./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec7_product31.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec7_product31.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 77705a63487ad2667abe7e61d03fbac9d343255168bc183f3ebec6cdcc7d3824 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:02:29,054 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:02:29,057 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:02:29,094 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:02:29,095 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:02:29,099 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:02:29,100 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:02:29,104 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:02:29,106 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:02:29,110 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:02:29,111 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:02:29,112 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:02:29,113 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:02:29,116 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:02:29,117 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:02:29,120 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:02:29,122 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:02:29,123 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:02:29,125 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:02:29,131 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:02:29,133 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:02:29,134 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:02:29,136 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:02:29,137 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:02:29,143 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:02:29,143 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:02:29,144 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:02:29,146 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:02:29,146 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:02:29,147 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:02:29,147 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:02:29,148 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:02:29,149 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:02:29,150 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:02:29,151 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:02:29,152 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:02:29,152 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:02:29,152 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:02:29,153 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:02:29,153 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:02:29,154 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:02:29,156 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:02:29,181 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:02:29,181 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:02:29,182 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:02:29,182 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:02:29,183 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:02:29,183 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:02:29,184 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:02:29,184 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:02:29,184 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:02:29,184 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:02:29,185 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:02:29,185 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:02:29,186 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:02:29,186 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:02:29,186 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:02:29,186 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:02:29,186 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:02:29,186 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:02:29,187 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:02:29,187 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:02:29,187 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:02:29,187 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:02:29,187 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:02:29,188 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:02:29,188 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:02:29,188 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:02:29,188 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:02:29,189 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:02:29,189 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:02:29,190 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:02:29,190 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:02:29,190 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:02:29,190 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:02:29,190 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 77705a63487ad2667abe7e61d03fbac9d343255168bc183f3ebec6cdcc7d3824 [2022-02-20 18:02:29,430 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:02:29,501 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:02:29,504 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:02:29,505 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:02:29,506 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:02:29,507 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec7_product31.cil.c [2022-02-20 18:02:29,578 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/69dda3843/92e8b12b384b405e82c194cedc6b8737/FLAG50de8a5e0 [2022-02-20 18:02:30,093 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:02:30,094 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product31.cil.c [2022-02-20 18:02:30,134 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/69dda3843/92e8b12b384b405e82c194cedc6b8737/FLAG50de8a5e0 [2022-02-20 18:02:30,408 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/69dda3843/92e8b12b384b405e82c194cedc6b8737 [2022-02-20 18:02:30,410 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:02:30,411 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:02:30,423 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:02:30,424 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:02:30,426 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:02:30,427 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:02:30" (1/1) ... [2022-02-20 18:02:30,428 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5671217d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:30, skipping insertion in model container [2022-02-20 18:02:30,428 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:02:30" (1/1) ... [2022-02-20 18:02:30,433 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:02:30,487 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:02:30,799 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product31.cil.c[7290,7303] [2022-02-20 18:02:31,089 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:02:31,105 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:02:31,132 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec7_product31.cil.c[7290,7303] [2022-02-20 18:02:31,213 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:02:31,242 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:02:31,243 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31 WrapperNode [2022-02-20 18:02:31,243 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:02:31,244 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:02:31,244 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:02:31,244 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:02:31,249 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,268 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,344 INFO L137 Inliner]: procedures = 131, calls = 215, calls flagged for inlining = 61, calls inlined = 56, statements flattened = 1005 [2022-02-20 18:02:31,345 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:02:31,345 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:02:31,345 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:02:31,346 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:02:31,365 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,365 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,378 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,381 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,404 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,415 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,425 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,432 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:02:31,433 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:02:31,433 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:02:31,434 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:02:31,435 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (1/1) ... [2022-02-20 18:02:31,457 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:02:31,468 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:31,484 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:02:31,500 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:02:31,531 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 18:02:31,532 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 18:02:31,532 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:02:31,532 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:02:31,532 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:02:31,532 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:02:31,533 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:02:31,533 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:02:31,534 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:02:31,534 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:02:31,535 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 18:02:31,535 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 18:02:31,535 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:02:31,535 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:02:31,535 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:02:31,535 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:02:31,535 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 18:02:31,536 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 18:02:31,536 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:02:31,536 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:02:31,536 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:02:31,536 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:02:31,536 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:02:31,536 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:02:31,536 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:02:31,537 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:02:31,537 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 18:02:31,537 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 18:02:31,537 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 18:02:31,537 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 18:02:31,537 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:02:31,537 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:02:31,538 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:02:31,538 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:02:31,538 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:02:31,538 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:02:31,539 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 18:02:31,539 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 18:02:31,539 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:02:31,539 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:02:31,539 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:02:31,539 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:02:31,540 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:02:31,540 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:02:31,540 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:02:31,540 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:02:31,540 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:02:31,540 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:02:31,540 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:02:31,541 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:02:31,541 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:02:31,809 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:02:31,812 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:02:32,664 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:02:32,683 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:02:32,684 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:02:32,686 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:02:32 BoogieIcfgContainer [2022-02-20 18:02:32,686 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:02:32,688 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:02:32,688 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:02:32,691 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:02:32,691 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:02:30" (1/3) ... [2022-02-20 18:02:32,692 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@22299e3e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:02:32, skipping insertion in model container [2022-02-20 18:02:32,692 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:02:31" (2/3) ... [2022-02-20 18:02:32,693 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@22299e3e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:02:32, skipping insertion in model container [2022-02-20 18:02:32,693 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:02:32" (3/3) ... [2022-02-20 18:02:32,694 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec7_product31.cil.c [2022-02-20 18:02:32,701 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:02:32,701 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:02:32,744 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:02:32,748 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:02:32,748 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:02:32,773 INFO L276 IsEmpty]: Start isEmpty. Operand has 366 states, 283 states have (on average 1.5017667844522968) internal successors, (425), 287 states have internal predecessors, (425), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (58), 58 states have call predecessors, (58), 58 states have call successors, (58) [2022-02-20 18:02:32,786 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 121 [2022-02-20 18:02:32,787 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:32,788 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:32,788 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:32,792 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:32,792 INFO L85 PathProgramCache]: Analyzing trace with hash -1669286504, now seen corresponding path program 1 times [2022-02-20 18:02:32,802 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:32,802 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1341809033] [2022-02-20 18:02:32,803 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:32,804 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:33,016 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,132 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:33,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,151 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {369#true} #1064#return; {369#true} is VALID [2022-02-20 18:02:33,173 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:33,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,186 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,186 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,186 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {369#true} #1066#return; {369#true} is VALID [2022-02-20 18:02:33,187 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:33,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,220 INFO L290 TraceCheckUtils]: 0: Hoare triple {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {441#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,221 INFO L290 TraceCheckUtils]: 1: Hoare triple {441#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {442#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:33,221 INFO L290 TraceCheckUtils]: 2: Hoare triple {442#(= |setClientId_#in~handle| 1)} assume true; {442#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:33,222 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {442#(= |setClientId_#in~handle| 1)} {379#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1068#return; {370#false} is VALID [2022-02-20 18:02:33,222 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:33,225 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,235 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #1070#return; {370#false} is VALID [2022-02-20 18:02:33,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:33,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,245 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,245 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #1072#return; {370#false} is VALID [2022-02-20 18:02:33,245 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:33,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,257 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,257 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,257 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #1074#return; {370#false} is VALID [2022-02-20 18:02:33,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:02:33,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,275 INFO L290 TraceCheckUtils]: 0: Hoare triple {443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,276 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,276 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,276 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #1050#return; {370#false} is VALID [2022-02-20 18:02:33,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:02:33,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {444#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,294 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #1052#return; {370#false} is VALID [2022-02-20 18:02:33,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:33,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~36; {369#true} is VALID [2022-02-20 18:02:33,299 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {369#true} is VALID [2022-02-20 18:02:33,299 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,299 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #994#return; {370#false} is VALID [2022-02-20 18:02:33,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:02:33,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~9; {369#true} is VALID [2022-02-20 18:02:33,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {369#true} is VALID [2022-02-20 18:02:33,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,308 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #996#return; {370#false} is VALID [2022-02-20 18:02:33,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:02:33,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {369#true} is VALID [2022-02-20 18:02:33,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle; {369#true} is VALID [2022-02-20 18:02:33,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {369#true} is VALID [2022-02-20 18:02:33,322 INFO L290 TraceCheckUtils]: 3: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,322 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {369#true} {370#false} #998#return; {370#false} is VALID [2022-02-20 18:02:33,322 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:02:33,324 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,326 INFO L290 TraceCheckUtils]: 0: Hoare triple {443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,327 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,327 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #1004#return; {370#false} is VALID [2022-02-20 18:02:33,327 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:02:33,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,331 