22222#true} #1262#return; {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L290 TraceCheckUtils]: 6: Hoare triple {22222#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L290 TraceCheckUtils]: 7: Hoare triple {22222#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L290 TraceCheckUtils]: 8: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,037 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {22222#true} {22223#false} #1184#return; {22223#false} is VALID [2022-02-20 18:02:51,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {22222#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {22222#true} is VALID [2022-02-20 18:02:51,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {22222#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {22222#true} is VALID [2022-02-20 18:02:51,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {22222#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22222#true} is VALID [2022-02-20 18:02:51,038 INFO L290 TraceCheckUtils]: 3: Hoare triple {22222#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {22222#true} is VALID [2022-02-20 18:02:51,038 INFO L290 TraceCheckUtils]: 4: Hoare triple {22222#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {22222#true} is VALID [2022-02-20 18:02:51,038 INFO L290 TraceCheckUtils]: 5: Hoare triple {22222#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22222#true} is VALID [2022-02-20 18:02:51,039 INFO L272 TraceCheckUtils]: 6: Hoare triple {22222#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:51,039 INFO L290 TraceCheckUtils]: 7: Hoare triple {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,039 INFO L290 TraceCheckUtils]: 8: Hoare triple {22222#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,039 INFO L290 TraceCheckUtils]: 9: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,039 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22222#true} {22222#true} #1212#return; {22222#true} is VALID [2022-02-20 18:02:51,039 INFO L290 TraceCheckUtils]: 11: Hoare triple {22222#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22222#true} is VALID [2022-02-20 18:02:51,040 INFO L272 TraceCheckUtils]: 12: Hoare triple {22222#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:51,040 INFO L290 TraceCheckUtils]: 13: Hoare triple {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,040 INFO L290 TraceCheckUtils]: 14: Hoare triple {22222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,040 INFO L290 TraceCheckUtils]: 15: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,040 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22222#true} {22222#true} #1214#return; {22222#true} is VALID [2022-02-20 18:02:51,040 INFO L290 TraceCheckUtils]: 17: Hoare triple {22222#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22222#true} is VALID [2022-02-20 18:02:51,041 INFO L272 TraceCheckUtils]: 18: Hoare triple {22222#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:51,041 INFO L290 TraceCheckUtils]: 19: Hoare triple {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,041 INFO L290 TraceCheckUtils]: 20: Hoare triple {22222#true} assume !(1 == ~handle); {22222#true} is VALID [2022-02-20 18:02:51,041 INFO L290 TraceCheckUtils]: 21: Hoare triple {22222#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,041 INFO L290 TraceCheckUtils]: 22: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,041 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22222#true} {22222#true} #1216#return; {22222#true} is VALID [2022-02-20 18:02:51,042 INFO L290 TraceCheckUtils]: 24: Hoare triple {22222#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22222#true} is VALID [2022-02-20 18:02:51,042 INFO L272 TraceCheckUtils]: 25: Hoare triple {22222#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:51,042 INFO L290 TraceCheckUtils]: 26: Hoare triple {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,042 INFO L290 TraceCheckUtils]: 27: Hoare triple {22222#true} assume !(1 == ~handle); {22222#true} is VALID [2022-02-20 18:02:51,042 INFO L290 TraceCheckUtils]: 28: Hoare triple {22222#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,042 INFO L290 TraceCheckUtils]: 29: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,043 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22222#true} {22222#true} #1218#return; {22222#true} is VALID [2022-02-20 18:02:51,043 INFO L290 TraceCheckUtils]: 31: Hoare triple {22222#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22242#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:51,044 INFO L272 TraceCheckUtils]: 32: Hoare triple {22242#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:51,044 INFO L290 TraceCheckUtils]: 33: Hoare triple {22313#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22315#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:51,044 INFO L290 TraceCheckUtils]: 34: Hoare triple {22315#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22315#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:51,044 INFO L290 TraceCheckUtils]: 35: Hoare triple {22315#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22315#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:51,045 INFO L290 TraceCheckUtils]: 36: Hoare triple {22315#(= setClientId_~handle |setClientId_#in~handle|)} assume !(3 == ~handle); {22316#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 18:02:51,045 INFO L290 TraceCheckUtils]: 37: Hoare triple {22316#(not (= 3 |setClientId_#in~handle|))} assume true; {22316#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 18:02:51,045 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22316#(not (= 3 |setClientId_#in~handle|))} {22242#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {22223#false} is VALID [2022-02-20 18:02:51,045 INFO L290 TraceCheckUtils]: 39: Hoare triple {22223#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {22223#false} is VALID [2022-02-20 18:02:51,046 INFO L272 TraceCheckUtils]: 40: Hoare triple {22223#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:51,046 INFO L290 TraceCheckUtils]: 41: Hoare triple {22314#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,046 INFO L290 TraceCheckUtils]: 42: Hoare triple {22222#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,046 INFO L290 TraceCheckUtils]: 43: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,046 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {22222#true} {22223#false} #1222#return; {22223#false} is VALID [2022-02-20 18:02:51,046 INFO L290 TraceCheckUtils]: 45: Hoare triple {22223#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {22223#false} is VALID [2022-02-20 18:02:51,046 INFO L290 TraceCheckUtils]: 46: Hoare triple {22223#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22223#false} is VALID [2022-02-20 18:02:51,046 INFO L290 TraceCheckUtils]: 47: Hoare triple {22223#false} assume !false; {22223#false} is VALID [2022-02-20 18:02:51,046 INFO L290 TraceCheckUtils]: 48: Hoare triple {22223#false} assume test_~splverifierCounter~0#1 < 4; {22223#false} is VALID [2022-02-20 18:02:51,046 INFO L290 TraceCheckUtils]: 49: Hoare triple {22223#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L290 TraceCheckUtils]: 50: Hoare triple {22223#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L290 TraceCheckUtils]: 51: Hoare triple {22223#false} assume !(0 != test_~tmp___9~0#1); {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L290 TraceCheckUtils]: 52: Hoare triple {22223#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L290 TraceCheckUtils]: 53: Hoare triple {22223#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L290 TraceCheckUtils]: 54: Hoare triple {22223#false} assume !false; {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L290 TraceCheckUtils]: 55: Hoare triple {22223#false} assume !(test_~splverifierCounter~0#1 < 4); {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L290 TraceCheckUtils]: 56: Hoare triple {22223#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L272 TraceCheckUtils]: 57: Hoare triple {22223#false} call sendEmail(~bob~0, ~rjh~0); {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L290 TraceCheckUtils]: 58: Hoare triple {22223#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22223#false} is VALID [2022-02-20 18:02:51,047 INFO L272 TraceCheckUtils]: 59: Hoare triple {22223#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22317#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:51,048 INFO L290 TraceCheckUtils]: 60: Hoare triple {22317#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,048 INFO L290 TraceCheckUtils]: 61: Hoare triple {22222#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,048 INFO L290 TraceCheckUtils]: 62: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,048 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {22222#true} {22223#false} #1198#return; {22223#false} is VALID [2022-02-20 18:02:51,048 INFO L272 TraceCheckUtils]: 64: Hoare triple {22223#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22318#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:51,048 INFO L290 TraceCheckUtils]: 65: Hoare triple {22318#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,048 INFO L290 TraceCheckUtils]: 66: Hoare triple {22222#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,048 INFO L290 TraceCheckUtils]: 67: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,048 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {22222#true} {22223#false} #1200#return; {22223#false} is VALID [2022-02-20 18:02:51,049 INFO L290 TraceCheckUtils]: 69: Hoare triple {22223#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {22223#false} is VALID [2022-02-20 18:02:51,049 INFO L290 TraceCheckUtils]: 70: Hoare triple {22223#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {22223#false} is VALID [2022-02-20 18:02:51,049 INFO L272 TraceCheckUtils]: 71: Hoare triple {22223#false} call outgoing(~sender#1, ~email~0#1); {22223#false} is VALID [2022-02-20 18:02:51,049 INFO L290 TraceCheckUtils]: 72: Hoare triple {22223#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {22223#false} is VALID [2022-02-20 18:02:51,049 INFO L272 TraceCheckUtils]: 73: Hoare triple {22223#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {22222#true} is VALID [2022-02-20 18:02:51,049 INFO L290 TraceCheckUtils]: 74: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~18; {22222#true} is VALID [2022-02-20 18:02:51,049 INFO L290 TraceCheckUtils]: 75: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {22222#true} is VALID [2022-02-20 18:02:51,049 INFO L290 TraceCheckUtils]: 76: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,049 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {22222#true} {22223#false} #1140#return; {22223#false} is VALID [2022-02-20 18:02:51,049 INFO L290 TraceCheckUtils]: 78: Hoare triple {22223#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {22223#false} is VALID [2022-02-20 18:02:51,050 INFO L290 TraceCheckUtils]: 79: Hoare triple {22223#false} assume 0 == sign_~privkey~1#1; {22223#false} is VALID [2022-02-20 18:02:51,050 INFO L290 TraceCheckUtils]: 80: Hoare triple {22223#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {22223#false} is VALID [2022-02-20 18:02:51,050 INFO L272 TraceCheckUtils]: 81: Hoare triple {22223#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {22222#true} is VALID [2022-02-20 18:02:51,050 INFO L290 TraceCheckUtils]: 82: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~12; {22222#true} is VALID [2022-02-20 18:02:51,050 INFO L290 TraceCheckUtils]: 83: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {22222#true} is VALID [2022-02-20 18:02:51,050 INFO L290 TraceCheckUtils]: 84: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,050 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {22222#true} {22223#false} #1142#return; {22223#false} is VALID [2022-02-20 18:02:51,050 INFO L290 TraceCheckUtils]: 86: Hoare triple {22223#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {22223#false} is VALID [2022-02-20 18:02:51,050 INFO L290 TraceCheckUtils]: 87: Hoare triple {22223#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {22223#false} is VALID [2022-02-20 18:02:51,050 INFO L290 TraceCheckUtils]: 88: Hoare triple {22223#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret65#1 := puts(25, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret65#1 && outgoing__wrappee__AddressBook_#t~ret65#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret65#1; {22223#false} is VALID [2022-02-20 18:02:51,051 INFO L272 TraceCheckUtils]: 89: Hoare triple {22223#false} call outgoing__wrappee__AddressBook_#t~ret66#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {22222#true} is VALID [2022-02-20 18:02:51,051 INFO L290 TraceCheckUtils]: 90: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,051 INFO L290 TraceCheckUtils]: 91: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,051 INFO L290 TraceCheckUtils]: 92: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,051 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {22222#true} {22223#false} #1144#return; {22223#false} is VALID [2022-02-20 18:02:51,051 INFO L290 TraceCheckUtils]: 94: Hoare triple {22223#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret66#1 && outgoing__wrappee__AddressBook_#t~ret66#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret66#1;havoc outgoing__wrappee__AddressBook_#t~ret66#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret67#1 := puts(26, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret67#1 && outgoing__wrappee__AddressBook_#t~ret67#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret67#1; {22223#false} is