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~9; {369#true} is VALID [2022-02-20 18:02:33,335 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {369#true} is VALID [2022-02-20 18:02:33,335 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,335 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #1006#return; {370#false} is VALID [2022-02-20 18:02:33,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:02:33,337 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~36; {369#true} is VALID [2022-02-20 18:02:33,352 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {369#true} is VALID [2022-02-20 18:02:33,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,353 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {370#false} #1008#return; {370#false} is VALID [2022-02-20 18:02:33,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:02:33,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,360 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:33,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~12; {369#true} is VALID [2022-02-20 18:02:33,364 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {369#true} is VALID [2022-02-20 18:02:33,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,364 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {369#true} {369#true} #1108#return; {369#true} is VALID [2022-02-20 18:02:33,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {369#true} is VALID [2022-02-20 18:02:33,365 INFO L272 TraceCheckUtils]: 1: Hoare triple {369#true} call #t~ret88#1 := isEncrypted(~msg#1); {369#true} is VALID [2022-02-20 18:02:33,365 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~12; {369#true} is VALID [2022-02-20 18:02:33,365 INFO L290 TraceCheckUtils]: 3: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {369#true} is VALID [2022-02-20 18:02:33,365 INFO L290 TraceCheckUtils]: 4: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,366 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {369#true} {369#true} #1108#return; {369#true} is VALID [2022-02-20 18:02:33,366 INFO L290 TraceCheckUtils]: 6: Hoare triple {369#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {369#true} is VALID [2022-02-20 18:02:33,366 INFO L290 TraceCheckUtils]: 7: Hoare triple {369#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {369#true} is VALID [2022-02-20 18:02:33,366 INFO L290 TraceCheckUtils]: 8: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,367 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {369#true} {370#false} #1020#return; {370#false} is VALID [2022-02-20 18:02:33,367 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {369#true} is VALID [2022-02-20 18:02:33,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {369#true} is VALID [2022-02-20 18:02:33,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {369#true} is VALID [2022-02-20 18:02:33,368 INFO L290 TraceCheckUtils]: 3: Hoare triple {369#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {369#true} is VALID [2022-02-20 18:02:33,368 INFO L290 TraceCheckUtils]: 4: Hoare triple {369#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {369#true} is VALID [2022-02-20 18:02:33,369 INFO L290 TraceCheckUtils]: 5: Hoare triple {369#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {369#true} is VALID [2022-02-20 18:02:33,370 INFO L272 TraceCheckUtils]: 6: Hoare triple {369#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:33,370 INFO L290 TraceCheckUtils]: 7: Hoare triple {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,370 INFO L290 TraceCheckUtils]: 8: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,371 INFO L290 TraceCheckUtils]: 9: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,371 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {369#true} {369#true} #1064#return; {369#true} is VALID [2022-02-20 18:02:33,371 INFO L290 TraceCheckUtils]: 11: Hoare triple {369#true} assume { :end_inline_setup_bob__wrappee__Base } true; {369#true} is VALID [2022-02-20 18:02:33,372 INFO L272 TraceCheckUtils]: 12: Hoare triple {369#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:33,372 INFO L290 TraceCheckUtils]: 13: Hoare triple {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,372 INFO L290 TraceCheckUtils]: 14: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,373 INFO L290 TraceCheckUtils]: 15: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,373 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {369#true} {369#true} #1066#return; {369#true} is VALID [2022-02-20 18:02:33,374 INFO L290 TraceCheckUtils]: 17: Hoare triple {369#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {379#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:33,375 INFO L272 TraceCheckUtils]: 18: Hoare triple {379#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:33,375 INFO L290 TraceCheckUtils]: 19: Hoare triple {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {441#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:33,376 INFO L290 TraceCheckUtils]: 20: Hoare triple {441#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {442#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:33,376 INFO L290 TraceCheckUtils]: 21: Hoare triple {442#(= |setClientId_#in~handle| 1)} assume true; {442#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:33,377 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {442#(= |setClientId_#in~handle| 1)} {379#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1068#return; {370#false} is VALID [2022-02-20 18:02:33,377 INFO L290 TraceCheckUtils]: 23: Hoare triple {370#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {370#false} is VALID [2022-02-20 18:02:33,377 INFO L272 TraceCheckUtils]: 24: Hoare triple {370#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:33,377 INFO L290 TraceCheckUtils]: 25: Hoare triple {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,378 INFO L290 TraceCheckUtils]: 26: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,378 INFO L290 TraceCheckUtils]: 27: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,378 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {369#true} {370#false} #1070#return; {370#false} is VALID [2022-02-20 18:02:33,378 INFO L290 TraceCheckUtils]: 29: Hoare triple {370#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {370#false} is VALID [2022-02-20 18:02:33,379 INFO L272 TraceCheckUtils]: 30: Hoare triple {370#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:33,379 INFO L290 TraceCheckUtils]: 31: Hoare triple {439#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,379 INFO L290 TraceCheckUtils]: 32: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,379 INFO L290 TraceCheckUtils]: 33: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,379 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {369#true} {370#false} #1072#return; {370#false} is VALID [2022-02-20 18:02:33,380 INFO L290 TraceCheckUtils]: 35: Hoare triple {370#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {370#false} is VALID [2022-02-20 18:02:33,380 INFO L272 TraceCheckUtils]: 36: Hoare triple {370#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:33,380 INFO L290 TraceCheckUtils]: 37: Hoare triple {440#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,380 INFO L290 TraceCheckUtils]: 38: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,381 INFO L290 TraceCheckUtils]: 39: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,381 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {369#true} {370#false} #1074#return; {370#false} is VALID [2022-02-20 18:02:33,381 INFO L290 TraceCheckUtils]: 41: Hoare triple {370#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {370#false} is VALID [2022-02-20 18:02:33,381 INFO L290 TraceCheckUtils]: 42: Hoare triple {370#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {370#false} is VALID [2022-02-20 18:02:33,382 INFO L290 TraceCheckUtils]: 43: Hoare triple {370#false} assume false; {370#false} is VALID [2022-02-20 18:02:33,382 INFO L290 TraceCheckUtils]: 44: Hoare triple {370#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {370#false} is VALID [2022-02-20 18:02:33,382 INFO L272 TraceCheckUtils]: 45: Hoare triple {370#false} call sendEmail(~bob~0, ~rjh~0); {370#false} is VALID [2022-02-20 18:02:33,382 INFO L290 TraceCheckUtils]: 46: Hoare triple {370#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {370#false} is VALID [2022-02-20 18:02:33,383 INFO L272 TraceCheckUtils]: 47: Hoare triple {370#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:33,383 INFO L290 TraceCheckUtils]: 48: Hoare triple {443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,383 INFO L290 TraceCheckUtils]: 49: Hoare triple {369#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,383 INFO L290 TraceCheckUtils]: 50: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,384 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {369#true} {370#false} #1050#return; {370#false} is VALID [2022-02-20 18:02:33,384 INFO L272 TraceCheckUtils]: 52: Hoare triple {370#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {444#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:33,384 INFO L290 TraceCheckUtils]: 53: Hoare triple {444#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,384 INFO L290 TraceCheckUtils]: 54: Hoare triple {369#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,384 INFO L290 TraceCheckUtils]: 55: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,385 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {369#true} {370#false} #1052#return; {370#false} is VALID [2022-02-20 18:02:33,385 INFO L290 TraceCheckUtils]: 57: Hoare triple {370#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {370#false} is VALID [2022-02-20 18:02:33,385 INFO L290 TraceCheckUtils]: 58: Hoare triple {370#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {370#false} is VALID [2022-02-20 18:02:33,385 INFO L272 TraceCheckUtils]: 59: Hoare triple {370#false} call outgoing(~sender#1, ~email~0#1); {370#false} is VALID [2022-02-20 18:02:33,386 INFO L290 TraceCheckUtils]: 60: Hoare triple {370#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {370#false} is VALID [2022-02-20 18:02:33,386 INFO L272 TraceCheckUtils]: 61: Hoare triple {370#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {369#true} is VALID [2022-02-20 18:02:33,386 INFO L290 TraceCheckUtils]: 62: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~36; {369#true} is VALID [2022-02-20 18:02:33,386 INFO L290 TraceCheckUtils]: 63: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {369#true} is VALID [2022-02-20 18:02:33,386 INFO L290 TraceCheckUtils]: 64: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,387 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {369#true} {370#false} #994#return; {370#false} is VALID [2022-02-20 18:02:33,387 INFO L290 TraceCheckUtils]: 66: Hoare triple {370#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {370#false} is VALID [2022-02-20 18:02:33,387 INFO L290 TraceCheckUtils]: 67: Hoare triple {370#false} assume 0 == sign_~privkey~1#1; {370#false} is VALID [2022-02-20 18:02:33,387 INFO L290 TraceCheckUtils]: 68: Hoare triple {370#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {370#false} is VALID [2022-02-20 18:02:33,388 INFO L272 TraceCheckUtils]: 69: Hoare triple {370#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {369#true} is VALID [2022-02-20 18:02:33,388 INFO L290 TraceCheckUtils]: 70: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~9; {369#true} is VALID [2022-02-20 18:02:33,388 INFO L290 TraceCheckUtils]: 71: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {369#true} is VALID [2022-02-20 18:02:33,388 INFO L290 TraceCheckUtils]: 72: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,388 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {369#true} {370#false} #996#return; {370#false} is VALID [2022-02-20 18:02:33,389 INFO L290 TraceCheckUtils]: 74: Hoare triple {370#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {370#false} is VALID [2022-02-20 18:02:33,389 INFO L272 TraceCheckUtils]: 75: Hoare triple {370#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {369#true} is VALID [2022-02-20 18:02:33,389 INFO L290 TraceCheckUtils]: 76: Hoare triple {369#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {369#true} is VALID [2022-02-20 18:02:33,389 INFO L290 TraceCheckUtils]: 77: Hoare triple {369#true} assume 1 == ~handle; {369#true} is VALID [2022-02-20 18:02:33,390 INFO L290 TraceCheckUtils]: 78: Hoare triple {369#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {369#true} is VALID [2022-02-20 18:02:33,390 INFO L290 TraceCheckUtils]: 79: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,390 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {369#true} {370#false} #998#return; {370#false} is VALID [2022-02-20 18:02:33,390 INFO L290 TraceCheckUtils]: 81: Hoare triple {370#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {370#false} is VALID [2022-02-20 18:02:33,390 INFO L290 TraceCheckUtils]: 82: Hoare triple {370#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {370#false} is VALID [2022-02-20 18:02:33,391 INFO L290 TraceCheckUtils]: 83: Hoare triple {370#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {370#false} is VALID [2022-02-20 18:02:33,391 INFO L290 TraceCheckUtils]: 84: Hoare triple {370#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {370#false} is VALID [2022-02-20 18:02:33,391 INFO L290 TraceCheckUtils]: 85: Hoare triple {370#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {370#false} is VALID [2022-02-20 18:02:33,391 INFO L272 TraceCheckUtils]: 86: Hoare triple {370#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:33,392 INFO L290 TraceCheckUtils]: 87: Hoare triple {443#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:33,392 INFO L290 TraceCheckUtils]: 88: Hoare triple {369#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:33,392 INFO L290 TraceCheckUtils]: 89: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,392 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {369#true} {370#false} #1004#return; {370#false} is VALID [2022-02-20 18:02:33,392 INFO L290 TraceCheckUtils]: 91: Hoare triple {370#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {370#false} is VALID [2022-02-20 18:02:33,393 INFO L272 TraceCheckUtils]: 92: Hoare triple {370#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {369#true} is VALID [2022-02-20 18:02:33,393 INFO L290 TraceCheckUtils]: 93: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~9; {369#true} is VALID [2022-02-20 18:02:33,393 INFO L290 TraceCheckUtils]: 94: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {369#true} is VALID [2022-02-20 18:02:33,393 INFO L290 TraceCheckUtils]: 95: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,393 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {369#true} {370#false} #1006#return; {370#false} is VALID [2022-02-20 18:02:33,401 INFO L290 TraceCheckUtils]: 97: Hoare triple {370#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {370#false} is VALID [2022-02-20 18:02:33,402 INFO L272 TraceCheckUtils]: 98: Hoare triple {370#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {369#true} is VALID [2022-02-20 18:02:33,402 INFO L290 TraceCheckUtils]: 99: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~36; {369#true} is VALID [2022-02-20 18:02:33,402 INFO L290 TraceCheckUtils]: 100: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {369#true} is VALID [2022-02-20 18:02:33,403 INFO L290 TraceCheckUtils]: 101: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,403 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {369#true} {370#false} #1008#return; {370#false} is VALID [2022-02-20 18:02:33,403 INFO L290 TraceCheckUtils]: 103: Hoare triple {370#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {370#false} is VALID [2022-02-20 18:02:33,403 INFO L290 TraceCheckUtils]: 104: Hoare triple {370#false} assume !(0 != incoming_~privkey~0#1); {370#false} is VALID [2022-02-20 18:02:33,404 INFO L290 TraceCheckUtils]: 105: Hoare triple {370#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {370#false} is VALID [2022-02-20 18:02:33,404 INFO L272 TraceCheckUtils]: 106: Hoare triple {370#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {369#true} is VALID [2022-02-20 18:02:33,404 INFO L290 TraceCheckUtils]: 107: Hoare triple {369#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {369#true} is VALID [2022-02-20 18:02:33,404 INFO L272 TraceCheckUtils]: 108: Hoare triple {369#true} call #t~ret88#1 := isEncrypted(~msg#1); {369#true} is VALID [2022-02-20 18:02:33,405 INFO L290 TraceCheckUtils]: 109: Hoare triple {369#true} ~handle := #in~handle;havoc ~retValue_acc~12; {369#true} is VALID [2022-02-20 18:02:33,405 INFO L290 TraceCheckUtils]: 110: Hoare triple {369#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {369#true} is VALID [2022-02-20 18:02:33,405 INFO L290 TraceCheckUtils]: 111: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,405 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {369#true} {369#true} #1108#return; {369#true} is VALID [2022-02-20 18:02:33,406 INFO L290 TraceCheckUtils]: 113: Hoare triple {369#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {369#true} is VALID [2022-02-20 18:02:33,406 INFO L290 TraceCheckUtils]: 114: Hoare triple {369#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {369#true} is VALID [2022-02-20 18:02:33,406 INFO L290 TraceCheckUtils]: 115: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:33,406 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {369#true} {370#false} #1020#return; {370#false} is VALID [2022-02-20 18:02:33,406 INFO L290 TraceCheckUtils]: 117: Hoare triple {370#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {370#false} is VALID [2022-02-20 18:02:33,407 INFO L290 TraceCheckUtils]: 118: Hoare triple {370#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {370#false} is VALID [2022-02-20 18:02:33,407 INFO L290 TraceCheckUtils]: 119: Hoare triple {370#false} assume !false; {370#false} is VALID [2022-02-20 18:02:33,408 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:33,411 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:33,411 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1341809033] [2022-02-20 18:02:33,412 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1341809033] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:33,412 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1656246164] [2022-02-20 18:02:33,412 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:33,412 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:33,413 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:33,414 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:33,421 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:02:33,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,727 INFO L263 TraceCheckSpWp]: Trace formula consists of 1115 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:02:33,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:33,806 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:34,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {369#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {369#true} is VALID [2022-02-20 18:02:34,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {369#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {369#true} is VALID [2022-02-20 18:02:34,044 INFO L290 TraceCheckUtils]: 2: Hoare triple {369#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {369#true} is VALID [2022-02-20 18:02:34,044 INFO L290 TraceCheckUtils]: 3: Hoare triple {369#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {369#true} is VALID [2022-02-20 18:02:34,044 INFO L290 TraceCheckUtils]: 4: Hoare triple {369#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {369#true} is VALID [2022-02-20 18:02:34,049 INFO L290 TraceCheckUtils]: 5: Hoare triple {369#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {369#true} is VALID [2022-02-20 18:02:34,049 INFO L272 TraceCheckUtils]: 6: Hoare triple {369#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {369#true} is VALID [2022-02-20 18:02:34,049 INFO L290 TraceCheckUtils]: 7: Hoare triple {369#true} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:34,049 INFO L290 TraceCheckUtils]: 8: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:34,049 INFO L290 TraceCheckUtils]: 9: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:34,049 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {369#true} {369#true} #1064#return; {369#true} is VALID [2022-02-20 18:02:34,049 INFO L290 TraceCheckUtils]: 11: Hoare triple {369#true} assume { :end_inline_setup_bob__wrappee__Base } true; {369#true} is VALID [2022-02-20 18:02:34,049 INFO L272 TraceCheckUtils]: 12: Hoare triple {369#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {369#true} is VALID [2022-02-20 18:02:34,049 INFO L290 TraceCheckUtils]: 13: Hoare triple {369#true} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L290 TraceCheckUtils]: 14: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L290 TraceCheckUtils]: 15: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {369#true} {369#true} #1066#return; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L290 TraceCheckUtils]: 17: Hoare triple {369#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L272 TraceCheckUtils]: 18: Hoare triple {369#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {369#true} is VALID [2022-02-20 18:02:34,050 INFO L290 TraceCheckUtils]: 19: Hoare triple {369#true} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L290 TraceCheckUtils]: 20: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L290 TraceCheckUtils]: 21: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {369#true} {369#true} #1068#return; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L290 TraceCheckUtils]: 23: Hoare triple {369#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {369#true} is VALID [2022-02-20 18:02:34,050 INFO L272 TraceCheckUtils]: 24: Hoare triple {369#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {369#true} is VALID [2022-02-20 18:02:34,051 INFO L290 TraceCheckUtils]: 25: Hoare triple {369#true} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L290 TraceCheckUtils]: 26: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L290 TraceCheckUtils]: 27: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {369#true} {369#true} #1070#return; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L290 TraceCheckUtils]: 29: Hoare triple {369#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L272 TraceCheckUtils]: 30: Hoare triple {369#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {369#true} is VALID [2022-02-20 18:02:34,051 INFO L290 TraceCheckUtils]: 31: Hoare triple {369#true} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L290 TraceCheckUtils]: 32: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L290 TraceCheckUtils]: 33: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {369#true} {369#true} #1072#return; {369#true} is VALID [2022-02-20 18:02:34,051 INFO L290 TraceCheckUtils]: 35: Hoare triple {369#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {369#true} is VALID [2022-02-20 18:02:34,052 INFO L272 TraceCheckUtils]: 36: Hoare triple {369#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {369#true} is VALID [2022-02-20 18:02:34,052 INFO L290 TraceCheckUtils]: 37: Hoare triple {369#true} ~handle := #in~handle;~value := #in~value; {369#true} is VALID [2022-02-20 18:02:34,052 INFO L290 TraceCheckUtils]: 38: Hoare triple {369#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {369#true} is VALID [2022-02-20 18:02:34,052 INFO L290 TraceCheckUtils]: 39: Hoare triple {369#true} assume true; {369#true} is VALID [2022-02-20 18:02:34,052 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {369#true} {369#true} #1074#return; {369#true} is VALID [2022-02-20 18:02:34,052 INFO L290 TraceCheckUtils]: 41: Hoare triple {369#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {369#true} is VALID [2022-02-20 18:02:34,052 INFO L290 TraceCheckUtils]: 42: Hoare triple {369#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {369#true} is VALID [2022-02-20 18:02:34,053 INFO L290 TraceCheckUtils]: 43: Hoare triple {369#true} assume false; {370#false} is VALID [2022-02-20 18:02:34,053 INFO L290 TraceCheckUtils]: 44: Hoare triple {370#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {370#false} is VALID [2022-02-20 18:02:34,053 INFO L272 TraceCheckUtils]: 45: Hoare triple {370#false} call sendEmail(~bob~0, ~rjh~0); {370#false} is VALID [2022-02-20 18:02:34,053 INFO L290 TraceCheckUtils]: 46: Hoare triple {370#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {370#false} is VALID [2022-02-20 18:02:34,053 INFO L272 TraceCheckUtils]: 47: Hoare triple {370#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {370#false} is VALID [2022-02-20 18:02:34,053 INFO L290 TraceCheckUtils]: 48: Hoare triple {370#false} ~handle := #in~handle;~value := #in~value; {370#false} is VALID [2022-02-20 18:02:34,053 INFO L290 TraceCheckUtils]: 49: Hoare triple {370#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L290 TraceCheckUtils]: 50: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {370#false} {370#false} #1050#return; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L272 TraceCheckUtils]: 52: Hoare triple {370#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {370#false} is VALID [2022-02-20 18:02:34,054 INFO L290 TraceCheckUtils]: 53: Hoare triple {370#false} ~handle := #in~handle;~value := #in~value; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L290 TraceCheckUtils]: 54: Hoare triple {370#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L290 TraceCheckUtils]: 55: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {370#false} {370#false} #1052#return; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L290 TraceCheckUtils]: 57: Hoare triple {370#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L290 TraceCheckUtils]: 58: Hoare triple {370#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {370#false} is VALID [2022-02-20 18:02:34,054 INFO L272 TraceCheckUtils]: 59: Hoare triple {370#false} call outgoing(~sender#1, ~email~0#1); {370#false} is VALID [2022-02-20 18:02:34,054 INFO L290 TraceCheckUtils]: 60: Hoare triple {370#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {370#false} is VALID [2022-02-20 18:02:34,055 INFO L272 TraceCheckUtils]: 61: Hoare triple {370#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {370#false} is VALID [2022-02-20 18:02:34,055 INFO L290 TraceCheckUtils]: 62: Hoare triple {370#false} ~handle := #in~handle;havoc ~retValue_acc~36; {370#false} is VALID [2022-02-20 18:02:34,055 INFO L290 TraceCheckUtils]: 63: Hoare triple {370#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {370#false} is VALID [2022-02-20 18:02:34,055 INFO L290 TraceCheckUtils]: 64: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,055 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {370#false} {370#false} #994#return; {370#false} is VALID [2022-02-20 18:02:34,059 INFO L290 TraceCheckUtils]: 66: Hoare triple {370#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {370#false} is VALID [2022-02-20 18:02:34,059 INFO L290 TraceCheckUtils]: 67: Hoare triple {370#false} assume 0 == sign_~privkey~1#1; {370#false} is VALID [2022-02-20 18:02:34,059 INFO L290 TraceCheckUtils]: 68: Hoare triple {370#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {370#false} is VALID [2022-02-20 18:02:34,059 INFO L272 TraceCheckUtils]: 69: Hoare triple {370#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {370#false} is VALID [2022-02-20 18:02:34,059 INFO L290 TraceCheckUtils]: 70: Hoare triple {370#false} ~handle := #in~handle;havoc ~retValue_acc~9; {370#false} is VALID [2022-02-20 18:02:34,059 INFO L290 TraceCheckUtils]: 71: Hoare triple {370#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {370#false} is VALID [2022-02-20 18:02:34,059 INFO L290 TraceCheckUtils]: 72: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {370#false} {370#false} #996#return; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L290 TraceCheckUtils]: 74: Hoare triple {370#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L272 TraceCheckUtils]: 75: Hoare triple {370#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {370#false} is VALID [2022-02-20 18:02:34,060 INFO L290 TraceCheckUtils]: 76: Hoare triple {370#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L290 TraceCheckUtils]: 77: Hoare triple {370#false} assume 1 == ~handle; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L290 TraceCheckUtils]: 78: Hoare triple {370#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L290 TraceCheckUtils]: 79: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {370#false} {370#false} #998#return; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L290 TraceCheckUtils]: 81: Hoare triple {370#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {370#false} is VALID [2022-02-20 18:02:34,060 INFO L290 TraceCheckUtils]: 82: Hoare triple {370#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {370#false} is VALID [2022-02-20 18:02:34,060 INFO L290 TraceCheckUtils]: 83: Hoare triple {370#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L290 TraceCheckUtils]: 84: Hoare triple {370#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L290 TraceCheckUtils]: 85: Hoare triple {370#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L272 TraceCheckUtils]: 86: Hoare triple {370#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {370#false} is VALID [2022-02-20 18:02:34,061 INFO L290 TraceCheckUtils]: 87: Hoare triple {370#false} ~handle := #in~handle;~value := #in~value; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L290 TraceCheckUtils]: 88: Hoare triple {370#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L290 TraceCheckUtils]: 89: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {370#false} {370#false} #1004#return; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L290 TraceCheckUtils]: 91: Hoare triple {370#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L272 TraceCheckUtils]: 92: Hoare triple {370#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {370#false} is VALID [2022-02-20 18:02:34,061 INFO L290 TraceCheckUtils]: 93: Hoare triple {370#false} ~handle := #in~handle;havoc ~retValue_acc~9; {370#false} is VALID [2022-02-20 18:02:34,061 INFO L290 TraceCheckUtils]: 94: Hoare triple {370#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {370#false} is VALID [2022-02-20 18:02:34,062 INFO L290 TraceCheckUtils]: 95: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,062 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {370#false} {370#false} #1006#return; {370#false} is VALID [2022-02-20 18:02:34,062 INFO L290 TraceCheckUtils]: 97: Hoare triple {370#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {370#false} is VALID [2022-02-20 18:02:34,062 INFO L272 TraceCheckUtils]: 98: Hoare triple {370#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {370#false} is VALID [2022-02-20 18:02:34,062 INFO L290 TraceCheckUtils]: 99: Hoare triple {370#false} ~handle := #in~handle;havoc ~retValue_acc~36; {370#false} is VALID [2022-02-20 18:02:34,073 INFO L290 TraceCheckUtils]: 100: Hoare triple {370#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {370#false} is VALID [2022-02-20 18:02:34,073 INFO L290 TraceCheckUtils]: 101: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,074 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {370#false} {370#false} #1008#return; {370#false} is VALID [2022-02-20 18:02:34,074 INFO L290 TraceCheckUtils]: 103: Hoare triple {370#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {370#false} is VALID [2022-02-20 18:02:34,074 INFO L290 TraceCheckUtils]: 104: Hoare triple {370#false} assume !(0 != incoming_~privkey~0#1); {370#false} is VALID [2022-02-20 18:02:34,074 INFO L290 TraceCheckUtils]: 105: Hoare triple {370#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {370#false} is VALID [2022-02-20 18:02:34,074 INFO L272 TraceCheckUtils]: 106: Hoare triple {370#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {370#false} is VALID [2022-02-20 18:02:34,074 INFO L290 TraceCheckUtils]: 107: Hoare triple {370#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {370#false} is VALID [2022-02-20 18:02:34,074 INFO L272 TraceCheckUtils]: 108: Hoare triple {370#false} call #t~ret88#1 := isEncrypted(~msg#1); {370#false} is VALID [2022-02-20 18:02:34,074 INFO L290 TraceCheckUtils]: 109: Hoare triple {370#false} ~handle := #in~handle;havoc ~retValue_acc~12; {370#false} is VALID [2022-02-20 18:02:34,074 INFO L290 TraceCheckUtils]: 110: Hoare triple {370#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {370#false} is VALID [2022-02-20 18:02:34,074 INFO L290 TraceCheckUtils]: 111: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,075 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {370#false} {370#false} #1108#return; {370#false} is VALID [2022-02-20 18:02:34,076 INFO L290 TraceCheckUtils]: 113: Hoare triple {370#false} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {370#false} is VALID [2022-02-20 18:02:34,076 INFO L290 TraceCheckUtils]: 114: Hoare triple {370#false} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {370#false} is VALID [2022-02-20 18:02:34,076 INFO L290 TraceCheckUtils]: 115: Hoare triple {370#false} assume true; {370#false} is VALID [2022-02-20 18:02:34,077 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {370#false} {370#false} #1020#return; {370#false} is VALID [2022-02-20 18:02:34,077 INFO L290 TraceCheckUtils]: 117: Hoare triple {370#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {370#false} is VALID [2022-02-20 18:02:34,077 INFO L290 TraceCheckUtils]: 118: Hoare triple {370#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {370#false} is VALID [2022-02-20 18:02:34,077 INFO L290 TraceCheckUtils]: 119: Hoare triple {370#false} assume !false; {370#false} is VALID [2022-02-20 18:02:34,077 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 18:02:34,077 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:34,078 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1656246164] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:34,078 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:34,078 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:02:34,079 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1062415303] [2022-02-20 18:02:34,080 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:34,084 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) Word has length 120 [2022-02-20 18:02:34,085 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:34,087 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:34,157 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:34,157 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:02:34,158 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:34,171 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:02:34,172 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:34,175 INFO L87 Difference]: Start difference. First operand has 366 states, 283 states have (on average 1.5017667844522968) internal successors, (425), 287 states have internal predecessors, (425), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (58), 58 states have call predecessors, (58), 58 states have call successors, (58) Second operand has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:34,506 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:34,506 INFO L93 Difference]: Finished difference Result 578 states and 836 transitions. [2022-02-20 18:02:34,506 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:02:34,507 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) Word has length 120 [2022-02-20 18:02:34,507 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:34,508 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:34,536 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 836 transitions. [2022-02-20 18:02:34,536 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:34,550 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 836 transitions. [2022-02-20 18:02:34,550 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 836 transitions. [2022-02-20 18:02:35,201 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 836 edges. 836 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:35,224 INFO L225 Difference]: With dead ends: 578 [2022-02-20 18:02:35,224 INFO L226 Difference]: Without dead ends: 359 [2022-02-20 18:02:35,228 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 155 GetRequests, 148 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:35,231 INFO L933 BasicCegarLoop]: 537 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 537 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:35,231 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 537 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:35,244 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 359 states. [2022-02-20 18:02:35,269 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 359 to 359. [2022-02-20 18:02:35,269 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:35,271 INFO L82 GeneralOperation]: Start isEquivalent. First operand 359 states. Second operand has 359 states, 277 states have (on average 1.4945848375451263) internal successors, (414), 280 states have internal predecessors, (414), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) [2022-02-20 18:02:35,273 INFO L74 IsIncluded]: Start isIncluded. First operand 359 states. Second operand has 359 states, 277 states have (on average 1.4945848375451263) internal successors, (414), 280 states have internal predecessors, (414), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) [2022-02-20 18:02:35,274 INFO L87 Difference]: Start difference. First operand 359 states. Second operand has 359 states, 277 states have (on average 1.4945848375451263) internal successors, (414), 280 states have internal predecessors, (414), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) [2022-02-20 18:02:35,297 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:35,297 INFO L93 Difference]: Finished difference Result 359 states and 529 transitions. [2022-02-20 18:02:35,297 INFO L276 IsEmpty]: Start isEmpty. Operand 359 states and 529 transitions. [2022-02-20 18:02:35,300 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:35,300 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:35,302 INFO L74 IsIncluded]: Start isIncluded. First operand has 359 states, 277 states have (on average 1.4945848375451263) internal successors, (414), 280 states have internal predecessors, (414), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) Second operand 359 states. [2022-02-20 18:02:35,302 INFO L87 Difference]: Start difference. First operand has 359 states, 277 states have (on average 1.4945848375451263) internal successors, (414), 280 states have internal predecessors, (414), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) Second operand 359 states. [2022-02-20 18:02:35,329 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:35,330 INFO L93 Difference]: Finished difference Result 359 states and 529 transitions. [2022-02-20 18:02:35,330 INFO L276 IsEmpty]: Start isEmpty. Operand 359 states and 529 transitions. [2022-02-20 18:02:35,331 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:35,331 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:35,332 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:35,332 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:35,333 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 359 states, 277 states have (on average 1.4945848375451263) internal successors, (414), 280 states have internal predecessors, (414), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) [2022-02-20 18:02:35,351 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 359 states to 359 states and 529 transitions. [2022-02-20 18:02:35,353 INFO L78 Accepts]: Start accepts. Automaton has 359 states and 529 transitions. Word has length 120 [2022-02-20 18:02:35,353 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:35,353 INFO L470 AbstractCegarLoop]: Abstraction has 359 states and 529 transitions. [2022-02-20 18:02:35,354 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 32.5) internal successors, (65), 2 states have internal predecessors, (65), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:35,354 INFO L276 IsEmpty]: Start isEmpty. Operand 359 states and 529 transitions. [2022-02-20 18:02:35,356 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 122 [2022-02-20 18:02:35,356 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:35,357 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:35,382 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:35,559 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:02:35,560 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:35,560 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:35,560 INFO