VALID [2022-02-20 18:02:51,051 INFO L272 TraceCheckUtils]: 95: Hoare triple {22223#false} call outgoing__wrappee__AddressBook_#t~ret68#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {22222#true} is VALID [2022-02-20 18:02:51,051 INFO L290 TraceCheckUtils]: 96: Hoare triple {22222#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~16; {22222#true} is VALID [2022-02-20 18:02:51,051 INFO L290 TraceCheckUtils]: 97: Hoare triple {22222#true} assume 1 == ~handle; {22222#true} is VALID [2022-02-20 18:02:51,051 INFO L290 TraceCheckUtils]: 98: Hoare triple {22222#true} assume 0 == ~index;~retValue_acc~16 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~16; {22222#true} is VALID [2022-02-20 18:02:51,052 INFO L290 TraceCheckUtils]: 99: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,052 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {22222#true} {22223#false} #1146#return; {22223#false} is VALID [2022-02-20 18:02:51,052 INFO L290 TraceCheckUtils]: 101: Hoare triple {22223#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret68#1 && outgoing__wrappee__AddressBook_#t~ret68#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret68#1;havoc outgoing__wrappee__AddressBook_#t~ret68#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {22223#false} is VALID [2022-02-20 18:02:51,052 INFO L272 TraceCheckUtils]: 102: Hoare triple {22223#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {22318#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:51,052 INFO L290 TraceCheckUtils]: 103: Hoare triple {22318#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,052 INFO L290 TraceCheckUtils]: 104: Hoare triple {22222#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,052 INFO L290 TraceCheckUtils]: 105: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,052 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {22222#true} {22223#false} #1148#return; {22223#false} is VALID [2022-02-20 18:02:51,052 INFO L272 TraceCheckUtils]: 107: Hoare triple {22223#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {22223#false} is VALID [2022-02-20 18:02:51,052 INFO L290 TraceCheckUtils]: 108: Hoare triple {22223#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {22223#false} is VALID [2022-02-20 18:02:51,053 INFO L272 TraceCheckUtils]: 109: Hoare triple {22223#false} call #t~ret62#1 := getEmailTo(~msg#1); {22222#true} is VALID [2022-02-20 18:02:51,053 INFO L290 TraceCheckUtils]: 110: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,053 INFO L290 TraceCheckUtils]: 111: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,053 INFO L290 TraceCheckUtils]: 112: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,053 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {22222#true} {22223#false} #1160#return; {22223#false} is VALID [2022-02-20 18:02:51,053 INFO L290 TraceCheckUtils]: 114: Hoare triple {22223#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {22223#false} is VALID [2022-02-20 18:02:51,053 INFO L272 TraceCheckUtils]: 115: Hoare triple {22223#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {22222#true} is VALID [2022-02-20 18:02:51,053 INFO L290 TraceCheckUtils]: 116: Hoare triple {22222#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {22222#true} is VALID [2022-02-20 18:02:51,053 INFO L290 TraceCheckUtils]: 117: Hoare triple {22222#true} assume 1 == ~handle; {22222#true} is VALID [2022-02-20 18:02:51,053 INFO L290 TraceCheckUtils]: 118: Hoare triple {22222#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {22222#true} is VALID [2022-02-20 18:02:51,054 INFO L290 TraceCheckUtils]: 119: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,054 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {22222#true} {22223#false} #1162#return; {22223#false} is VALID [2022-02-20 18:02:51,054 INFO L290 TraceCheckUtils]: 121: Hoare triple {22223#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {22223#false} is VALID [2022-02-20 18:02:51,054 INFO L290 TraceCheckUtils]: 122: Hoare triple {22223#false} assume !(0 != ~pubkey~0#1); {22223#false} is VALID [2022-02-20 18:02:51,054 INFO L290 TraceCheckUtils]: 123: Hoare triple {22223#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {22223#false} is VALID [2022-02-20 18:02:51,054 INFO L290 TraceCheckUtils]: 124: Hoare triple {22223#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {22223#false} is VALID [2022-02-20 18:02:51,054 INFO L290 TraceCheckUtils]: 125: Hoare triple {22223#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {22223#false} is VALID [2022-02-20 18:02:51,054 INFO L272 TraceCheckUtils]: 126: Hoare triple {22223#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {22317#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:51,054 INFO L290 TraceCheckUtils]: 127: Hoare triple {22317#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22222#true} is VALID [2022-02-20 18:02:51,054 INFO L290 TraceCheckUtils]: 128: Hoare triple {22222#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22222#true} is VALID [2022-02-20 18:02:51,055 INFO L290 TraceCheckUtils]: 129: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,055 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {22222#true} {22223#false} #1168#return; {22223#false} is VALID [2022-02-20 18:02:51,055 INFO L290 TraceCheckUtils]: 131: Hoare triple {22223#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {22223#false} is VALID [2022-02-20 18:02:51,055 INFO L272 TraceCheckUtils]: 132: Hoare triple {22223#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {22222#true} is VALID [2022-02-20 18:02:51,055 INFO L290 TraceCheckUtils]: 133: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,055 INFO L290 TraceCheckUtils]: 134: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {22222#true} is VALID [2022-02-20 18:02:51,055 INFO L290 TraceCheckUtils]: 135: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,055 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {22222#true} {22223#false} #1170#return; {22223#false} is VALID [2022-02-20 18:02:51,055 INFO L290 TraceCheckUtils]: 137: Hoare triple {22223#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {22223#false} is VALID [2022-02-20 18:02:51,055 INFO L272 TraceCheckUtils]: 138: Hoare triple {22223#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {22222#true} is VALID [2022-02-20 18:02:51,056 INFO L290 TraceCheckUtils]: 139: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~18; {22222#true} is VALID [2022-02-20 18:02:51,056 INFO L290 TraceCheckUtils]: 140: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {22222#true} is VALID [2022-02-20 18:02:51,056 INFO L290 TraceCheckUtils]: 141: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,056 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {22222#true} {22223#false} #1172#return; {22223#false} is VALID [2022-02-20 18:02:51,056 INFO L290 TraceCheckUtils]: 143: Hoare triple {22223#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {22223#false} is VALID [2022-02-20 18:02:51,056 INFO L290 TraceCheckUtils]: 144: Hoare triple {22223#false} assume !(0 != incoming_~privkey~0#1); {22223#false} is VALID [2022-02-20 18:02:51,056 INFO L290 TraceCheckUtils]: 145: Hoare triple {22223#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {22223#false} is VALID [2022-02-20 18:02:51,056 INFO L272 TraceCheckUtils]: 146: Hoare triple {22223#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {22222#true} is VALID [2022-02-20 18:02:51,056 INFO L290 TraceCheckUtils]: 147: Hoare triple {22222#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {22222#true} is VALID [2022-02-20 18:02:51,056 INFO L272 TraceCheckUtils]: 148: Hoare triple {22222#true} call #t~ret105#1 := isEncrypted(~msg#1); {22222#true} is VALID [2022-02-20 18:02:51,057 INFO L290 TraceCheckUtils]: 149: Hoare triple {22222#true} ~handle := #in~handle;havoc ~retValue_acc~37; {22222#true} is VALID [2022-02-20 18:02:51,057 INFO L290 TraceCheckUtils]: 150: Hoare triple {22222#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {22222#true} is VALID [2022-02-20 18:02:51,057 INFO L290 TraceCheckUtils]: 151: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,057 INFO L284 TraceCheckUtils]: 152: Hoare quadruple {22222#true} {22222#true} #1262#return; {22222#true} is VALID [2022-02-20 18:02:51,057 INFO L290 TraceCheckUtils]: 153: Hoare triple {22222#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {22222#true} is VALID [2022-02-20 18:02:51,057 INFO L290 TraceCheckUtils]: 154: Hoare triple {22222#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {22222#true} is VALID [2022-02-20 18:02:51,057 INFO L290 TraceCheckUtils]: 155: Hoare triple {22222#true} assume true; {22222#true} is VALID [2022-02-20 18:02:51,057 INFO L284 TraceCheckUtils]: 156: Hoare quadruple {22222#true} {22223#false} #1184#return; {22223#false} is VALID [2022-02-20 18:02:51,057 INFO L290 TraceCheckUtils]: 157: Hoare triple {22223#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {22223#false} is VALID [2022-02-20 18:02:51,057 INFO L290 TraceCheckUtils]: 158: Hoare triple {22223#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {22223#false} is VALID [2022-02-20 18:02:51,058 INFO L290 TraceCheckUtils]: 159: Hoare triple {22223#false} assume !false; {22223#false} is VALID [2022-02-20 18:02:51,058 INFO L134 CoverageAnalysis]: Checked inductivity of 51 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 44 trivial. 0 not checked. [2022-02-20 18:02:51,058 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:51,058 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1561485301] [2022-02-20 18:02:51,058 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1561485301] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:51,058 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:51,059 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:51,059 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [437685956] [2022-02-20 18:02:51,059 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:51,059 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.75) internal successors, (94), 5 states have internal predecessors, (94), 3 states have call successors, (23), 6 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 3 states have call successors, (20) Word has length 160 [2022-02-20 18:02:51,060 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:51,060 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 11.75) internal successors, (94), 5 states have internal predecessors, (94), 3 states have call successors, (23), 6 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:02:51,152 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 137 edges. 137 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:51,152 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:51,152 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:51,152 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:51,153 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:51,153 INFO L87 Difference]: Start difference. First operand 468 states and 721 transitions. Second operand has 9 states, 8 states have (on average 11.75) internal successors, (94), 5 states have internal predecessors, (94), 3 states have call successors, (23), 6 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:02:57,547 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:57,547 INFO L93 Difference]: Finished difference Result 1010 states and 1576 transitions. [2022-02-20 18:02:57,547 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:02:57,547 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.75) internal successors, (94), 5 states have internal predecessors, (94), 3 states have call successors, (23), 6 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 3 states have call successors, (20) Word has length 160 [2022-02-20 18:02:57,548 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:57,548 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.75) internal successors, (94), 5 states have internal predecessors, (94), 3 states have call successors, (23), 6 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:02:57,557 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1338 transitions. [2022-02-20 18:02:57,558 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.75) internal successors, (94), 5 states have internal predecessors, (94), 3 states have call successors, (23), 6 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:02:57,567 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1338 transitions. [2022-02-20 18:02:57,567 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1338 transitions. [2022-02-20 18:02:58,630 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1338 edges. 1338 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:58,646 INFO L225 Difference]: With dead ends: 1010 [2022-02-20 18:02:58,646 INFO L226 Difference]: Without dead ends: 567 [2022-02-20 18:02:58,647 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 60 GetRequests, 44 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 41 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=89, Invalid=217, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:02:58,648 INFO L933 BasicCegarLoop]: 630 mSDtfsCounter, 1472 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 2060 mSolverCounterSat, 513 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1492 SdHoareTripleChecker+Valid, 1568 SdHoareTripleChecker+Invalid, 2573 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 513 IncrementalHoareTripleChecker+Valid, 2060 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:58,648 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1492 Valid, 1568 Invalid, 2573 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [513 Valid, 2060 Invalid, 0 Unknown, 0 Unchecked, 2.8s Time] [2022-02-20 18:02:58,649 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 567 states. [2022-02-20 18:02:58,727 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 567 to 468. [2022-02-20 18:02:58,727 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:58,728 INFO L82 GeneralOperation]: Start isEquivalent. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:58,729 INFO L74 IsIncluded]: Start isIncluded. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:58,729 INFO L87 Difference]: Start difference. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:58,745 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:58,746 INFO L93 Difference]: Finished difference Result 567 states and 888 transitions. [2022-02-20 18:02:58,746 INFO L276 IsEmpty]: Start isEmpty. Operand 567 states and 888 transitions. [2022-02-20 18:02:58,748 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:58,748 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:58,749 INFO L74 IsIncluded]: Start isIncluded. First operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 567 states. [2022-02-20 18:02:58,750 INFO L87 Difference]: Start difference. First operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 567 states. [2022-02-20 18:02:58,765 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:58,766 INFO L93 Difference]: Finished difference Result 567 states and 888 transitions. [2022-02-20 18:02:58,766 INFO L276 IsEmpty]: Start isEmpty. Operand 567 states and 888 transitions. [2022-02-20 18:02:58,768 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:58,768 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:58,769 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:58,769 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:58,770 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:02:58,782 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 468 states to 468 states and 721 transitions. [2022-02-20 18:02:58,783 INFO L78 Accepts]: Start accepts. Automaton has 468 states and 721 transitions. Word has length 160 [2022-02-20 18:02:58,783 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:58,783 INFO L470 AbstractCegarLoop]: Abstraction has 468 states and 721 transitions. [2022-02-20 18:02:58,783 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 11.75) internal successors, (94), 5 states have internal predecessors, (94), 3 states have call successors, (23), 6 states have call predecessors, (23), 2 states have return successors, (20), 2 states have call predecessors, (20), 3 states have call successors, (20) [2022-02-20 18:02:58,783 INFO L276 IsEmpty]: Start isEmpty. Operand 468 states and 721 transitions. [2022-02-20 18:02:58,785 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 142 [2022-02-20 18:02:58,785 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:58,785 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:58,785 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:02:58,786 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:58,786 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:58,786 INFO L85 PathProgramCache]: Analyzing trace with hash -1816560831, now seen corresponding path program 1 times [2022-02-20 18:02:58,786 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:58,786 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1112732901] [2022-02-20 18:02:58,786 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:58,786 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:58,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,829 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:58,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,832 INFO L290 TraceCheckUtils]: 0: Hoare triple {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,832 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,832 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,832 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25520#true} #1212#return; {25520#true} is VALID [2022-02-20 18:02:58,837 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:58,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,841 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,841 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25520#true} #1214#return; {25520#true} is VALID [2022-02-20 18:02:58,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:58,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume !(1 == ~handle); {25520#true} is VALID [2022-02-20 18:02:58,844 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,844 INFO L290 TraceCheckUtils]: 3: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,844 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25520#true} {25520#true} #1216#return; {25520#true} is VALID [2022-02-20 18:02:58,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:58,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume !(1 == ~handle); {25520#true} is VALID [2022-02-20 18:02:58,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,848 INFO L290 TraceCheckUtils]: 3: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,848 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25520#true} {25520#true} #1218#return; {25520#true} is VALID [2022-02-20 18:02:58,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:58,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,860 INFO L290 TraceCheckUtils]: 0: Hoare triple {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25601#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,861 INFO L290 TraceCheckUtils]: 1: Hoare triple {25601#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25601#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,861 INFO L290 TraceCheckUtils]: 2: Hoare triple {25601#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25601#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,861 INFO L290 TraceCheckUtils]: 3: Hoare triple {25601#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25602#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,862 INFO L290 TraceCheckUtils]: 4: Hoare triple {25602#(= 3 |setClientId_#in~handle|)} assume true; {25602#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,862 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25602#(= 3 |setClientId_#in~handle|)} {25540#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {25547#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:58,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:02:58,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25603#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:58,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {25603#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25604#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:58,879 INFO L290 TraceCheckUtils]: 2: Hoare triple {25604#(= |setClientPrivateKey_#in~handle| 1)} assume true; {25604#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:58,879 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25604#(= |setClientPrivateKey_#in~handle| 1)} {25547#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1222#return; {25521#false} is VALID [2022-02-20 18:02:58,886 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:02:58,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {25605#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,889 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25521#false} #1198#return; {25521#false} is VALID [2022-02-20 18:02:58,897 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:02:58,898 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,900 INFO L290 TraceCheckUtils]: 0: Hoare triple {25606#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,900 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,900 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,900 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25521#false} #1200#return; {25521#false} is VALID [2022-02-20 18:02:58,900 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:02:58,901 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,902 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~18; {25520#true} is VALID [2022-02-20 18:02:58,903 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {25520#true} is VALID [2022-02-20 18:02:58,903 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,903 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25521#false} #1140#return; {25521#false} is VALID [2022-02-20 18:02:58,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:02:58,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,905 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~12; {25520#true} is VALID [2022-02-20 18:02:58,906 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {25520#true} is VALID [2022-02-20 18:02:58,906 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,906 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25521#false} #1142#return; {25521#false} is VALID [2022-02-20 18:02:58,906 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:02:58,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,908 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~34; {25520#true} is VALID [2022-02-20 18:02:58,908 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {25520#true} is VALID [2022-02-20 18:02:58,908 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,909 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25521#false} #1160#return; {25521#false} is VALID [2022-02-20 18:02:58,909 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:58,909 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {25520#true} is VALID [2022-02-20 18:02:58,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle; {25520#true} is VALID [2022-02-20 18:02:58,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {25520#true} is VALID [2022-02-20 18:02:58,911 INFO L290 TraceCheckUtils]: 3: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,911 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25520#true} {25521#false} #1162#return; {25521#false} is VALID [2022-02-20 18:02:58,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:02:58,912 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {25605#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,914 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,914 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25521#false} #1168#return; {25521#false} is VALID [2022-02-20 18:02:58,914 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:02:58,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,916 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~34; {25520#true} is VALID [2022-02-20 18:02:58,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {25520#true} is VALID [2022-02-20 18:02:58,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,916 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25521#false} #1170#return; {25521#false} is VALID [2022-02-20 18:02:58,917 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:02:58,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,918 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~18; {25520#true} is VALID [2022-02-20 18:02:58,919 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {25520#true} is VALID [2022-02-20 18:02:58,919 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,919 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25521#false} #1172#return; {25521#false} is VALID [2022-02-20 18:02:58,919 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:02:58,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:58,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:58,924 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~37; {25520#true} is VALID [2022-02-20 18:02:58,924 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {25520#true} is VALID [2022-02-20 18:02:58,924 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,924 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25520#true} {25520#true} #1262#return; {25520#true} is VALID [2022-02-20 18:02:58,924 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {25520#true} is VALID [2022-02-20 18:02:58,924 INFO L272 TraceCheckUtils]: 1: Hoare triple {25520#true} call #t~ret105#1 := isEncrypted(~msg#1); {25520#true} is VALID [2022-02-20 18:02:58,925 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~37; {25520#true} is VALID [2022-02-20 18:02:58,925 INFO L290 TraceCheckUtils]: 3: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {25520#true} is VALID [2022-02-20 18:02:58,925 INFO L290 TraceCheckUtils]: 4: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,925 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25520#true} {25520#true} #1262#return; {25520#true} is VALID [2022-02-20 18:02:58,925 INFO L290 TraceCheckUtils]: 6: Hoare triple {25520#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {25520#true} is VALID [2022-02-20 18:02:58,925 INFO L290 TraceCheckUtils]: 7: Hoare triple {25520#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {25520#true} is VALID [2022-02-20 18:02:58,925 INFO L290 TraceCheckUtils]: 8: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,925 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {25520#true} {25521#false} #1184#return; {25521#false} is VALID [2022-02-20 18:02:58,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {25520#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {25520#true} is VALID [2022-02-20 18:02:58,926 INFO L290 TraceCheckUtils]: 1: Hoare