L85 PathProgramCache]: Analyzing trace with hash 1463241793, now seen corresponding path program 1 times [2022-02-20 18:02:35,560 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:35,560 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1132978430] [2022-02-20 18:02:35,560 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:35,561 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:35,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,676 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:35,680 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,685 INFO L290 TraceCheckUtils]: 0: Hoare triple {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,686 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,686 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2836#true} #1064#return; {2836#true} is VALID [2022-02-20 18:02:35,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:35,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,697 INFO L290 TraceCheckUtils]: 0: Hoare triple {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,697 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,697 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,697 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2836#true} #1066#return; {2836#true} is VALID [2022-02-20 18:02:35,698 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:35,700 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,712 INFO L290 TraceCheckUtils]: 0: Hoare triple {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2908#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:35,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {2908#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2909#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {2909#(= |setClientId_#in~handle| 1)} assume true; {2909#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,714 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2909#(= |setClientId_#in~handle| 1)} {2846#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1068#return; {2837#false} is VALID [2022-02-20 18:02:35,714 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:35,715 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,718 INFO L290 TraceCheckUtils]: 0: Hoare triple {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,718 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,718 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,718 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #1070#return; {2837#false} is VALID [2022-02-20 18:02:35,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:35,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,722 INFO L290 TraceCheckUtils]: 0: Hoare triple {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,722 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #1072#return; {2837#false} is VALID [2022-02-20 18:02:35,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:35,724 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,726 INFO L290 TraceCheckUtils]: 0: Hoare triple {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,726 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,727 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #1074#return; {2837#false} is VALID [2022-02-20 18:02:35,734 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:02:35,735 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {2910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,738 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #1050#return; {2837#false} is VALID [2022-02-20 18:02:35,745 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:02:35,746 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,747 INFO L290 TraceCheckUtils]: 0: Hoare triple {2911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,748 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,748 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #1052#return; {2837#false} is VALID [2022-02-20 18:02:35,748 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:02:35,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,750 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2836#true} is VALID [2022-02-20 18:02:35,751 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {2836#true} is VALID [2022-02-20 18:02:35,751 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,751 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #994#return; {2837#false} is VALID [2022-02-20 18:02:35,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:02:35,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,755 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2836#true} is VALID [2022-02-20 18:02:35,755 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {2836#true} is VALID [2022-02-20 18:02:35,755 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,755 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #996#return; {2837#false} is VALID [2022-02-20 18:02:35,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:02:35,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,764 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {2836#true} is VALID [2022-02-20 18:02:35,764 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle; {2836#true} is VALID [2022-02-20 18:02:35,764 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {2836#true} is VALID [2022-02-20 18:02:35,764 INFO L290 TraceCheckUtils]: 3: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,764 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2836#true} {2837#false} #998#return; {2837#false} is VALID [2022-02-20 18:02:35,764 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:02:35,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,767 INFO L290 TraceCheckUtils]: 0: Hoare triple {2910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,768 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,768 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #1004#return; {2837#false} is VALID [2022-02-20 18:02:35,768 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:02:35,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,770 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2836#true} is VALID [2022-02-20 18:02:35,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {2836#true} is VALID [2022-02-20 18:02:35,771 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,771 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #1006#return; {2837#false} is VALID [2022-02-20 18:02:35,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:02:35,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2836#true} is VALID [2022-02-20 18:02:35,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {2836#true} is VALID [2022-02-20 18:02:35,774 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,774 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2837#false} #1008#return; {2837#false} is VALID [2022-02-20 18:02:35,775 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:02:35,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:35,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:35,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2836#true} is VALID [2022-02-20 18:02:35,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {2836#true} is VALID [2022-02-20 18:02:35,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,785 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2836#true} {2836#true} #1108#return; {2836#true} is VALID [2022-02-20 18:02:35,785 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {2836#true} is VALID [2022-02-20 18:02:35,785 INFO L272 TraceCheckUtils]: 1: Hoare triple {2836#true} call #t~ret88#1 := isEncrypted(~msg#1); {2836#true} is VALID [2022-02-20 18:02:35,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2836#true} is VALID [2022-02-20 18:02:35,785 INFO L290 TraceCheckUtils]: 3: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {2836#true} is VALID [2022-02-20 18:02:35,785 INFO L290 TraceCheckUtils]: 4: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,786 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {2836#true} {2836#true} #1108#return; {2836#true} is VALID [2022-02-20 18:02:35,786 INFO L290 TraceCheckUtils]: 6: Hoare triple {2836#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {2836#true} is VALID [2022-02-20 18:02:35,786 INFO L290 TraceCheckUtils]: 7: Hoare triple {2836#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {2836#true} is VALID [2022-02-20 18:02:35,786 INFO L290 TraceCheckUtils]: 8: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,786 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {2836#true} {2837#false} #1020#return; {2837#false} is VALID [2022-02-20 18:02:35,786 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2836#true} is VALID [2022-02-20 18:02:35,786 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2836#true} is VALID [2022-02-20 18:02:35,787 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2836#true} is VALID [2022-02-20 18:02:35,787 INFO L290 TraceCheckUtils]: 3: Hoare triple {2836#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {2836#true} is VALID [2022-02-20 18:02:35,787 INFO L290 TraceCheckUtils]: 4: Hoare triple {2836#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2836#true} is VALID [2022-02-20 18:02:35,787 INFO L290 TraceCheckUtils]: 5: Hoare triple {2836#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2836#true} is VALID [2022-02-20 18:02:35,788 INFO L272 TraceCheckUtils]: 6: Hoare triple {2836#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,788 INFO L290 TraceCheckUtils]: 7: Hoare triple {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,788 INFO L290 TraceCheckUtils]: 8: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,788 INFO L290 TraceCheckUtils]: 9: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,788 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2836#true} {2836#true} #1064#return; {2836#true} is VALID [2022-02-20 18:02:35,788 INFO L290 TraceCheckUtils]: 11: Hoare triple {2836#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2836#true} is VALID [2022-02-20 18:02:35,789 INFO L272 TraceCheckUtils]: 12: Hoare triple {2836#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,789 INFO L290 TraceCheckUtils]: 13: Hoare triple {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,790 INFO L290 TraceCheckUtils]: 14: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,790 INFO L290 TraceCheckUtils]: 15: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,790 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2836#true} {2836#true} #1066#return; {2836#true} is VALID [2022-02-20 18:02:35,790 INFO L290 TraceCheckUtils]: 17: Hoare triple {2836#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2846#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:35,807 INFO L272 TraceCheckUtils]: 18: Hoare triple {2846#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,808 INFO L290 TraceCheckUtils]: 19: Hoare triple {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2908#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:35,808 INFO L290 TraceCheckUtils]: 20: Hoare triple {2908#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2909#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,808 INFO L290 TraceCheckUtils]: 21: Hoare triple {2909#(= |setClientId_#in~handle| 1)} assume true; {2909#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:35,809 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2909#(= |setClientId_#in~handle| 1)} {2846#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1068#return; {2837#false} is VALID [2022-02-20 18:02:35,809 INFO L290 TraceCheckUtils]: 23: Hoare triple {2837#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2837#false} is VALID [2022-02-20 18:02:35,809 INFO L272 TraceCheckUtils]: 24: Hoare triple {2837#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,809 INFO L290 TraceCheckUtils]: 25: Hoare triple {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,809 INFO L290 TraceCheckUtils]: 26: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,809 INFO L290 TraceCheckUtils]: 27: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,809 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2836#true} {2837#false} #1070#return; {2837#false} is VALID [2022-02-20 18:02:35,809 INFO L290 TraceCheckUtils]: 29: Hoare triple {2837#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2837#false} is VALID [2022-02-20 18:02:35,809 INFO L272 TraceCheckUtils]: 30: Hoare triple {2837#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:35,809 INFO L290 TraceCheckUtils]: 31: Hoare triple {2906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,809 INFO L290 TraceCheckUtils]: 32: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,809 INFO L290 TraceCheckUtils]: 33: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,810 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2836#true} {2837#false} #1072#return; {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 35: Hoare triple {2837#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L272 TraceCheckUtils]: 36: Hoare triple {2837#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 37: Hoare triple {2907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 38: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 39: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,810 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2836#true} {2837#false} #1074#return; {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 41: Hoare triple {2837#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 42: Hoare triple {2837#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 43: Hoare triple {2837#false} assume !false; {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 44: Hoare triple {2837#false} assume !(test_~splverifierCounter~0#1 < 4); {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 45: Hoare triple {2837#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L272 TraceCheckUtils]: 46: Hoare triple {2837#false} call sendEmail(~bob~0, ~rjh~0); {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L290 TraceCheckUtils]: 47: Hoare triple {2837#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2837#false} is VALID [2022-02-20 18:02:35,810 INFO L272 TraceCheckUtils]: 48: Hoare triple {2837#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 49: Hoare triple {2910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 50: Hoare triple {2836#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 51: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2836#true} {2837#false} #1050#return; {2837#false} is VALID [2022-02-20 18:02:35,811 INFO L272 TraceCheckUtils]: 53: Hoare triple {2837#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 54: Hoare triple {2911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 55: Hoare triple {2836#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 56: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2836#true} {2837#false} #1052#return; {2837#false} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 58: Hoare triple {2837#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {2837#false} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 59: Hoare triple {2837#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {2837#false} is VALID [2022-02-20 18:02:35,811 INFO L272 TraceCheckUtils]: 60: Hoare triple {2837#false} call outgoing(~sender#1, ~email~0#1); {2837#false} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 61: Hoare triple {2837#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {2837#false} is VALID [2022-02-20 18:02:35,811 INFO L272 TraceCheckUtils]: 62: Hoare triple {2837#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 63: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 64: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {2836#true} is VALID [2022-02-20 18:02:35,811 INFO L290 TraceCheckUtils]: 65: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2836#true} {2837#false} #994#return; {2837#false} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 67: Hoare triple {2837#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {2837#false} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 68: Hoare triple {2837#false} assume 0 == sign_~privkey~1#1; {2837#false} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 69: Hoare triple {2837#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {2837#false} is VALID [2022-02-20 18:02:35,812 INFO L272 TraceCheckUtils]: 70: Hoare triple {2837#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 71: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 72: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 73: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2836#true} {2837#false} #996#return; {2837#false} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 75: Hoare triple {2837#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {2837#false} is VALID [2022-02-20 18:02:35,812 INFO L272 TraceCheckUtils]: 76: Hoare triple {2837#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 77: Hoare triple {2836#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 78: Hoare triple {2836#true} assume 1 == ~handle; {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 79: Hoare triple {2836#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L290 TraceCheckUtils]: 80: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,812 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2836#true} {2837#false} #998#return; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 82: Hoare triple {2837#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 83: Hoare triple {2837#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 84: Hoare triple {2837#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 85: Hoare triple {2837#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 86: Hoare triple {2837#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L272 TraceCheckUtils]: 87: Hoare triple {2837#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {2910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 88: Hoare triple {2910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 89: Hoare triple {2836#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 90: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,813 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2836#true} {2837#false} #1004#return; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 92: Hoare triple {2837#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L272 TraceCheckUtils]: 93: Hoare triple {2837#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {2836#true} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 94: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2836#true} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 95: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {2836#true} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 96: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,813 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {2836#true} {2837#false} #1006#return; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L290 TraceCheckUtils]: 98: Hoare triple {2837#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {2837#false} is VALID [2022-02-20 18:02:35,813 INFO L272 TraceCheckUtils]: 99: Hoare triple {2837#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 100: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 101: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 102: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {2836#true} {2837#false} #1008#return; {2837#false} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 104: Hoare triple {2837#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {2837#false} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 105: Hoare triple {2837#false} assume !