triple {25520#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {25520#true} is VALID [2022-02-20 18:02:58,926 INFO L290 TraceCheckUtils]: 2: Hoare triple {25520#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25520#true} is VALID [2022-02-20 18:02:58,926 INFO L290 TraceCheckUtils]: 3: Hoare triple {25520#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {25520#true} is VALID [2022-02-20 18:02:58,926 INFO L290 TraceCheckUtils]: 4: Hoare triple {25520#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {25520#true} is VALID [2022-02-20 18:02:58,926 INFO L290 TraceCheckUtils]: 5: Hoare triple {25520#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25520#true} is VALID [2022-02-20 18:02:58,927 INFO L272 TraceCheckUtils]: 6: Hoare triple {25520#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:58,927 INFO L290 TraceCheckUtils]: 7: Hoare triple {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,927 INFO L290 TraceCheckUtils]: 8: Hoare triple {25520#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,927 INFO L290 TraceCheckUtils]: 9: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,927 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25520#true} {25520#true} #1212#return; {25520#true} is VALID [2022-02-20 18:02:58,927 INFO L290 TraceCheckUtils]: 11: Hoare triple {25520#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25520#true} is VALID [2022-02-20 18:02:58,928 INFO L272 TraceCheckUtils]: 12: Hoare triple {25520#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:58,928 INFO L290 TraceCheckUtils]: 13: Hoare triple {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,928 INFO L290 TraceCheckUtils]: 14: Hoare triple {25520#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,928 INFO L290 TraceCheckUtils]: 15: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,928 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25520#true} {25520#true} #1214#return; {25520#true} is VALID [2022-02-20 18:02:58,928 INFO L290 TraceCheckUtils]: 17: Hoare triple {25520#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25520#true} is VALID [2022-02-20 18:02:58,929 INFO L272 TraceCheckUtils]: 18: Hoare triple {25520#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:58,929 INFO L290 TraceCheckUtils]: 19: Hoare triple {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,929 INFO L290 TraceCheckUtils]: 20: Hoare triple {25520#true} assume !(1 == ~handle); {25520#true} is VALID [2022-02-20 18:02:58,929 INFO L290 TraceCheckUtils]: 21: Hoare triple {25520#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,929 INFO L290 TraceCheckUtils]: 22: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,929 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25520#true} {25520#true} #1216#return; {25520#true} is VALID [2022-02-20 18:02:58,929 INFO L290 TraceCheckUtils]: 24: Hoare triple {25520#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25520#true} is VALID [2022-02-20 18:02:58,930 INFO L272 TraceCheckUtils]: 25: Hoare triple {25520#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:58,930 INFO L290 TraceCheckUtils]: 26: Hoare triple {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,930 INFO L290 TraceCheckUtils]: 27: Hoare triple {25520#true} assume !(1 == ~handle); {25520#true} is VALID [2022-02-20 18:02:58,930 INFO L290 TraceCheckUtils]: 28: Hoare triple {25520#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,930 INFO L290 TraceCheckUtils]: 29: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,930 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25520#true} {25520#true} #1218#return; {25520#true} is VALID [2022-02-20 18:02:58,931 INFO L290 TraceCheckUtils]: 31: Hoare triple {25520#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25540#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:58,931 INFO L272 TraceCheckUtils]: 32: Hoare triple {25540#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:58,931 INFO L290 TraceCheckUtils]: 33: Hoare triple {25599#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25601#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,932 INFO L290 TraceCheckUtils]: 34: Hoare triple {25601#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25601#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,932 INFO L290 TraceCheckUtils]: 35: Hoare triple {25601#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25601#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,932 INFO L290 TraceCheckUtils]: 36: Hoare triple {25601#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25602#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,932 INFO L290 TraceCheckUtils]: 37: Hoare triple {25602#(= 3 |setClientId_#in~handle|)} assume true; {25602#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:58,933 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25602#(= 3 |setClientId_#in~handle|)} {25540#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {25547#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:58,933 INFO L290 TraceCheckUtils]: 39: Hoare triple {25547#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25547#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:02:58,934 INFO L272 TraceCheckUtils]: 40: Hoare triple {25547#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:58,934 INFO L290 TraceCheckUtils]: 41: Hoare triple {25600#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25603#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:58,934 INFO L290 TraceCheckUtils]: 42: Hoare triple {25603#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25604#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:58,935 INFO L290 TraceCheckUtils]: 43: Hoare triple {25604#(= |setClientPrivateKey_#in~handle| 1)} assume true; {25604#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:58,935 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {25604#(= |setClientPrivateKey_#in~handle| 1)} {25547#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1222#return; {25521#false} is VALID [2022-02-20 18:02:58,935 INFO L290 TraceCheckUtils]: 45: Hoare triple {25521#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {25521#false} is VALID [2022-02-20 18:02:58,935 INFO L290 TraceCheckUtils]: 46: Hoare triple {25521#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25521#false} is VALID [2022-02-20 18:02:58,935 INFO L290 TraceCheckUtils]: 47: Hoare triple {25521#false} assume !false; {25521#false} is VALID [2022-02-20 18:02:58,935 INFO L290 TraceCheckUtils]: 48: Hoare triple {25521#false} assume test_~splverifierCounter~0#1 < 4; {25521#false} is VALID [2022-02-20 18:02:58,935 INFO L290 TraceCheckUtils]: 49: Hoare triple {25521#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L290 TraceCheckUtils]: 50: Hoare triple {25521#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L290 TraceCheckUtils]: 51: Hoare triple {25521#false} assume !(0 != test_~tmp___9~0#1); {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L290 TraceCheckUtils]: 52: Hoare triple {25521#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L290 TraceCheckUtils]: 53: Hoare triple {25521#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L290 TraceCheckUtils]: 54: Hoare triple {25521#false} assume !false; {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L290 TraceCheckUtils]: 55: Hoare triple {25521#false} assume !(test_~splverifierCounter~0#1 < 4); {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L290 TraceCheckUtils]: 56: Hoare triple {25521#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L272 TraceCheckUtils]: 57: Hoare triple {25521#false} call sendEmail(~bob~0, ~rjh~0); {25521#false} is VALID [2022-02-20 18:02:58,936 INFO L290 TraceCheckUtils]: 58: Hoare triple {25521#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25521#false} is VALID [2022-02-20 18:02:58,937 INFO L272 TraceCheckUtils]: 59: Hoare triple {25521#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25605#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:58,937 INFO L290 TraceCheckUtils]: 60: Hoare triple {25605#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,937 INFO L290 TraceCheckUtils]: 61: Hoare triple {25520#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,937 INFO L290 TraceCheckUtils]: 62: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,937 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {25520#true} {25521#false} #1198#return; {25521#false} is VALID [2022-02-20 18:02:58,937 INFO L272 TraceCheckUtils]: 64: Hoare triple {25521#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25606#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:58,937 INFO L290 TraceCheckUtils]: 65: Hoare triple {25606#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,937 INFO L290 TraceCheckUtils]: 66: Hoare triple {25520#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,937 INFO L290 TraceCheckUtils]: 67: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,937 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {25520#true} {25521#false} #1200#return; {25521#false} is VALID [2022-02-20 18:02:58,938 INFO L290 TraceCheckUtils]: 69: Hoare triple {25521#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {25521#false} is VALID [2022-02-20 18:02:58,938 INFO L290 TraceCheckUtils]: 70: Hoare triple {25521#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {25521#false} is VALID [2022-02-20 18:02:58,938 INFO L272 TraceCheckUtils]: 71: Hoare triple {25521#false} call outgoing(~sender#1, ~email~0#1); {25521#false} is VALID [2022-02-20 18:02:58,938 INFO L290 TraceCheckUtils]: 72: Hoare triple {25521#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {25521#false} is VALID [2022-02-20 18:02:58,938 INFO L272 TraceCheckUtils]: 73: Hoare triple {25521#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {25520#true} is VALID [2022-02-20 18:02:58,938 INFO L290 TraceCheckUtils]: 74: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~18; {25520#true} is VALID [2022-02-20 18:02:58,938 INFO L290 TraceCheckUtils]: 75: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {25520#true} is VALID [2022-02-20 18:02:58,938 INFO L290 TraceCheckUtils]: 76: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,938 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {25520#true} {25521#false} #1140#return; {25521#false} is VALID [2022-02-20 18:02:58,938 INFO L290 TraceCheckUtils]: 78: Hoare triple {25521#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {25521#false} is VALID [2022-02-20 18:02:58,939 INFO L290 TraceCheckUtils]: 79: Hoare triple {25521#false} assume 0 == sign_~privkey~1#1; {25521#false} is VALID [2022-02-20 18:02:58,939 INFO L290 TraceCheckUtils]: 80: Hoare triple {25521#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {25521#false} is VALID [2022-02-20 18:02:58,939 INFO L272 TraceCheckUtils]: 81: Hoare triple {25521#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {25520#true} is VALID [2022-02-20 18:02:58,939 INFO L290 TraceCheckUtils]: 82: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~12; {25520#true} is VALID [2022-02-20 18:02:58,939 INFO L290 TraceCheckUtils]: 83: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {25520#true} is VALID [2022-02-20 18:02:58,939 INFO L290 TraceCheckUtils]: 84: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,939 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {25520#true} {25521#false} #1142#return; {25521#false} is VALID [2022-02-20 18:02:58,939 INFO L290 TraceCheckUtils]: 86: Hoare triple {25521#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {25521#false} is VALID [2022-02-20 18:02:58,939 INFO L290 TraceCheckUtils]: 87: Hoare triple {25521#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {25521#false} is VALID [2022-02-20 18:02:58,939 INFO L272 TraceCheckUtils]: 88: Hoare triple {25521#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {25521#false} is VALID [2022-02-20 18:02:58,940 INFO L290 TraceCheckUtils]: 89: Hoare triple {25521#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {25521#false} is VALID [2022-02-20 18:02:58,940 INFO L272 TraceCheckUtils]: 90: Hoare triple {25521#false} call #t~ret62#1 := getEmailTo(~msg#1); {25520#true} is VALID [2022-02-20 18:02:58,940 INFO L290 TraceCheckUtils]: 91: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~34; {25520#true} is VALID [2022-02-20 18:02:58,940 INFO L290 TraceCheckUtils]: 92: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {25520#true} is VALID [2022-02-20 18:02:58,940 INFO L290 TraceCheckUtils]: 93: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,940 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {25520#true} {25521#false} #1160#return; {25521#false} is VALID [2022-02-20 18:02:58,940 INFO L290 TraceCheckUtils]: 95: Hoare triple {25521#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {25521#false} is VALID [2022-02-20 18:02:58,940 INFO L272 TraceCheckUtils]: 96: Hoare triple {25521#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {25520#true} is VALID [2022-02-20 18:02:58,940 INFO L290 TraceCheckUtils]: 97: Hoare triple {25520#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {25520#true} is VALID [2022-02-20 18:02:58,940 INFO L290 TraceCheckUtils]: 98: Hoare triple {25520#true} assume 1 == ~handle; {25520#true} is VALID [2022-02-20 18:02:58,941 INFO L290 TraceCheckUtils]: 99: Hoare triple {25520#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {25520#true} is VALID [2022-02-20 18:02:58,941 INFO L290 TraceCheckUtils]: 100: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,941 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {25520#true} {25521#false} #1162#return; {25521#false} is VALID [2022-02-20 18:02:58,941 INFO L290 TraceCheckUtils]: 102: Hoare triple {25521#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {25521#false} is VALID [2022-02-20 18:02:58,941 INFO L290 TraceCheckUtils]: 103: Hoare triple {25521#false} assume !(0 != ~pubkey~0#1); {25521#false} is VALID [2022-02-20 18:02:58,941 INFO L290 TraceCheckUtils]: 104: Hoare triple {25521#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {25521#false} is VALID [2022-02-20 18:02:58,941 INFO L290 TraceCheckUtils]: 105: Hoare triple {25521#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {25521#false} is VALID [2022-02-20 18:02:58,941 INFO L290 TraceCheckUtils]: 106: Hoare triple {25521#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {25521#false} is VALID [2022-02-20 18:02:58,941 INFO L272 TraceCheckUtils]: 107: Hoare triple {25521#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {25605#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:58,942 INFO L290 TraceCheckUtils]: 108: Hoare triple {25605#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25520#true} is VALID [2022-02-20 18:02:58,942 INFO L290 TraceCheckUtils]: 109: Hoare triple {25520#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25520#true} is VALID [2022-02-20 18:02:58,942 INFO L290 TraceCheckUtils]: 110: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,942 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {25520#true} {25521#false} #1168#return; {25521#false} is VALID [2022-02-20 18:02:58,942 INFO L290 TraceCheckUtils]: 112: Hoare triple {25521#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {25521#false} is VALID [2022-02-20 18:02:58,942 INFO L272 TraceCheckUtils]: 113: Hoare triple {25521#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {25520#true} is VALID [2022-02-20 18:02:58,942 INFO L290 TraceCheckUtils]: 114: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~34; {25520#true} is VALID [2022-02-20 18:02:58,942 INFO L290 TraceCheckUtils]: 115: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {25520#true} is VALID [2022-02-20 18:02:58,942 INFO L290 TraceCheckUtils]: 116: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,942 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {25520#true} {25521#false} #1170#return; {25521#false} is VALID [2022-02-20 18:02:58,943 INFO L290 TraceCheckUtils]: 118: Hoare triple {25521#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {25521#false} is VALID [2022-02-20 18:02:58,943 INFO L272 TraceCheckUtils]: 119: Hoare triple {25521#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {25520#true} is VALID [2022-02-20 18:02:58,943 INFO L290 TraceCheckUtils]: 120: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~18; {25520#true} is VALID [2022-02-20 18:02:58,943 INFO L290 TraceCheckUtils]: 121: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {25520#true} is VALID [2022-02-20 18:02:58,943 INFO L290 TraceCheckUtils]: 122: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,943 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {25520#true} {25521#false} #1172#return; {25521#false} is VALID [2022-02-20 18:02:58,943 INFO L290 TraceCheckUtils]: 124: Hoare triple {25521#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {25521#false} is VALID [2022-02-20 18:02:58,943 INFO L290 TraceCheckUtils]: 125: Hoare triple {25521#false} assume !(0 != incoming_~privkey~0#1); {25521#false} is VALID [2022-02-20 18:02:58,943 INFO L290 TraceCheckUtils]: 126: Hoare triple {25521#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {25521#false} is VALID [2022-02-20 18:02:58,943 INFO L272 TraceCheckUtils]: 127: Hoare triple {25521#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L290 TraceCheckUtils]: 128: Hoare triple {25520#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L272 TraceCheckUtils]: 129: Hoare triple {25520#true} call #t~ret105#1 := isEncrypted(~msg#1); {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L290 TraceCheckUtils]: 130: Hoare triple {25520#true} ~handle := #in~handle;havoc ~retValue_acc~37; {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L290 TraceCheckUtils]: 131: Hoare triple {25520#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L290 TraceCheckUtils]: 132: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {25520#true} {25520#true} #1262#return; {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L290 TraceCheckUtils]: 134: Hoare triple {25520#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L290 TraceCheckUtils]: 135: Hoare triple {25520#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L290 TraceCheckUtils]: 136: Hoare triple {25520#true} assume true; {25520#true} is VALID [2022-02-20 18:02:58,944 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {25520#true} {25521#false} #1184#return; {25521#false} is VALID [2022-02-20 18:02:58,945 INFO L290 TraceCheckUtils]: 138: Hoare triple {25521#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {25521#false} is VALID [2022-02-20 18:02:58,945 INFO L290 TraceCheckUtils]: 139: Hoare triple {25521#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {25521#false} is VALID [2022-02-20 18:02:58,945 INFO L290 TraceCheckUtils]: 140: Hoare triple {25521#false} assume !false; {25521#false} is VALID [2022-02-20 18:02:58,945 INFO L134 CoverageAnalysis]: Checked inductivity of 39 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:02:58,945 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:58,945 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1112732901] [2022-02-20 18:02:58,946 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1112732901] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:58,946 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:58,946 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:02:58,946 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1945162259] [2022-02-20 18:02:58,946 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:58,946 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 141 [2022-02-20 18:02:58,947 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:58,947 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 18:02:59,017 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 127 edges. 127 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:59,018 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:02:59,018 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:59,018 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:02:59,018 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:59,019 INFO L87 Difference]: Start difference. First operand 468 states and 721 transitions. Second operand has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 18:03:07,988 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:07,989 INFO L93 Difference]: Finished difference Result 1008 states and 1571 transitions. [2022-02-20 18:03:07,989 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:03:07,989 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 141 [2022-02-20 18:03:07,989 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:07,989 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 18:03:07,998 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1339 transitions. [2022-02-20 18:03:07,998 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 18:03:08,007 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1339 transitions. [2022-02-20 18:03:08,007 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1339 transitions. [2022-02-20 18:03:09,083 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1339 edges. 1339 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:09,098 INFO L225 Difference]: With dead ends: 1008 [2022-02-20 18:03:09,098 INFO L226 Difference]: Without dead ends: 567 [2022-02-20 18:03:09,099 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 59 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:03:09,100 INFO L933 BasicCegarLoop]: 605 mSDtfsCounter, 1640 mSDsluCounter, 1302 mSDsCounter, 0 mSdLazyCounter, 3631 mSolverCounterSat, 602 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1640 SdHoareTripleChecker+Valid, 1907 SdHoareTripleChecker+Invalid, 4233 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 602 IncrementalHoareTripleChecker+Valid, 3631 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:09,100 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1640 Valid, 1907 Invalid, 4233 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [602 Valid, 3631 Invalid, 0 Unknown, 0 Unchecked, 4.1s Time] [2022-02-20 18:03:09,101 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 567 states. [2022-02-20 18:03:09,178 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 567 to 468. [2022-02-20 18:03:09,178 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:09,180 INFO L82 GeneralOperation]: Start isEquivalent. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:03:09,180 INFO L74 IsIncluded]: Start isIncluded. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:03:09,181 INFO L87 Difference]: Start difference. First operand 567 states. Second operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:03:09,194 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:09,195 INFO L93 Difference]: Finished difference Result 567 states and 887 transitions. [2022-02-20 18:03:09,195 INFO L276 IsEmpty]: Start isEmpty. Operand 567 states and 887 transitions. [2022-02-20 18:03:09,198 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:09,198 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:09,199 INFO L74 IsIncluded]: Start isIncluded. First operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 567 states. [2022-02-20 18:03:09,200 INFO L87 Difference]: Start difference. First operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 567 states. [2022-02-20 18:03:09,214 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:09,214 INFO L93 Difference]: Finished difference Result 567 states and 887 transitions. [2022-02-20 18:03:09,214 INFO L276 IsEmpty]: Start isEmpty. Operand 567 states and 887 transitions. [2022-02-20 18:03:09,217 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:09,217 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:09,217 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:09,217 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:09,218 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 468 states, 360 states have (on average 1.5611111111111111) internal successors, (562), 367 states have internal predecessors, (562), 76 states have call successors, (76), 28 states have call predecessors, (76), 31 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:03:09,230 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 468 states to 468 states and 720 transitions. [2022-02-20 18:03:09,230 INFO L78 Accepts]: Start accepts. Automaton has 468 states and 720 transitions. Word has length 141 [2022-02-20 18:03:09,231 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:09,231 INFO L470 AbstractCegarLoop]: Abstraction has 468 states and 720 transitions. [2022-02-20 18:03:09,231 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 18:03:09,231 INFO L276 IsEmpty]: Start isEmpty. Operand 468 states and 720 transitions. [2022-02-20 18:03:09,233 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 162 [2022-02-20 18:03:09,233 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:09,233 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:09,234 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:03:09,234 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:09,234 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:09,234 INFO L85 PathProgramCache]: Analyzing trace with hash 281100800, now seen corresponding path program 1 times [2022-02-20 18:03:09,234 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:09,234 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [592417785] [2022-02-20 18:03:09,234 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:09,234 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:09,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:09,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,280 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,280 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,280 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28810#true} #1212#return; {28810#true} is VALID [2022-02-20 18:03:09,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:09,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,288 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,288 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,288 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28810#true} #1214#return; {28810#true} is VALID [2022-02-20 18:03:09,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:09,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,291 INFO L290 TraceCheckUtils]: 0: Hoare triple {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,291 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume !(1 == ~handle); {28810#true} is VALID [2022-02-20 18:03:09,291 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,291 INFO L290 TraceCheckUtils]: 3: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,291 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28810#true} {28810#true} #1216#return; {28810#true} is VALID [2022-02-20 18:03:09,292 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:09,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume !(1 == ~handle); {28810#true} is VALID [2022-02-20 18:03:09,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,294 INFO L290 TraceCheckUtils]: 3: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,294 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28810#true} {28810#true} #1218#return; {28810#true} is VALID [2022-02-20 18:03:09,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:09,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28905#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {28905#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {28905#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {28905#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {28905#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,308 INFO L290 TraceCheckUtils]: 3: Hoare triple {28905#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {28906#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,308 INFO L290 TraceCheckUtils]: 4: Hoare triple {28906#(= 3 |setClientId_#in~handle|)} assume true; {28906#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,309 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28906#(= 3 |setClientId_#in~handle|)} {28830#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {28837#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:09,309 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:03:09,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,324 INFO L290 TraceCheckUtils]: 0: Hoare triple {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28907#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:09,324 INFO L290 TraceCheckUtils]: 1: Hoare triple {28907#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {28907#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:09,324 INFO L290 TraceCheckUtils]: 2: Hoare triple {28907#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {28908#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:09,325 INFO L290 TraceCheckUtils]: 3: Hoare triple {28908#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {28908#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:09,325 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28908#(= 2 |setClientPrivateKey_#in~handle|)} {28837#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1222#return; {28811#false} is VALID [2022-02-20 18:03:09,332 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:03:09,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {28909#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,334 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,334 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,334 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1198#return; {28811#false} is VALID [2022-02-20 18:03:09,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:03:09,342 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,343 INFO L290 TraceCheckUtils]: 0: Hoare triple {28910#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,344 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,344 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1200#return; {28811#false} is VALID [2022-02-20 18:03:09,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:03:09,344 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,346 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~18; {28810#true} is VALID [2022-02-20 18:03:09,346 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {28810#true} is VALID [2022-02-20 18:03:09,346 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,346 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1140#return; {28811#false} is VALID [2022-02-20 18:03:09,346 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:03:09,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~12; {28810#true} is VALID [2022-02-20 18:03:09,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {28810#true} is VALID [2022-02-20 18:03:09,348 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,348 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1142#return; {28811#false} is VALID [2022-02-20 18:03:09,348 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:03:09,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,350 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,350 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1144#return; {28811#false} is VALID [2022-02-20 18:03:09,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:03:09,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,354 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~16; {28810#true} is VALID [2022-02-20 18:03:09,354 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle; {28810#true} is VALID [2022-02-20 18:03:09,354 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume 0 == ~index;~retValue_acc~16 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~16; {28810#true} is VALID [2022-02-20 18:03:09,354 INFO L290 TraceCheckUtils]: 3: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,354 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28810#true} {28811#false} #1146#return; {28811#false} is VALID [2022-02-20 18:03:09,355 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:03:09,355 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {28910#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,357 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,357 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1148#return; {28811#false} is VALID [2022-02-20 18:03:09,357 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:03:09,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,359 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,359 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,359 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1160#return; {28811#false} is VALID [2022-02-20 18:03:09,359 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:03:09,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {28810#true} is VALID [2022-02-20 18:03:09,361 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle; {28810#true} is VALID [2022-02-20 18:03:09,361 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {28810#true} is VALID [2022-02-20 18:03:09,361 INFO L290 TraceCheckUtils]: 3: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,361 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28810#true} {28811#false} #1162#return; {28811#false} is VALID [2022-02-20 18:03:09,361 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 18:03:09,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {28909#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,363 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1168#return; {28811#false} is VALID [2022-02-20 18:03:09,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 18:03:09,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,365 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,365 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,365 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,365 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1170#return; {28811#false} is VALID [2022-02-20 18:03:09,365 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2022-02-20 18:03:09,366 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,367 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~18; {28810#true} is VALID [2022-02-20 18:03:09,367 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {28810#true} is VALID [2022-02-20 18:03:09,367 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,367 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28811#false} #1172#return; {28811#false} is VALID [2022-02-20 18:03:09,367 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 147 [2022-02-20 18:03:09,369 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,370 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:09,370 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:09,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~37; {28810#true} is VALID [2022-02-20 18:03:09,374 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {28810#true} is VALID [2022-02-20 18:03:09,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,374 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28810#true} {28810#true} #1262#return; {28810#true} is VALID [2022-02-20 18:03:09,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {28810#true} is VALID [2022-02-20 18:03:09,374 INFO L272 TraceCheckUtils]: 1: Hoare triple {28810#true} call #t~ret105#1 := isEncrypted(~msg#1); {28810#true} is VALID [2022-02-20 18:03:09,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~37; {28810#true} is VALID [2022-02-20 18:03:09,375 INFO L290 TraceCheckUtils]: 3: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {28810#true} is VALID [2022-02-20 18:03:09,375 INFO L290 TraceCheckUtils]: 4: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,375 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28810#true} {28810#true} #1262#return; {28810#true} is VALID [2022-02-20 18:03:09,375 INFO L290 TraceCheckUtils]: 6: Hoare triple {28810#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {28810#true} is VALID [2022-02-20 18:03:09,375 INFO L290 TraceCheckUtils]: 7: Hoare triple {28810#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {28810#true} is VALID [2022-02-20 18:03:09,375 INFO L290 TraceCheckUtils]: 8: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,375 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {28810#true} {28811#false} #1184#return; {28811#false} is VALID [2022-02-20 18:03:09,375 INFO L290 TraceCheckUtils]: 0: Hoare triple {28810#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(34, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(16, 27);call #Ultimate.allocInit(20, 28);call #Ultimate.allocInit(10, 29);call #Ultimate.allocInit(12, 30);call #Ultimate.allocInit(10, 31);call #Ultimate.allocInit(18, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(13, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(25, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {28810#true} is VALID [2022-02-20 18:03:09,375 INFO L290 TraceCheckUtils]: 1: Hoare triple {28810#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {28810#true} is VALID [2022-02-20 18:03:09,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {28810#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {28810#true} is VALID [2022-02-20 18:03:09,376 INFO L290 TraceCheckUtils]: 3: Hoare triple {28810#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~43#1;havoc valid_product_~retValue_acc~43#1;valid_product_~retValue_acc~43#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~43#1; {28810#true} is VALID [2022-02-20 18:03:09,376 INFO L290 TraceCheckUtils]: 4: Hoare triple {28810#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {28810#true} is VALID [2022-02-20 18:03:09,376 INFO L290 TraceCheckUtils]: 5: Hoare triple {28810#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {28810#true} is VALID [2022-02-20 18:03:09,376 INFO L272 TraceCheckUtils]: 6: Hoare triple {28810#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:09,376 INFO L290 TraceCheckUtils]: 7: Hoare triple {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,377 INFO L290 TraceCheckUtils]: 8: Hoare triple {28810#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,377 INFO L290 TraceCheckUtils]: 9: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,377 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {28810#true} {28810#true} #1212#return; {28810#true} is VALID [2022-02-20 18:03:09,377 INFO L290 TraceCheckUtils]: 11: Hoare triple {28810#true} assume { :end_inline_setup_bob__wrappee__Base } true; {28810#true} is VALID [2022-02-20 18:03:09,377 INFO L272 TraceCheckUtils]: 12: Hoare triple {28810#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:09,377 INFO L290 TraceCheckUtils]: 13: Hoare triple {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,378 INFO L290 TraceCheckUtils]: 14: Hoare triple {28810#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,378 INFO L290 TraceCheckUtils]: 15: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,378 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {28810#true} {28810#true} #1214#return; {28810#true} is VALID [2022-02-20 18:03:09,378 INFO L290 TraceCheckUtils]: 17: Hoare triple {28810#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {28810#true} is VALID [2022-02-20 18:03:09,378 INFO L272 TraceCheckUtils]: 18: Hoare triple {28810#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:09,378 INFO L290 TraceCheckUtils]: 19: Hoare triple {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,379 INFO L290 TraceCheckUtils]: 20: Hoare triple {28810#true} assume !(1 == ~handle); {28810#true} is VALID [2022-02-20 18:03:09,379 INFO L290 TraceCheckUtils]: 21: Hoare triple {28810#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,379 INFO L290 TraceCheckUtils]: 22: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,379 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {28810#true} {28810#true} #1216#return; {28810#true} is VALID [2022-02-20 18:03:09,379 INFO L290 TraceCheckUtils]: 24: Hoare triple {28810#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {28810#true} is VALID [2022-02-20 18:03:09,379 INFO L272 TraceCheckUtils]: 25: Hoare triple {28810#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:09,380 INFO L290 TraceCheckUtils]: 26: Hoare triple {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,380 INFO L290 TraceCheckUtils]: 27: Hoare triple {28810#true} assume !