(0 != incoming_~privkey~0#1); {2837#false} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 106: Hoare triple {2837#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {2837#false} is VALID [2022-02-20 18:02:35,814 INFO L272 TraceCheckUtils]: 107: Hoare triple {2837#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 108: Hoare triple {2836#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L272 TraceCheckUtils]: 109: Hoare triple {2836#true} call #t~ret88#1 := isEncrypted(~msg#1); {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 110: Hoare triple {2836#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 111: Hoare triple {2836#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 112: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {2836#true} {2836#true} #1108#return; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 114: Hoare triple {2836#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {2836#true} is VALID [2022-02-20 18:02:35,814 INFO L290 TraceCheckUtils]: 115: Hoare triple {2836#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {2836#true} is VALID [2022-02-20 18:02:35,815 INFO L290 TraceCheckUtils]: 116: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:35,815 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {2836#true} {2837#false} #1020#return; {2837#false} is VALID [2022-02-20 18:02:35,815 INFO L290 TraceCheckUtils]: 118: Hoare triple {2837#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {2837#false} is VALID [2022-02-20 18:02:35,815 INFO L290 TraceCheckUtils]: 119: Hoare triple {2837#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {2837#false} is VALID [2022-02-20 18:02:35,815 INFO L290 TraceCheckUtils]: 120: Hoare triple {2837#false} assume !false; {2837#false} is VALID [2022-02-20 18:02:35,815 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:02:35,815 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:35,815 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1132978430] [2022-02-20 18:02:35,816 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1132978430] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:35,816 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1417427313] [2022-02-20 18:02:35,816 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:35,816 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:35,816 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:35,842 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:35,879 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:02:36,090 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:36,094 INFO L263 TraceCheckSpWp]: Trace formula consists of 1116 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:02:36,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:36,178 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:36,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {2836#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2836#true} is VALID [2022-02-20 18:02:36,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {2836#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2836#true} is VALID [2022-02-20 18:02:36,463 INFO L290 TraceCheckUtils]: 2: Hoare triple {2836#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2836#true} is VALID [2022-02-20 18:02:36,463 INFO L290 TraceCheckUtils]: 3: Hoare triple {2836#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {2836#true} is VALID [2022-02-20 18:02:36,463 INFO L290 TraceCheckUtils]: 4: Hoare triple {2836#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2836#true} is VALID [2022-02-20 18:02:36,463 INFO L290 TraceCheckUtils]: 5: Hoare triple {2836#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2836#true} is VALID [2022-02-20 18:02:36,463 INFO L272 TraceCheckUtils]: 6: Hoare triple {2836#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2836#true} is VALID [2022-02-20 18:02:36,463 INFO L290 TraceCheckUtils]: 7: Hoare triple {2836#true} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:36,463 INFO L290 TraceCheckUtils]: 8: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L290 TraceCheckUtils]: 9: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2836#true} {2836#true} #1064#return; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L290 TraceCheckUtils]: 11: Hoare triple {2836#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L272 TraceCheckUtils]: 12: Hoare triple {2836#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L290 TraceCheckUtils]: 13: Hoare triple {2836#true} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L290 TraceCheckUtils]: 14: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L290 TraceCheckUtils]: 15: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2836#true} {2836#true} #1066#return; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L290 TraceCheckUtils]: 17: Hoare triple {2836#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2836#true} is VALID [2022-02-20 18:02:36,464 INFO L272 TraceCheckUtils]: 18: Hoare triple {2836#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2836#true} is VALID [2022-02-20 18:02:36,466 INFO L290 TraceCheckUtils]: 19: Hoare triple {2836#true} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:36,466 INFO L290 TraceCheckUtils]: 20: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 21: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2836#true} {2836#true} #1068#return; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 23: Hoare triple {2836#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L272 TraceCheckUtils]: 24: Hoare triple {2836#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 25: Hoare triple {2836#true} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 26: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 27: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2836#true} {2836#true} #1070#return; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 29: Hoare triple {2836#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L272 TraceCheckUtils]: 30: Hoare triple {2836#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 31: Hoare triple {2836#true} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 32: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 33: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2836#true} {2836#true} #1072#return; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 35: Hoare triple {2836#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L272 TraceCheckUtils]: 36: Hoare triple {2836#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 37: Hoare triple {2836#true} ~handle := #in~handle;~value := #in~value; {2836#true} is VALID [2022-02-20 18:02:36,467 INFO L290 TraceCheckUtils]: 38: Hoare triple {2836#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2836#true} is VALID [2022-02-20 18:02:36,468 INFO L290 TraceCheckUtils]: 39: Hoare triple {2836#true} assume true; {2836#true} is VALID [2022-02-20 18:02:36,468 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2836#true} {2836#true} #1074#return; {2836#true} is VALID [2022-02-20 18:02:36,468 INFO L290 TraceCheckUtils]: 41: Hoare triple {2836#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2836#true} is VALID [2022-02-20 18:02:36,468 INFO L290 TraceCheckUtils]: 42: Hoare triple {2836#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3045#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:36,469 INFO L290 TraceCheckUtils]: 43: Hoare triple {3045#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3045#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:02:36,469 INFO L290 TraceCheckUtils]: 44: Hoare triple {3045#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L290 TraceCheckUtils]: 45: Hoare triple {2837#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L272 TraceCheckUtils]: 46: Hoare triple {2837#false} call sendEmail(~bob~0, ~rjh~0); {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L290 TraceCheckUtils]: 47: Hoare triple {2837#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L272 TraceCheckUtils]: 48: Hoare triple {2837#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L290 TraceCheckUtils]: 49: Hoare triple {2837#false} ~handle := #in~handle;~value := #in~value; {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L290 TraceCheckUtils]: 50: Hoare triple {2837#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L290 TraceCheckUtils]: 51: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2837#false} {2837#false} #1050#return; {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L272 TraceCheckUtils]: 53: Hoare triple {2837#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2837#false} is VALID [2022-02-20 18:02:36,469 INFO L290 TraceCheckUtils]: 54: Hoare triple {2837#false} ~handle := #in~handle;~value := #in~value; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 55: Hoare triple {2837#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 56: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2837#false} {2837#false} #1052#return; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 58: Hoare triple {2837#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 59: Hoare triple {2837#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L272 TraceCheckUtils]: 60: Hoare triple {2837#false} call outgoing(~sender#1, ~email~0#1); {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 61: Hoare triple {2837#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L272 TraceCheckUtils]: 62: Hoare triple {2837#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 63: Hoare triple {2837#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 64: Hoare triple {2837#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 65: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2837#false} {2837#false} #994#return; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 67: Hoare triple {2837#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 68: Hoare triple {2837#false} assume 0 == sign_~privkey~1#1; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 69: Hoare triple {2837#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L272 TraceCheckUtils]: 70: Hoare triple {2837#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 71: Hoare triple {2837#false} ~handle := #in~handle;havoc ~retValue_acc~9; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 72: Hoare triple {2837#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {2837#false} is VALID [2022-02-20 18:02:36,470 INFO L290 TraceCheckUtils]: 73: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2837#false} {2837#false} #996#return; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 75: Hoare triple {2837#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L272 TraceCheckUtils]: 76: Hoare triple {2837#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 77: Hoare triple {2837#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 78: Hoare triple {2837#false} assume 1 == ~handle; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 79: Hoare triple {2837#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 80: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2837#false} {2837#false} #998#return; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 82: Hoare triple {2837#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 83: Hoare triple {2837#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 84: Hoare triple {2837#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 85: Hoare triple {2837#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 86: Hoare triple {2837#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L272 TraceCheckUtils]: 87: Hoare triple {2837#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 88: Hoare triple {2837#false} ~handle := #in~handle;~value := #in~value; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 89: Hoare triple {2837#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 90: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2837#false} {2837#false} #1004#return; {2837#false} is VALID [2022-02-20 18:02:36,471 INFO L290 TraceCheckUtils]: 92: Hoare triple {2837#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L272 TraceCheckUtils]: 93: Hoare triple {2837#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 94: Hoare triple {2837#false} ~handle := #in~handle;havoc ~retValue_acc~9; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 95: Hoare triple {2837#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 96: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {2837#false} {2837#false} #1006#return; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 98: Hoare triple {2837#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L272 TraceCheckUtils]: 99: Hoare triple {2837#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 100: Hoare triple {2837#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 101: Hoare triple {2837#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 102: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {2837#false} {2837#false} #1008#return; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 104: Hoare triple {2837#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 105: Hoare triple {2837#false} assume !(0 != incoming_~privkey~0#1); {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 106: Hoare triple {2837#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L272 TraceCheckUtils]: 107: Hoare triple {2837#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 108: Hoare triple {2837#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L272 TraceCheckUtils]: 109: Hoare triple {2837#false} call #t~ret88#1 := isEncrypted(~msg#1); {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 110: Hoare triple {2837#false} ~handle := #in~handle;havoc ~retValue_acc~12; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 111: Hoare triple {2837#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {2837#false} is VALID [2022-02-20 18:02:36,472 INFO L290 TraceCheckUtils]: 112: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {2837#false} {2837#false} #1108#return; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L290 TraceCheckUtils]: 114: Hoare triple {2837#false} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L290 TraceCheckUtils]: 115: Hoare triple {2837#false} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L290 TraceCheckUtils]: 116: Hoare triple {2837#false} assume true; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {2837#false} {2837#false} #1020#return; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L290 TraceCheckUtils]: 118: Hoare triple {2837#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L290 TraceCheckUtils]: 119: Hoare triple {2837#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L290 TraceCheckUtils]: 120: Hoare triple {2837#false} assume !false; {2837#false} is VALID [2022-02-20 18:02:36,473 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 18:02:36,473 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:36,473 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1417427313] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:36,473 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:36,474 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:02:36,474 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [26722668] [2022-02-20 18:02:36,474 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:36,475 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) Word has length 121 [2022-02-20 18:02:36,475 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:36,475 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:36,535 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:36,535 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:02:36,535 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:36,536 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:02:36,536 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:36,536 INFO L87 Difference]: Start difference. First operand 359 states and 529 transitions. Second operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:36,952 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:36,952 INFO L93 Difference]: Finished difference Result 568 states and 817 transitions. [2022-02-20 18:02:36,952 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:36,952 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) Word has length 121 [2022-02-20 18:02:36,952 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:36,953 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:36,962 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 817 transitions. [2022-02-20 18:02:36,962 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:36,972 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 817 transitions. [2022-02-20 18:02:36,972 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 817 transitions. [2022-02-20 18:02:37,517 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 817 edges. 817 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:37,526 INFO L225 Difference]: With dead ends: 568 [2022-02-20 18:02:37,527 INFO L226 Difference]: Without dead ends: 362 [2022-02-20 18:02:37,527 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 156 GetRequests, 148 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:37,533 INFO L933 BasicCegarLoop]: 527 mSDtfsCounter, 1 mSDsluCounter, 525 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1052 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:37,533 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1052 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:37,536 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 362 states. [2022-02-20 18:02:37,554 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 362 to 361. [2022-02-20 18:02:37,554 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:37,555 INFO L82 GeneralOperation]: Start isEquivalent. First operand 362 states. Second operand has 361 states, 279 states have (on average 1.4910394265232976) internal successors, (416), 282 states have internal predecessors, (416), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) [2022-02-20 18:02:37,556 INFO L74 IsIncluded]: Start isIncluded. First operand 362 states. Second operand has 361 states, 279 states have (on average 1.4910394265232976) internal successors, (416), 282 states have internal predecessors, (416), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) [2022-02-20 18:02:37,557 INFO L87 Difference]: Start difference. First operand 362 states. Second operand has 361 states, 279 states have (on average 1.4910394265232976) internal successors, (416), 282 states have internal predecessors, (416), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) [2022-02-20 18:02:37,580 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:37,580 INFO L93 Difference]: Finished difference Result 362 states and 532 transitions. [2022-02-20 18:02:37,580 INFO L276 IsEmpty]: Start isEmpty. Operand 362 states and 532 transitions. [2022-02-20 18:02:37,581 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:37,581 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:37,582 INFO L74 IsIncluded]: Start isIncluded. First operand has 361 states, 279 states have (on average 1.4910394265232976) internal successors, (416), 282 states have internal predecessors, (416), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) Second operand 362 states. [2022-02-20 18:02:37,583 INFO L87 Difference]: Start difference. First operand has 361 states, 279 states have (on average 1.4910394265232976) internal successors, (416), 282 states have internal predecessors, (416), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) Second operand 362 states. [2022-02-20 18:02:37,599 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:37,599 INFO L93 Difference]: Finished difference Result 362 states and 532 transitions. [2022-02-20 18:02:37,599 INFO L276 IsEmpty]: Start isEmpty. Operand 362 states and 532 transitions. [2022-02-20 18:02:37,600 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:37,600 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:37,600 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:37,600 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:37,601 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 361 states, 279 states have (on average 1.4910394265232976) internal successors, (416), 282 states have internal predecessors, (416), 58 states have call successors, (58), 23 states have call predecessors, (58), 23 states have return successors, (57), 57 states have call predecessors, (57), 57 states have call successors, (57) [2022-02-20 18:02:37,612 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 361 states to 361 states and 531 transitions. [2022-02-20 18:02:37,613 INFO L78 Accepts]: Start accepts. Automaton has 361 states and 531 transitions. Word has length 121 [2022-02-20 18:02:37,613 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:37,613 INFO L470 AbstractCegarLoop]: Abstraction has 361 states and 531 transitions. [2022-02-20 18:02:37,613 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:37,613 INFO L276 IsEmpty]: Start isEmpty. Operand 361 states and 531 