(1 == ~handle); {28810#true} is VALID [2022-02-20 18:03:09,380 INFO L290 TraceCheckUtils]: 28: Hoare triple {28810#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,380 INFO L290 TraceCheckUtils]: 29: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,380 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {28810#true} {28810#true} #1218#return; {28810#true} is VALID [2022-02-20 18:03:09,380 INFO L290 TraceCheckUtils]: 31: Hoare triple {28810#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {28830#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:09,381 INFO L272 TraceCheckUtils]: 32: Hoare triple {28830#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:09,381 INFO L290 TraceCheckUtils]: 33: Hoare triple {28903#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28905#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,381 INFO L290 TraceCheckUtils]: 34: Hoare triple {28905#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {28905#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,382 INFO L290 TraceCheckUtils]: 35: Hoare triple {28905#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {28905#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,382 INFO L290 TraceCheckUtils]: 36: Hoare triple {28905#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {28906#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,382 INFO L290 TraceCheckUtils]: 37: Hoare triple {28906#(= 3 |setClientId_#in~handle|)} assume true; {28906#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:09,383 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {28906#(= 3 |setClientId_#in~handle|)} {28830#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1220#return; {28837#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:09,383 INFO L290 TraceCheckUtils]: 39: Hoare triple {28837#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {28837#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:09,383 INFO L272 TraceCheckUtils]: 40: Hoare triple {28837#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:09,384 INFO L290 TraceCheckUtils]: 41: Hoare triple {28904#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28907#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:09,384 INFO L290 TraceCheckUtils]: 42: Hoare triple {28907#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {28907#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:09,384 INFO L290 TraceCheckUtils]: 43: Hoare triple {28907#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {28908#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:09,384 INFO L290 TraceCheckUtils]: 44: Hoare triple {28908#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {28908#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:09,385 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {28908#(= 2 |setClientPrivateKey_#in~handle|)} {28837#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1222#return; {28811#false} is VALID [2022-02-20 18:03:09,385 INFO L290 TraceCheckUtils]: 46: Hoare triple {28811#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {28811#false} is VALID [2022-02-20 18:03:09,385 INFO L290 TraceCheckUtils]: 47: Hoare triple {28811#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~6#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~6#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28811#false} is VALID [2022-02-20 18:03:09,385 INFO L290 TraceCheckUtils]: 48: Hoare triple {28811#false} assume !false; {28811#false} is VALID [2022-02-20 18:03:09,385 INFO L290 TraceCheckUtils]: 49: Hoare triple {28811#false} assume test_~splverifierCounter~0#1 < 4; {28811#false} is VALID [2022-02-20 18:03:09,385 INFO L290 TraceCheckUtils]: 50: Hoare triple {28811#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {28811#false} is VALID [2022-02-20 18:03:09,385 INFO L290 TraceCheckUtils]: 51: Hoare triple {28811#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {28811#false} is VALID [2022-02-20 18:03:09,385 INFO L290 TraceCheckUtils]: 52: Hoare triple {28811#false} assume !(0 != test_~tmp___9~0#1); {28811#false} is VALID [2022-02-20 18:03:09,386 INFO L290 TraceCheckUtils]: 53: Hoare triple {28811#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {28811#false} is VALID [2022-02-20 18:03:09,386 INFO L290 TraceCheckUtils]: 54: Hoare triple {28811#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {28811#false} is VALID [2022-02-20 18:03:09,386 INFO L290 TraceCheckUtils]: 55: Hoare triple {28811#false} assume !false; {28811#false} is VALID [2022-02-20 18:03:09,386 INFO L290 TraceCheckUtils]: 56: Hoare triple {28811#false} assume !(test_~splverifierCounter~0#1 < 4); {28811#false} is VALID [2022-02-20 18:03:09,386 INFO L290 TraceCheckUtils]: 57: Hoare triple {28811#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {28811#false} is VALID [2022-02-20 18:03:09,386 INFO L272 TraceCheckUtils]: 58: Hoare triple {28811#false} call sendEmail(~bob~0, ~rjh~0); {28811#false} is VALID [2022-02-20 18:03:09,386 INFO L290 TraceCheckUtils]: 59: Hoare triple {28811#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~29#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~29#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {28811#false} is VALID [2022-02-20 18:03:09,386 INFO L272 TraceCheckUtils]: 60: Hoare triple {28811#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {28909#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:09,386 INFO L290 TraceCheckUtils]: 61: Hoare triple {28909#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,386 INFO L290 TraceCheckUtils]: 62: Hoare triple {28810#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,387 INFO L290 TraceCheckUtils]: 63: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,387 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {28810#true} {28811#false} #1198#return; {28811#false} is VALID [2022-02-20 18:03:09,387 INFO L272 TraceCheckUtils]: 65: Hoare triple {28811#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {28910#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:09,387 INFO L290 TraceCheckUtils]: 66: Hoare triple {28910#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,387 INFO L290 TraceCheckUtils]: 67: Hoare triple {28810#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,387 INFO L290 TraceCheckUtils]: 68: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,387 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {28810#true} {28811#false} #1200#return; {28811#false} is VALID [2022-02-20 18:03:09,387 INFO L290 TraceCheckUtils]: 70: Hoare triple {28811#false} createEmail_~retValue_acc~29#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~29#1; {28811#false} is VALID [2022-02-20 18:03:09,387 INFO L290 TraceCheckUtils]: 71: Hoare triple {28811#false} #t~ret76#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret76#1 && #t~ret76#1 <= 2147483647;~tmp~14#1 := #t~ret76#1;havoc #t~ret76#1;~email~0#1 := ~tmp~14#1; {28811#false} is VALID [2022-02-20 18:03:09,387 INFO L272 TraceCheckUtils]: 72: Hoare triple {28811#false} call outgoing(~sender#1, ~email~0#1); {28811#false} is VALID [2022-02-20 18:03:09,388 INFO L290 TraceCheckUtils]: 73: Hoare triple {28811#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret78#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~15#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~15#1; {28811#false} is VALID [2022-02-20 18:03:09,388 INFO L272 TraceCheckUtils]: 74: Hoare triple {28811#false} call sign_#t~ret78#1 := getClientPrivateKey(sign_~client#1); {28810#true} is VALID [2022-02-20 18:03:09,388 INFO L290 TraceCheckUtils]: 75: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~18; {28810#true} is VALID [2022-02-20 18:03:09,388 INFO L290 TraceCheckUtils]: 76: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {28810#true} is VALID [2022-02-20 18:03:09,388 INFO L290 TraceCheckUtils]: 77: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,388 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {28810#true} {28811#false} #1140#return; {28811#false} is VALID [2022-02-20 18:03:09,388 INFO L290 TraceCheckUtils]: 79: Hoare triple {28811#false} assume -2147483648 <= sign_#t~ret78#1 && sign_#t~ret78#1 <= 2147483647;sign_~tmp~15#1 := sign_#t~ret78#1;havoc sign_#t~ret78#1;sign_~privkey~1#1 := sign_~tmp~15#1; {28811#false} is VALID [2022-02-20 18:03:09,388 INFO L290 TraceCheckUtils]: 80: Hoare triple {28811#false} assume 0 == sign_~privkey~1#1; {28811#false} is VALID [2022-02-20 18:03:09,388 INFO L290 TraceCheckUtils]: 81: Hoare triple {28811#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1, outgoing__wrappee__AddressBook_#t~ret65#1, outgoing__wrappee__AddressBook_#t~ret66#1, outgoing__wrappee__AddressBook_#t~ret67#1, outgoing__wrappee__AddressBook_#t~ret68#1, outgoing__wrappee__AddressBook_#t~ret69#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~11#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~11#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {28811#false} is VALID [2022-02-20 18:03:09,388 INFO L272 TraceCheckUtils]: 82: Hoare triple {28811#false} call outgoing__wrappee__AddressBook_#t~ret64#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {28810#true} is VALID [2022-02-20 18:03:09,389 INFO L290 TraceCheckUtils]: 83: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~12; {28810#true} is VALID [2022-02-20 18:03:09,389 INFO L290 TraceCheckUtils]: 84: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~12; {28810#true} is VALID [2022-02-20 18:03:09,389 INFO L290 TraceCheckUtils]: 85: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,389 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {28810#true} {28811#false} #1142#return; {28811#false} is VALID [2022-02-20 18:03:09,389 INFO L290 TraceCheckUtils]: 87: Hoare triple {28811#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret64#1 && outgoing__wrappee__AddressBook_#t~ret64#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~11#1 := outgoing__wrappee__AddressBook_#t~ret64#1;havoc outgoing__wrappee__AddressBook_#t~ret64#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~11#1; {28811#false} is VALID [2022-02-20 18:03:09,389 INFO L290 TraceCheckUtils]: 88: Hoare triple {28811#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {28811#false} is VALID [2022-02-20 18:03:09,389 INFO L290 TraceCheckUtils]: 89: Hoare triple {28811#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret65#1 := puts(25, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret65#1 && outgoing__wrappee__AddressBook_#t~ret65#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret65#1; {28811#false} is VALID [2022-02-20 18:03:09,389 INFO L272 TraceCheckUtils]: 90: Hoare triple {28811#false} call outgoing__wrappee__AddressBook_#t~ret66#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {28810#true} is VALID [2022-02-20 18:03:09,389 INFO L290 TraceCheckUtils]: 91: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,389 INFO L290 TraceCheckUtils]: 92: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,390 INFO L290 TraceCheckUtils]: 93: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,390 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {28810#true} {28811#false} #1144#return; {28811#false} is VALID [2022-02-20 18:03:09,390 INFO L290 TraceCheckUtils]: 95: Hoare triple {28811#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret66#1 && outgoing__wrappee__AddressBook_#t~ret66#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret66#1;havoc outgoing__wrappee__AddressBook_#t~ret66#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret67#1 := puts(26, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret67#1 && outgoing__wrappee__AddressBook_#t~ret67#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret67#1; {28811#false} is VALID [2022-02-20 18:03:09,390 INFO L272 TraceCheckUtils]: 96: Hoare triple {28811#false} call outgoing__wrappee__AddressBook_#t~ret68#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {28810#true} is VALID [2022-02-20 18:03:09,390 INFO L290 TraceCheckUtils]: 97: Hoare triple {28810#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~16; {28810#true} is VALID [2022-02-20 18:03:09,390 INFO L290 TraceCheckUtils]: 98: Hoare triple {28810#true} assume 1 == ~handle; {28810#true} is VALID [2022-02-20 18:03:09,390 INFO L290 TraceCheckUtils]: 99: Hoare triple {28810#true} assume 0 == ~index;~retValue_acc~16 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~16; {28810#true} is VALID [2022-02-20 18:03:09,390 INFO L290 TraceCheckUtils]: 100: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,390 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {28810#true} {28811#false} #1146#return; {28811#false} is VALID [2022-02-20 18:03:09,390 INFO L290 TraceCheckUtils]: 102: Hoare triple {28811#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret68#1 && outgoing__wrappee__AddressBook_#t~ret68#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret68#1;havoc outgoing__wrappee__AddressBook_#t~ret68#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {28811#false} is VALID [2022-02-20 18:03:09,391 INFO L272 TraceCheckUtils]: 103: Hoare triple {28811#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {28910#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:09,391 INFO L290 TraceCheckUtils]: 104: Hoare triple {28910#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,391 INFO L290 TraceCheckUtils]: 105: Hoare triple {28810#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,391 INFO L290 TraceCheckUtils]: 106: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,391 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {28810#true} {28811#false} #1148#return; {28811#false} is VALID [2022-02-20 18:03:09,391 INFO L272 TraceCheckUtils]: 108: Hoare triple {28811#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {28811#false} is VALID [2022-02-20 