transitions. [2022-02-20 18:02:37,615 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2022-02-20 18:02:37,615 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:37,615 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:37,635 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:37,822 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:02:37,822 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:37,823 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:37,823 INFO L85 PathProgramCache]: Analyzing trace with hash 473633432, now seen corresponding path program 1 times [2022-02-20 18:02:37,823 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:37,823 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [901219704] [2022-02-20 18:02:37,823 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:37,823 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:37,871 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:37,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:37,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:37,910 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,910 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5300#true} #1064#return; {5300#true} is VALID [2022-02-20 18:02:37,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:37,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:37,921 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:37,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,921 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5300#true} #1066#return; {5300#true} is VALID [2022-02-20 18:02:37,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:37,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5372#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:37,936 INFO L290 TraceCheckUtils]: 1: Hoare triple {5372#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5373#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:37,936 INFO L290 TraceCheckUtils]: 2: Hoare triple {5373#(= |setClientId_#in~handle| 1)} assume true; {5373#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:37,936 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5373#(= |setClientId_#in~handle| 1)} {5310#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1068#return; {5301#false} is VALID [2022-02-20 18:02:37,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:37,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,941 INFO L290 TraceCheckUtils]: 0: Hoare triple {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:37,941 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:37,941 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,941 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #1070#return; {5301#false} is VALID [2022-02-20 18:02:37,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:37,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:37,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:37,946 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,947 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #1072#return; {5301#false} is VALID [2022-02-20 18:02:37,947 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:37,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,951 INFO L290 TraceCheckUtils]: 0: Hoare triple {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:37,951 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:37,951 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,951 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #1074#return; {5301#false} is VALID [2022-02-20 18:02:37,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 18:02:37,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {5374#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:37,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:37,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,960 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #1050#return; {5301#false} is VALID [2022-02-20 18:02:37,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:02:37,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,971 INFO L290 TraceCheckUtils]: 0: Hoare triple {5375#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:37,971 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:37,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,971 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #1052#return; {5301#false} is VALID [2022-02-20 18:02:37,971 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:02:37,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,974 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5300#true} is VALID [2022-02-20 18:02:37,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {5300#true} is VALID [2022-02-20 18:02:37,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,975 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #994#return; {5301#false} is VALID [2022-02-20 18:02:37,975 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:02:37,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~9; {5300#true} is VALID [2022-02-20 18:02:37,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {5300#true} is VALID [2022-02-20 18:02:37,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,979 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #996#return; {5301#false} is VALID [2022-02-20 18:02:37,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:02:37,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,983 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {5300#true} is VALID [2022-02-20 18:02:37,983 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle; {5300#true} is VALID [2022-02-20 18:02:37,983 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {5300#true} is VALID [2022-02-20 18:02:37,983 INFO L290 TraceCheckUtils]: 3: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,983 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5300#true} {5301#false} #998#return; {5301#false} is VALID [2022-02-20 18:02:37,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:02:37,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,986 INFO L290 TraceCheckUtils]: 0: Hoare triple {5374#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:37,986 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:37,986 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,986 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #1004#return; {5301#false} is VALID [2022-02-20 18:02:37,986 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:02:37,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~9; {5300#true} is VALID [2022-02-20 18:02:37,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {5300#true} is VALID [2022-02-20 18:02:37,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:37,994 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #1006#return; {5301#false} is VALID [2022-02-20 18:02:37,994 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:02:37,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:37,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5300#true} is VALID [2022-02-20 18:02:37,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {5300#true} is VALID [2022-02-20 18:02:38,000 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,000 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5301#false} #1008#return; {5301#false} is VALID [2022-02-20 18:02:38,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 18:02:38,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:38,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:38,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:38,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5300#true} is VALID [2022-02-20 18:02:38,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {5300#true} is VALID [2022-02-20 18:02:38,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,011 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5300#true} {5300#true} #1108#return; {5300#true} is VALID [2022-02-20 18:02:38,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {5300#true} is VALID [2022-02-20 18:02:38,011 INFO L272 TraceCheckUtils]: 1: Hoare triple {5300#true} call #t~ret88#1 := isEncrypted(~msg#1); {5300#true} is VALID [2022-02-20 18:02:38,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5300#true} is VALID [2022-02-20 18:02:38,011 INFO L290 TraceCheckUtils]: 3: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 4: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {5300#true} {5300#true} #1108#return; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 6: Hoare triple {5300#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 7: Hoare triple {5300#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 8: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {5300#true} {5301#false} #1020#return; {5301#false} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 3: Hoare triple {5300#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 4: Hoare triple {5300#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5300#true} is VALID [2022-02-20 18:02:38,012 INFO L290 TraceCheckUtils]: 5: Hoare triple {5300#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5300#true} is VALID [2022-02-20 18:02:38,013 INFO L272 TraceCheckUtils]: 6: Hoare triple {5300#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:38,013 INFO L290 TraceCheckUtils]: 7: Hoare triple {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,013 INFO L290 TraceCheckUtils]: 8: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,013 INFO L290 TraceCheckUtils]: 9: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,013 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5300#true} {5300#true} #1064#return; {5300#true} is VALID [2022-02-20 18:02:38,013 INFO L290 TraceCheckUtils]: 11: Hoare triple {5300#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5300#true} is VALID [2022-02-20 18:02:38,014 INFO L272 TraceCheckUtils]: 12: Hoare triple {5300#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:38,014 INFO L290 TraceCheckUtils]: 13: Hoare triple {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,014 INFO L290 TraceCheckUtils]: 14: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,014 INFO L290 TraceCheckUtils]: 15: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,014 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5300#true} {5300#true} #1066#return; {5300#true} is VALID [2022-02-20 18:02:38,015 INFO L290 TraceCheckUtils]: 17: Hoare triple {5300#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5310#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:38,015 INFO L272 TraceCheckUtils]: 18: Hoare triple {5310#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:38,016 INFO L290 TraceCheckUtils]: 19: Hoare triple {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5372#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:38,016 INFO L290 TraceCheckUtils]: 20: Hoare triple {5372#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5373#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:38,016 INFO L290 TraceCheckUtils]: 21: Hoare triple {5373#(= |setClientId_#in~handle| 1)} assume true; {5373#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:38,028 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5373#(= |setClientId_#in~handle| 1)} {5310#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1068#return; {5301#false} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 23: Hoare triple {5301#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5301#false} is VALID [2022-02-20 18:02:38,029 INFO L272 TraceCheckUtils]: 24: Hoare triple {5301#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 25: Hoare triple {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 26: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 27: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,029 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5300#true} {5301#false} #1070#return; {5301#false} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 29: Hoare triple {5301#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5301#false} is VALID [2022-02-20 18:02:38,029 INFO L272 TraceCheckUtils]: 30: Hoare triple {5301#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 31: Hoare triple {5370#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 32: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 33: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,029 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5300#true} {5301#false} #1072#return; {5301#false} is VALID [2022-02-20 18:02:38,029 INFO L290 TraceCheckUtils]: 35: Hoare triple {5301#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L272 TraceCheckUtils]: 36: Hoare triple {5301#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 37: Hoare triple {5371#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 38: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 39: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,030 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5300#true} {5301#false} #1074#return; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 41: Hoare triple {5301#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 42: Hoare triple {5301#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 43: Hoare triple {5301#false} assume !false; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 44: Hoare triple {5301#false} assume test_~splverifierCounter~0#1 < 4; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 45: Hoare triple {5301#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 46: Hoare triple {5301#false} assume !(0 == test_~op1~0#1); {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 47: Hoare triple {5301#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 48: Hoare triple {5301#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5301#false} is VALID [2022-02-20 18:02:38,030 INFO L290 TraceCheckUtils]: 49: Hoare triple {5301#false} assume !false; {5301#false} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 50: Hoare triple {5301#false} assume !(test_~splverifierCounter~0#1 < 4); {5301#false} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 51: Hoare triple {5301#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5301#false} is VALID [2022-02-20 18:02:38,031 INFO L272 TraceCheckUtils]: 52: Hoare triple {5301#false} call sendEmail(~bob~0, ~rjh~0); {5301#false} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 53: Hoare triple {5301#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5301#false} is VALID [2022-02-20 18:02:38,031 INFO L272 TraceCheckUtils]: 54: Hoare triple {5301#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5374#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 55: Hoare triple {5374#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 56: Hoare triple {5300#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 57: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,031 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5300#true} {5301#false} #1050#return; {5301#false} is VALID [2022-02-20 18:02:38,031 INFO L272 TraceCheckUtils]: 59: Hoare triple {5301#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5375#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 60: Hoare triple {5375#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 61: Hoare triple {5300#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 62: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,031 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5300#true} {5301#false} #1052#return; {5301#false} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 64: Hoare triple {5301#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {5301#false} is VALID [2022-02-20 18:02:38,031 INFO L290 TraceCheckUtils]: 65: Hoare triple {5301#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L272 TraceCheckUtils]: 66: Hoare triple {5301#false} call outgoing(~sender#1, ~email~0#1); {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 67: Hoare triple {5301#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L272 TraceCheckUtils]: 68: Hoare triple {5301#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 69: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 70: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 71: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {5300#true} {5301#false} #994#return; {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 73: Hoare triple {5301#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 74: Hoare triple {5301#false} assume 0 == sign_~privkey~1#1; {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 75: Hoare triple {5301#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L272 TraceCheckUtils]: 76: Hoare triple {5301#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 77: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~9; {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 78: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 79: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5300#true} {5301#false} #996#return; {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 81: Hoare triple {5301#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {5301#false} is VALID [2022-02-20 18:02:38,032 INFO L272 TraceCheckUtils]: 82: Hoare triple {5301#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 83: Hoare triple {5300#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 84: Hoare triple {5300#true} assume 1 == ~handle; {5300#true} is VALID [2022-02-20 18:02:38,032 INFO L290 TraceCheckUtils]: 85: Hoare triple {5300#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 86: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {5300#true} {5301#false} #998#return; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 88: Hoare triple {5301#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 89: Hoare triple {5301#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 90: Hoare triple {5301#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 91: Hoare triple {5301#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 92: Hoare triple {5301#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L272 TraceCheckUtils]: 93: Hoare triple {5301#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {5374#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 94: Hoare triple {5374#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 95: Hoare triple {5300#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 96: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5300#true} {5301#false} #1004#return; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 98: Hoare triple {5301#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L272 TraceCheckUtils]: 99: Hoare triple {5301#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 100: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~9; {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 101: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 102: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,033 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {5300#true} {5301#false} #1006#return; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L290 TraceCheckUtils]: 104: Hoare triple {5301#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {5301#false} is VALID [2022-02-20 18:02:38,033 INFO L272 TraceCheckUtils]: 105: Hoare triple {5301#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 106: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 107: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 108: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {5300#true} {5301#false} #1008#return; {5301#false} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 110: Hoare triple {5301#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {5301#false} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 111: Hoare triple {5301#false} assume !(0 != incoming_~privkey~0#1); {5301#false} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 112: Hoare triple {5301#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {5301#false} is VALID [2022-02-20 18:02:38,034 INFO L272 TraceCheckUtils]: 113: Hoare triple {5301#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 114: Hoare triple {5300#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L272 TraceCheckUtils]: 115: Hoare triple {5300#true} call #t~ret88#1 := isEncrypted(~msg#1); {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 116: Hoare triple {5300#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 117: Hoare triple {5300#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 118: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {5300#true} {5300#true} #1108#return; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 120: Hoare triple {5300#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 121: Hoare triple {5300#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {5300#true} is VALID [2022-02-20 18:02:38,034 INFO L290 TraceCheckUtils]: 122: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,035 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {5300#true} {5301#false} #1020#return; {5301#false} is VALID [2022-02-20 18:02:38,035 INFO L290 TraceCheckUtils]: 124: Hoare triple {5301#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {5301#false} is VALID [2022-02-20 18:02:38,035 INFO L290 TraceCheckUtils]: 125: Hoare triple {5301#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {5301#false} is VALID [2022-02-20 18:02:38,035 INFO L290 TraceCheckUtils]: 126: Hoare triple {5301#false} assume !false; {5301#false} is VALID [2022-02-20 18:02:38,035 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:02:38,035 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:38,035 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [901219704] [2022-02-20 18:02:38,035 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [901219704] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:38,035 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [942744494] [2022-02-20 18:02:38,035 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:38,036 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:38,036 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:38,056 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:38,058 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:02:38,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:38,279 INFO L263 TraceCheckSpWp]: Trace formula consists of 1130 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:02:38,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:38,320 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:38,575 INFO L290 TraceCheckUtils]: 0: Hoare triple {5300#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 1: Hoare triple {5300#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 2: Hoare triple {5300#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 3: Hoare triple {5300#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 4: Hoare triple {5300#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 5: Hoare triple {5300#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L272 TraceCheckUtils]: 6: Hoare triple {5300#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 7: Hoare triple {5300#true} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 8: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 9: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5300#true} {5300#true} #1064#return; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 11: Hoare triple {5300#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L272 TraceCheckUtils]: 12: Hoare triple {5300#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 13: Hoare triple {5300#true} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 14: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,576 INFO L290 TraceCheckUtils]: 15: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5300#true} {5300#true} #1066#return; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 17: Hoare triple {5300#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L272 TraceCheckUtils]: 18: Hoare triple {5300#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 19: Hoare triple {5300#true} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 20: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 21: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5300#true} {5300#true} #1068#return; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 23: Hoare triple {5300#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L272 TraceCheckUtils]: 24: Hoare triple {5300#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 25: Hoare triple {5300#true} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 26: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 27: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5300#true} {5300#true} #1070#return; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 29: Hoare triple {5300#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L272 TraceCheckUtils]: 30: Hoare triple {5300#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 31: Hoare triple {5300#true} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 32: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L290 TraceCheckUtils]: 33: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,577 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5300#true} {5300#true} #1072#return; {5300#true} is VALID [2022-02-20 18:02:38,578 INFO L290 TraceCheckUtils]: 35: Hoare triple {5300#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5300#true} is VALID [2022-02-20 18:02:38,578 INFO L272 TraceCheckUtils]: 36: Hoare triple {5300#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5300#true} is VALID [2022-02-20 18:02:38,578 INFO L290 TraceCheckUtils]: 37: Hoare triple {5300#true} ~handle := #in~handle;~value := #in~value; {5300#true} is VALID [2022-02-20 18:02:38,578 INFO L290 TraceCheckUtils]: 38: Hoare triple {5300#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5300#true} is VALID [2022-02-20 18:02:38,578 INFO L290 TraceCheckUtils]: 39: Hoare triple {5300#true} assume true; {5300#true} is VALID [2022-02-20 18:02:38,578 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5300#true} {5300#true} #1074#return; {5300#true} is VALID [2022-02-20 18:02:38,578 INFO L290 TraceCheckUtils]: 41: Hoare triple {5300#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5300#true} is VALID [2022-02-20 18:02:38,578 INFO L290 TraceCheckUtils]: 42: Hoare triple {5300#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5509#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:38,579 INFO L290 TraceCheckUtils]: 43: Hoare triple {5509#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5509#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:38,579 INFO L290 TraceCheckUtils]: 44: Hoare triple {5509#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5509#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:38,579 INFO L290 TraceCheckUtils]: 45: Hoare triple {5509#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5509#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 46: Hoare triple {5509#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 47: Hoare triple {5301#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 48: Hoare triple {5301#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 49: Hoare triple {5301#false} assume !false; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 50: Hoare triple {5301#false} assume !(test_~splverifierCounter~0#1 < 4); {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 51: Hoare triple {5301#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L272 TraceCheckUtils]: 52: Hoare triple {5301#false} call sendEmail(~bob~0, ~rjh~0); {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 53: Hoare triple {5301#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L272 TraceCheckUtils]: 54: Hoare triple {5301#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 55: Hoare triple {5301#false} ~handle := #in~handle;~value := #in~value; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 56: Hoare triple {5301#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L290 TraceCheckUtils]: 57: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5301#false} {5301#false} #1050#return; {5301#false} is VALID [2022-02-20 18:02:38,580 INFO L272 TraceCheckUtils]: 59: Hoare triple {5301#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 60: Hoare triple {5301#false} ~handle := #in~handle;~value := #in~value; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 61: Hoare triple {5301#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 62: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5301#false} {5301#false} #1052#return; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 64: Hoare triple {5301#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 65: Hoare triple {5301#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L272 TraceCheckUtils]: 66: Hoare triple {5301#false} call outgoing(~sender#1, ~email~0#1); {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 67: Hoare triple {5301#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L272 TraceCheckUtils]: 68: Hoare triple {5301#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 69: Hoare triple {5301#false} ~handle := #in~handle;havoc ~retValue_acc~36; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 70: Hoare triple {5301#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 71: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {5301#false} {5301#false} #994#return; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 73: Hoare triple {5301#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 74: Hoare triple {5301#false} assume 0 == sign_~privkey~1#1; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L290 TraceCheckUtils]: 75: Hoare triple {5301#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {5301#false} is VALID [2022-02-20 18:02:38,581 INFO L272 TraceCheckUtils]: 76: Hoare triple {5301#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {5301#false} is VALID [2022-02-20 18:02:38,587 INFO L290 TraceCheckUtils]: 77: Hoare triple {5301#false} ~handle := #in~handle;havoc ~retValue_acc~9; {5301#false} is VALID [2022-02-20 18:02:38,587 INFO L290 TraceCheckUtils]: 78: Hoare triple {5301#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {5301#false} is VALID [2022-02-20 18:02:38,587 INFO L290 TraceCheckUtils]: 79: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,587 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5301#false} {5301#false} #996#return; {5301#false} is VALID [2022-02-20 18:02:38,587 INFO L290 TraceCheckUtils]: 81: Hoare triple {5301#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {5301#false} is VALID [2022-02-20 18:02:38,587 INFO L272 TraceCheckUtils]: 82: Hoare triple {5301#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {5301#false} is VALID [2022-02-20 18:02:38,587 INFO L290 TraceCheckUtils]: 83: Hoare triple {5301#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 84: Hoare triple {5301#false} assume 1 == ~handle; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 85: Hoare triple {5301#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 86: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {5301#false} {5301#false} #998#return; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 88: Hoare triple {5301#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 89: Hoare triple {5301#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 90: Hoare triple {5301#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 91: Hoare triple {5301#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 92: Hoare triple {5301#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L272 TraceCheckUtils]: 93: Hoare triple {5301#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 94: Hoare triple {5301#false} ~handle := #in~handle;~value := #in~value; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 95: Hoare triple {5301#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 96: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5301#false} {5301#false} #1004#return; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 98: Hoare triple {5301#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L272 TraceCheckUtils]: 99: Hoare triple {5301#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 100: Hoare triple {5301#false} ~handle := #in~handle;havoc ~retValue_acc~9; {5301#false} is VALID [2022-02-20 18:02:38,588 INFO L290 TraceCheckUtils]: 101: Hoare triple {5301#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 102: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {5301#false} {5301#false} #1006#return; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 104: Hoare triple {5301#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L272 TraceCheckUtils]: 105: Hoare triple {5301#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 106: Hoare triple {5301#false} ~handle := #in~handle;havoc ~retValue_acc~36; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 107: Hoare triple {5301#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 108: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {5301#false} {5301#false} #1008#return; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 110: Hoare triple {5301#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 111: Hoare triple {5301#false} assume !(0 != incoming_~privkey~0#1); {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 112: Hoare triple {5301#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L272 TraceCheckUtils]: 113: Hoare triple {5301#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 114: Hoare triple {5301#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L272 TraceCheckUtils]: 115: Hoare triple {5301#false} call #t~ret88#1 := isEncrypted(~msg#1); {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 116: Hoare triple {5301#false} ~handle := #in~handle;havoc ~retValue_acc~12; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 117: Hoare triple {5301#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 118: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {5301#false} {5301#false} #1108#return; {5301#false} is VALID [2022-02-20 18:02:38,589 INFO L290 TraceCheckUtils]: 120: Hoare triple {5301#false} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {5301#false} is VALID [2022-02-20 18:02:38,590 INFO L290 TraceCheckUtils]: 121: Hoare triple {5301#false} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {5301#false} is VALID [2022-02-20 18:02:38,590 INFO L290 TraceCheckUtils]: 122: Hoare triple {5301#false} assume true; {5301#false} is VALID [2022-02-20 18:02:38,590 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {5301#false} {5301#false} #1020#return; {5301#false} is VALID [2022-02-20 18:02:38,590 INFO L290 TraceCheckUtils]: 124: Hoare triple {5301#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {5301#false} is VALID [2022-02-20 18:02:38,590 INFO L290 TraceCheckUtils]: 125: Hoare triple {5301#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {5301#false} is VALID [2022-02-20 18:02:38,590 INFO L290 TraceCheckUtils]: 126: Hoare triple {5301#false} assume !false; {5301#false} is VALID [2022-02-20 18:02:38,590 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 18:02:38,590 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:38,590 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [942744494] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:38,590 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:38,590 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:02:38,591 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1601371215] [2022-02-20 18:02:38,591 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:38,591 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) Word has length 127 [2022-02-20 18:02:38,591 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:38,592 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:38,696 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:38,697 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:02:38,697 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:38,697 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:02:38,697 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:38,697 INFO L87 Difference]: Start difference. First operand 361 states and 531 transitions. Second operand has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:39,178 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:39,179 INFO L93 Difference]: Finished difference Result 752 states and 1121 transitions. [2022-02-20 18:02:39,179 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:02:39,179 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) Word has length 127 [2022-02-20 18:02:39,179 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:39,180 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:39,205 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1119 transitions. [2022-02-20 18:02:39,206 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:39,214 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1119 transitions. [2022-02-20 18:02:39,215 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1119 transitions. [2022-02-20 18:02:39,955 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1119 edges. 1119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:39,980 INFO L225 Difference]: With dead ends: 752 [2022-02-20 18:02:39,980 INFO L226 Difference]: Without dead ends: 418 [2022-02-20 18:02:39,981 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 162 GetRequests, 154 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:02:39,981 INFO L933 BasicCegarLoop]: 545 mSDtfsCounter, 107 mSDsluCounter, 482 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 122 SdHoareTripleChecker+Valid, 1027 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:39,982 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [122 Valid, 1027 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:39,982 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 418 states. [2022-02-20 18:02:40,004 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 418 to 410. [2022-02-20 18:02:40,005 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:40,006 INFO L82 GeneralOperation]: Start isEquivalent. First operand 418 states. Second operand has 410 states, 317 states have (on average 1.5078864353312302) internal successors, (478), 320 states have internal predecessors, (478), 69 states have call successors, (69), 23 states have call predecessors, (69), 23 states have return successors, (68), 68 states have call predecessors, (68), 68 states have call successors, (68) [2022-02-20 18:02:40,006 INFO L74 IsIncluded]: Start isIncluded. First operand 418 states. Second operand has 410 states, 317 states have (on average 1.5078864353312302) internal successors, (478), 320 states have internal predecessors, (478), 69 states have call successors, (69), 23 states have call predecessors, (69), 23 states have return successors, (68), 68 states have call predecessors, (68), 68 states have call successors, (68) [2022-02-20 18:02:40,007 INFO L87 Difference]: Start difference. First operand 418 states. Second operand has 410 states, 317 states have (on average 1.5078864353312302) internal successors, (478), 320 states have internal predecessors, (478), 69 states have call successors, (69), 23 states have call predecessors, (69), 23 states have return successors, (68), 68 states have call predecessors, (68), 68 states have call successors, (68) [2022-02-20 18:02:40,020 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:40,020 INFO L93 Difference]: Finished difference Result 418 states and 624 transitions. [2022-02-20 18:02:40,020 INFO L276 IsEmpty]: Start isEmpty. Operand 418 states and 624 transitions. [2022-02-20 18:02:40,022 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:40,022 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:40,023 INFO L74 IsIncluded]: Start isIncluded. First operand has 410 states, 317 states have (on average 1.5078864353312302) internal successors, (478), 320 states have internal predecessors, (478), 69 states have call successors, (69), 23 states have call predecessors, (69), 23 states have return successors, (68), 68 states have call predecessors, (68), 68 states have call successors, (68) Second operand 418 states. [2022-02-20 18:02:40,023 INFO L87 Difference]: Start difference. First operand has 410 states, 317 states have (on average 1.5078864353312302) internal successors, (478), 320 states have internal predecessors, (478), 69 states have call successors, (69), 23 states have call predecessors, (69), 23 states have return successors, (68), 68 states have call predecessors, (68), 68 states have call successors, (68) Second operand 418 states. [2022-02-20 18:02:40,040 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:40,040 INFO L93 Difference]: Finished difference Result 418 states and 624 transitions. [2022-02-20 18:02:40,040 INFO L276 IsEmpty]: Start isEmpty. Operand 418 states and 624 transitions. [2022-02-20 18:02:40,042 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:40,042 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:40,042 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:40,049 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:40,050 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 410 states, 317 states have (on average 1.5078864353312302) internal successors, (478), 320 states have internal predecessors, (478), 69 states have call successors, (69), 23 states have call predecessors, (69), 23 states have return successors, (68), 68 states have call predecessors, (68), 68 states have call successors, (68) [2022-02-20 18:02:40,066 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 410 states to 410 states and 615 transitions. [2022-02-20 18:02:40,066 INFO L78 Accepts]: Start accepts. Automaton has 410 states and 615 transitions. Word has length 127 [2022-02-20 18:02:40,067 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:40,067 INFO L470 AbstractCegarLoop]: Abstraction has 410 states and 615 transitions. [2022-02-20 18:02:40,067 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 24.