18:03:09,391 INFO L290 TraceCheckUtils]: 109: Hoare triple {28811#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~10#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {28811#false} is VALID [2022-02-20 18:03:09,391 INFO L272 TraceCheckUtils]: 110: Hoare triple {28811#false} call #t~ret62#1 := getEmailTo(~msg#1); {28810#true} is VALID [2022-02-20 18:03:09,391 INFO L290 TraceCheckUtils]: 111: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,391 INFO L290 TraceCheckUtils]: 112: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,392 INFO L290 TraceCheckUtils]: 113: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,392 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {28810#true} {28811#false} #1160#return; {28811#false} is VALID [2022-02-20 18:03:09,392 INFO L290 TraceCheckUtils]: 115: Hoare triple {28811#false} assume -2147483648 <= #t~ret62#1 && #t~ret62#1 <= 2147483647;~tmp~10#1 := #t~ret62#1;havoc #t~ret62#1;~receiver~0#1 := ~tmp~10#1; {28811#false} is VALID [2022-02-20 18:03:09,392 INFO L272 TraceCheckUtils]: 116: Hoare triple {28811#false} call #t~ret63#1 := findPublicKey(~client#1, ~receiver~0#1); {28810#true} is VALID [2022-02-20 18:03:09,392 INFO L290 TraceCheckUtils]: 117: Hoare triple {28810#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~23; {28810#true} is VALID [2022-02-20 18:03:09,392 INFO L290 TraceCheckUtils]: 118: Hoare triple {28810#true} assume 1 == ~handle; {28810#true} is VALID [2022-02-20 18:03:09,392 INFO L290 TraceCheckUtils]: 119: Hoare triple {28810#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~23 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~23; {28810#true} is VALID [2022-02-20 18:03:09,392 INFO L290 TraceCheckUtils]: 120: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,392 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {28810#true} {28811#false} #1162#return; {28811#false} is VALID [2022-02-20 18:03:09,392 INFO L290 TraceCheckUtils]: 122: Hoare triple {28811#false} assume -2147483648 <= #t~ret63#1 && #t~ret63#1 <= 2147483647;~tmp___0~3#1 := #t~ret63#1;havoc #t~ret63#1;~pubkey~0#1 := ~tmp___0~3#1; {28811#false} is VALID [2022-02-20 18:03:09,393 INFO L290 TraceCheckUtils]: 123: Hoare triple {28811#false} assume !(0 != ~pubkey~0#1); {28811#false} is VALID [2022-02-20 18:03:09,393 INFO L290 TraceCheckUtils]: 124: Hoare triple {28811#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret61#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~9#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~25#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~25#1; {28811#false} is VALID [2022-02-20 18:03:09,393 INFO L290 TraceCheckUtils]: 125: Hoare triple {28811#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~25#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~25#1; {28811#false} is VALID [2022-02-20 18:03:09,393 INFO L290 TraceCheckUtils]: 126: Hoare triple {28811#false} outgoing__wrappee__Keys_#t~ret61#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret61#1 && outgoing__wrappee__Keys_#t~ret61#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~9#1 := outgoing__wrappee__Keys_#t~ret61#1;havoc outgoing__wrappee__Keys_#t~ret61#1; {28811#false} is VALID [2022-02-20 18:03:09,393 INFO L272 TraceCheckUtils]: 127: Hoare triple {28811#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~9#1); {28909#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:09,393 INFO L290 TraceCheckUtils]: 128: Hoare triple {28909#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28810#true} is VALID [2022-02-20 18:03:09,393 INFO L290 TraceCheckUtils]: 129: Hoare triple {28810#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28810#true} is VALID [2022-02-20 18:03:09,393 INFO L290 TraceCheckUtils]: 130: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,393 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {28810#true} {28811#false} #1168#return; {28811#false} is VALID [2022-02-20 18:03:09,393 INFO L290 TraceCheckUtils]: 132: Hoare triple {28811#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret59#1, mail_#t~ret60#1, mail_~client#1, mail_~msg#1, mail_~tmp~8#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~8#1;call mail_#t~ret59#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret59#1 && mail_#t~ret59#1 <= 2147483647;havoc mail_#t~ret59#1; {28811#false} is VALID [2022-02-20 18:03:09,394 INFO L272 TraceCheckUtils]: 133: Hoare triple {28811#false} call mail_#t~ret60#1 := getEmailTo(mail_~msg#1); {28810#true} is VALID [2022-02-20 18:03:09,394 INFO L290 TraceCheckUtils]: 134: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,394 INFO L290 TraceCheckUtils]: 135: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~34 := ~__ste_email_to0~0;#res := ~retValue_acc~34; {28810#true} is VALID [2022-02-20 18:03:09,394 INFO L290 TraceCheckUtils]: 136: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,394 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {28810#true} {28811#false} #1170#return; {28811#false} is VALID [2022-02-20 18:03:09,394 INFO L290 TraceCheckUtils]: 138: Hoare triple {28811#false} assume -2147483648 <= mail_#t~ret60#1 && mail_#t~ret60#1 <= 2147483647;mail_~tmp~8#1 := mail_#t~ret60#1;havoc mail_#t~ret60#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~8#1, mail_~msg#1;havoc incoming_#t~ret71#1, incoming_#t~ret72#1, incoming_#t~ret73#1, incoming_#t~ret74#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~12#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~12#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {28811#false} is VALID [2022-02-20 18:03:09,394 INFO L272 TraceCheckUtils]: 139: Hoare triple {28811#false} call incoming_#t~ret71#1 := getClientPrivateKey(incoming_~client#1); {28810#true} is VALID [2022-02-20 18:03:09,394 INFO L290 TraceCheckUtils]: 140: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~18; {28810#true} is VALID [2022-02-20 18:03:09,394 INFO L290 TraceCheckUtils]: 141: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~18; {28810#true} is VALID [2022-02-20 18:03:09,394 INFO L290 TraceCheckUtils]: 142: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,394 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {28810#true} {28811#false} #1172#return; {28811#false} is VALID [2022-02-20 18:03:09,395 INFO L290 TraceCheckUtils]: 144: Hoare triple {28811#false} assume -2147483648 <= incoming_#t~ret71#1 && incoming_#t~ret71#1 <= 2147483647;incoming_~tmp~12#1 := incoming_#t~ret71#1;havoc incoming_#t~ret71#1;incoming_~privkey~0#1 := incoming_~tmp~12#1; {28811#false} is VALID [2022-02-20 18:03:09,395 INFO L290 TraceCheckUtils]: 145: Hoare triple {28811#false} assume !(0 != incoming_~privkey~0#1); {28811#false} is VALID [2022-02-20 18:03:09,395 INFO L290 TraceCheckUtils]: 146: Hoare triple {28811#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_#t~ret83#1, verify_#t~ret84#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~16#1, verify_~tmp___0~6#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~16#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~7#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~7#1; {28811#false} is VALID [2022-02-20 18:03:09,395 INFO L272 TraceCheckUtils]: 147: Hoare triple {28811#false} call __utac_acc__EncryptVerify_spec__1_#t~ret58#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {28810#true} is VALID [2022-02-20 18:03:09,395 INFO L290 TraceCheckUtils]: 148: Hoare triple {28810#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~27#1;havoc ~tmp~23#1; {28810#true} is VALID [2022-02-20 18:03:09,395 INFO L272 TraceCheckUtils]: 149: Hoare triple {28810#true} call #t~ret105#1 := isEncrypted(~msg#1); {28810#true} is VALID [2022-02-20 18:03:09,395 INFO L290 TraceCheckUtils]: 150: Hoare triple {28810#true} ~handle := #in~handle;havoc ~retValue_acc~37; {28810#true} is VALID [2022-02-20 18:03:09,395 INFO L290 TraceCheckUtils]: 151: Hoare triple {28810#true} assume 1 == ~handle;~retValue_acc~37 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~37; {28810#true} is VALID [2022-02-20 18:03:09,395 INFO L290 TraceCheckUtils]: 152: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,396 INFO L284 TraceCheckUtils]: 153: Hoare quadruple {28810#true} {28810#true} #1262#return; {28810#true} is VALID [2022-02-20 18:03:09,396 INFO L290 TraceCheckUtils]: 154: Hoare triple {28810#true} assume -2147483648 <= #t~ret105#1 && #t~ret105#1 <= 2147483647;~tmp~23#1 := #t~ret105#1;havoc #t~ret105#1; {28810#true} is VALID [2022-02-20 18:03:09,396 INFO L290 TraceCheckUtils]: 155: Hoare triple {28810#true} assume 0 != ~tmp~23#1;~retValue_acc~27#1 := 0;#res#1 := ~retValue_acc~27#1; {28810#true} is VALID [2022-02-20 18:03:09,396 INFO L290 TraceCheckUtils]: 156: Hoare triple {28810#true} assume true; {28810#true} is VALID [2022-02-20 18:03:09,396 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {28810#true} {28811#false} #1184#return; {28811#false} is VALID [2022-02-20 18:03:09,396 INFO L290 TraceCheckUtils]: 158: Hoare triple {28811#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret58#1 && __utac_acc__EncryptVerify_spec__1_#t~ret58#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~7#1 := __utac_acc__EncryptVerify_spec__1_#t~ret58#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret58#1; {28811#false} is VALID [2022-02-20 18:03:09,396 INFO L290 TraceCheckUtils]: 159: Hoare triple {28811#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~7#1);assume { :begin_inline___automaton_fail } true; {28811#false} is VALID [2022-02-20 18:03:09,396 INFO L290 TraceCheckUtils]: 160: Hoare triple {28811#false} assume !false; {28811#false} is VALID [2022-02-20 18:03:09,397 INFO L134 CoverageAnalysis]: Checked inductivity of 52 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 38 trivial. 0 not checked. [2022-02-20 18:03:09,397 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:09,397 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [592417785] [2022-02-20 18:03:09,397 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [592417785] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:09,397 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:09,397 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:03:09,397 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [12256153] [2022-02-20 18:03:09,397 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:09,398 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.909090909090908) internal successors, (98), 8 states have internal predecessors, (98), 4 states have call successors, (23), 6 states have call predecessors, (23), 3 states have return successors, (20), 3 states have call predecessors, (20), 4 states have call successors, (20) Word has length 161 [2022-02-20 18:03:09,399 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:09,399 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.909090909090908) internal successors, (98), 8 states have internal predecessors, (98), 4 states have call successors, (23), 6 states have call predecessors, (23), 3 states have return successors, (20), 3 states have call predecessors, (20), 4 states have call successors, (20) [2022-02-20 18:03:09,476 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 141 edges. 141 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:09,476 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:03:09,476 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:09,476 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:03:09,476 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:09,477 INFO L87 Difference]: Start difference. First operand 468 states and 720 transitions. Second operand has 12 states, 11 states have (on average 8.909090909090908) internal successors, (98), 8 states have internal predecessors, (98), 4 states have call successors, (23), 6 states have call predecessors, (23), 3 states have return successors, (20), 3 states have call predecessors, (20), 4 states have call successors, (20) [2022-02-20 18:03:19,277 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:19,277 INFO L93 Difference]: Finished difference Result 1010 states and 1577 transitions. [2022-02-20 18:03:19,277 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:03:19,278 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.909090909090908) internal successors, (98), 8 states have internal predecessors, (98), 4 states have call successors, (23), 6 states have call predecessors, (23), 3 states have return successors, (20), 3 states have call predecessors, (20), 4 states have call successors, (20) Word has length 161 [2022-02-20 18:03:19,278 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:19,278 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.909090909090908) internal successors, (98), 8 states have internal predecessors, (98), 4 states have call successors, (23), 6 states have call predecessors, (23), 3 states have return successors, (20), 3 states have call predecessors, (20), 4 states have call successors, (20) [2022-02-20 18:03:19,287 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1340 transitions. [2022-02-20 18:03:19,287 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.909090909090908) internal successors, (98), 8 states have internal predecessors, (98), 4 states have call successors, (23), 6 states have call predecessors, (23), 3 states have return successors, (20), 3 states have call predecessors, (20), 4 states have call successors, (20) [2022-02-20 18:03:19,296 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1340 transitions. [2022-02-20 18:03:19,296 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1340 transitions.