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:02:40,067 INFO L276 IsEmpty]: Start isEmpty. Operand 410 states and 615 transitions. [2022-02-20 18:02:40,069 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 129 [2022-02-20 18:02:40,069 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:40,069 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:40,097 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:40,295 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:40,295 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:40,295 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:40,295 INFO L85 PathProgramCache]: Analyzing trace with hash -179272271, now seen corresponding path program 1 times [2022-02-20 18:02:40,296 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:40,296 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [292018140] [2022-02-20 18:02:40,296 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:40,296 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:40,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,346 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:40,347 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,368 INFO L290 TraceCheckUtils]: 0: Hoare triple {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,368 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8237#true} #1064#return; {8237#true} is VALID [2022-02-20 18:02:40,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:40,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,376 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8237#true} #1066#return; {8237#true} is VALID [2022-02-20 18:02:40,376 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:40,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8309#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:40,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {8309#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8310#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:40,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {8310#(= |setClientId_#in~handle| 1)} assume true; {8310#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:40,391 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8310#(= |setClientId_#in~handle| 1)} {8247#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1068#return; {8238#false} is VALID [2022-02-20 18:02:40,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:02:40,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,394 INFO L290 TraceCheckUtils]: 0: Hoare triple {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,394 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,394 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,394 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #1070#return; {8238#false} is VALID [2022-02-20 18:02:40,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:02:40,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,398 INFO L290 TraceCheckUtils]: 0: Hoare triple {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,398 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,398 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #1072#return; {8238#false} is VALID [2022-02-20 18:02:40,398 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:02:40,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,402 INFO L290 TraceCheckUtils]: 0: Hoare triple {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,402 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,402 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,402 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #1074#return; {8238#false} is VALID [2022-02-20 18:02:40,407 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:02:40,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {8311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,419 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,419 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #1050#return; {8238#false} is VALID [2022-02-20 18:02:40,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:02:40,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {8312#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,431 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,431 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,431 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #1052#return; {8238#false} is VALID [2022-02-20 18:02:40,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:02:40,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,434 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8237#true} is VALID [2022-02-20 18:02:40,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {8237#true} is VALID [2022-02-20 18:02:40,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,435 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #994#return; {8238#false} is VALID [2022-02-20 18:02:40,435 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:02:40,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8237#true} is VALID [2022-02-20 18:02:40,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {8237#true} is VALID [2022-02-20 18:02:40,438 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,438 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #996#return; {8238#false} is VALID [2022-02-20 18:02:40,438 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:02:40,439 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,441 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {8237#true} is VALID [2022-02-20 18:02:40,441 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle; {8237#true} is VALID [2022-02-20 18:02:40,441 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {8237#true} is VALID [2022-02-20 18:02:40,441 INFO L290 TraceCheckUtils]: 3: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,441 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8237#true} {8238#false} #998#return; {8238#false} is VALID [2022-02-20 18:02:40,442 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:02:40,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,445 INFO L290 TraceCheckUtils]: 0: Hoare triple {8311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,446 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,446 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,446 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #1004#return; {8238#false} is VALID [2022-02-20 18:02:40,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:02:40,447 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8237#true} is VALID [2022-02-20 18:02:40,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {8237#true} is VALID [2022-02-20 18:02:40,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,449 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #1006#return; {8238#false} is VALID [2022-02-20 18:02:40,449 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:02:40,451 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,453 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8237#true} is VALID [2022-02-20 18:02:40,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {8237#true} is VALID [2022-02-20 18:02:40,453 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,454 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8238#false} #1008#return; {8238#false} is VALID [2022-02-20 18:02:40,454 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 18:02:40,456 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:40,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~12; {8237#true} is VALID [2022-02-20 18:02:40,461 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {8237#true} is VALID [2022-02-20 18:02:40,461 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,461 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8237#true} {8237#true} #1108#return; {8237#true} is VALID [2022-02-20 18:02:40,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {8237#true} is VALID [2022-02-20 18:02:40,461 INFO L272 TraceCheckUtils]: 1: Hoare triple {8237#true} call #t~ret88#1 := isEncrypted(~msg#1); {8237#true} is VALID [2022-02-20 18:02:40,461 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~12; {8237#true} is VALID [2022-02-20 18:02:40,462 INFO L290 TraceCheckUtils]: 3: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {8237#true} is VALID [2022-02-20 18:02:40,462 INFO L290 TraceCheckUtils]: 4: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,462 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {8237#true} {8237#true} #1108#return; {8237#true} is VALID [2022-02-20 18:02:40,462 INFO L290 TraceCheckUtils]: 6: Hoare triple {8237#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {8237#true} is VALID [2022-02-20 18:02:40,462 INFO L290 TraceCheckUtils]: 7: Hoare triple {8237#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {8237#true} is VALID [2022-02-20 18:02:40,462 INFO L290 TraceCheckUtils]: 8: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,462 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {8237#true} {8238#false} #1020#return; {8238#false} is VALID [2022-02-20 18:02:40,462 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8237#true} is VALID [2022-02-20 18:02:40,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {8237#true} is VALID [2022-02-20 18:02:40,463 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8237#true} is VALID [2022-02-20 18:02:40,463 INFO L290 TraceCheckUtils]: 3: Hoare triple {8237#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {8237#true} is VALID [2022-02-20 18:02:40,463 INFO L290 TraceCheckUtils]: 4: Hoare triple {8237#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {8237#true} is VALID [2022-02-20 18:02:40,463 INFO L290 TraceCheckUtils]: 5: Hoare triple {8237#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8237#true} is VALID [2022-02-20 18:02:40,464 INFO L272 TraceCheckUtils]: 6: Hoare triple {8237#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:40,464 INFO L290 TraceCheckUtils]: 7: Hoare triple {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,464 INFO L290 TraceCheckUtils]: 8: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,464 INFO L290 TraceCheckUtils]: 9: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,465 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8237#true} {8237#true} #1064#return; {8237#true} is VALID [2022-02-20 18:02:40,465 INFO L290 TraceCheckUtils]: 11: Hoare triple {8237#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8237#true} is VALID [2022-02-20 18:02:40,465 INFO L272 TraceCheckUtils]: 12: Hoare triple {8237#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:40,466 INFO L290 TraceCheckUtils]: 13: Hoare triple {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,466 INFO L290 TraceCheckUtils]: 14: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,466 INFO L290 TraceCheckUtils]: 15: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,466 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8237#true} {8237#true} #1066#return; {8237#true} is VALID [2022-02-20 18:02:40,466 INFO L290 TraceCheckUtils]: 17: Hoare triple {8237#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8247#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:02:40,467 INFO L272 TraceCheckUtils]: 18: Hoare triple {8247#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:40,467 INFO L290 TraceCheckUtils]: 19: Hoare triple {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8309#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:40,468 INFO L290 TraceCheckUtils]: 20: Hoare triple {8309#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8310#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:40,468 INFO L290 TraceCheckUtils]: 21: Hoare triple {8310#(= |setClientId_#in~handle| 1)} assume true; {8310#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:40,468 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8310#(= |setClientId_#in~handle| 1)} {8247#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1068#return; {8238#false} is VALID [2022-02-20 18:02:40,469 INFO L290 TraceCheckUtils]: 23: Hoare triple {8238#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8238#false} is VALID [2022-02-20 18:02:40,469 INFO L272 TraceCheckUtils]: 24: Hoare triple {8238#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:40,469 INFO L290 TraceCheckUtils]: 25: Hoare triple {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,469 INFO L290 TraceCheckUtils]: 26: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,469 INFO L290 TraceCheckUtils]: 27: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,469 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8237#true} {8238#false} #1070#return; {8238#false} is VALID [2022-02-20 18:02:40,469 INFO L290 TraceCheckUtils]: 29: Hoare triple {8238#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8238#false} is VALID [2022-02-20 18:02:40,469 INFO L272 TraceCheckUtils]: 30: Hoare triple {8238#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:40,470 INFO L290 TraceCheckUtils]: 31: Hoare triple {8307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,470 INFO L290 TraceCheckUtils]: 32: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,470 INFO L290 TraceCheckUtils]: 33: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,470 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8237#true} {8238#false} #1072#return; {8238#false} is VALID [2022-02-20 18:02:40,470 INFO L290 TraceCheckUtils]: 35: Hoare triple {8238#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8238#false} is VALID [2022-02-20 18:02:40,470 INFO L272 TraceCheckUtils]: 36: Hoare triple {8238#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:40,470 INFO L290 TraceCheckUtils]: 37: Hoare triple {8308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,470 INFO L290 TraceCheckUtils]: 38: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,470 INFO L290 TraceCheckUtils]: 39: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,471 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8237#true} {8238#false} #1074#return; {8238#false} is VALID [2022-02-20 18:02:40,471 INFO L290 TraceCheckUtils]: 41: Hoare triple {8238#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {8238#false} is VALID [2022-02-20 18:02:40,471 INFO L290 TraceCheckUtils]: 42: Hoare triple {8238#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8238#false} is VALID [2022-02-20 18:02:40,471 INFO L290 TraceCheckUtils]: 43: Hoare triple {8238#false} assume !false; {8238#false} is VALID [2022-02-20 18:02:40,471 INFO L290 TraceCheckUtils]: 44: Hoare triple {8238#false} assume test_~splverifierCounter~0#1 < 4; {8238#false} is VALID [2022-02-20 18:02:40,471 INFO L290 TraceCheckUtils]: 45: Hoare triple {8238#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8238#false} is VALID [2022-02-20 18:02:40,471 INFO L290 TraceCheckUtils]: 46: Hoare triple {8238#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet94#1 && test_#t~nondet94#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet94#1;havoc test_#t~nondet94#1; {8238#false} is VALID [2022-02-20 18:02:40,471 INFO L290 TraceCheckUtils]: 47: Hoare triple {8238#false} assume !(0 != test_~tmp___9~0#1); {8238#false} is VALID [2022-02-20 18:02:40,472 INFO L290 TraceCheckUtils]: 48: Hoare triple {8238#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {8238#false} is VALID [2022-02-20 18:02:40,472 INFO L290 TraceCheckUtils]: 49: Hoare triple {8238#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8238#false} is VALID [2022-02-20 18:02:40,472 INFO L290 TraceCheckUtils]: 50: Hoare triple {8238#false} assume !false; {8238#false} is VALID [2022-02-20 18:02:40,472 INFO L290 TraceCheckUtils]: 51: Hoare triple {8238#false} assume !(test_~splverifierCounter~0#1 < 4); {8238#false} is VALID [2022-02-20 18:02:40,472 INFO L290 TraceCheckUtils]: 52: Hoare triple {8238#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {8238#false} is VALID [2022-02-20 18:02:40,472 INFO L272 TraceCheckUtils]: 53: Hoare triple {8238#false} call sendEmail(~bob~0, ~rjh~0); {8238#false} is VALID [2022-02-20 18:02:40,472 INFO L290 TraceCheckUtils]: 54: Hoare triple {8238#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8238#false} is VALID [2022-02-20 18:02:40,472 INFO L272 TraceCheckUtils]: 55: Hoare triple {8238#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:40,472 INFO L290 TraceCheckUtils]: 56: Hoare triple {8311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,473 INFO L290 TraceCheckUtils]: 57: Hoare triple {8237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,473 INFO L290 TraceCheckUtils]: 58: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,473 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8237#true} {8238#false} #1050#return; {8238#false} is VALID [2022-02-20 18:02:40,473 INFO L272 TraceCheckUtils]: 60: Hoare triple {8238#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8312#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:40,473 INFO L290 TraceCheckUtils]: 61: Hoare triple {8312#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,473 INFO L290 TraceCheckUtils]: 62: Hoare triple {8237#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,473 INFO L290 TraceCheckUtils]: 63: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,473 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {8237#true} {8238#false} #1052#return; {8238#false} is VALID [2022-02-20 18:02:40,473 INFO L290 TraceCheckUtils]: 65: Hoare triple {8238#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {8238#false} is VALID [2022-02-20 18:02:40,474 INFO L290 TraceCheckUtils]: 66: Hoare triple {8238#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {8238#false} is VALID [2022-02-20 18:02:40,474 INFO L272 TraceCheckUtils]: 67: Hoare triple {8238#false} call outgoing(~sender#1, ~email~0#1); {8238#false} is VALID [2022-02-20 18:02:40,474 INFO L290 TraceCheckUtils]: 68: Hoare triple {8238#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {8238#false} is VALID [2022-02-20 18:02:40,474 INFO L272 TraceCheckUtils]: 69: Hoare triple {8238#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {8237#true} is VALID [2022-02-20 18:02:40,474 INFO L290 TraceCheckUtils]: 70: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8237#true} is VALID [2022-02-20 18:02:40,474 INFO L290 TraceCheckUtils]: 71: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {8237#true} is VALID [2022-02-20 18:02:40,474 INFO L290 TraceCheckUtils]: 72: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,474 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {8237#true} {8238#false} #994#return; {8238#false} is VALID [2022-02-20 18:02:40,474 INFO L290 TraceCheckUtils]: 74: Hoare triple {8238#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {8238#false} is VALID [2022-02-20 18:02:40,475 INFO L290 TraceCheckUtils]: 75: Hoare triple {8238#false} assume 0 == sign_~privkey~1#1; {8238#false} is VALID [2022-02-20 18:02:40,475 INFO L290 TraceCheckUtils]: 76: Hoare triple {8238#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {8238#false} is VALID [2022-02-20 18:02:40,475 INFO L272 TraceCheckUtils]: 77: Hoare triple {8238#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {8237#true} is VALID [2022-02-20 18:02:40,475 INFO L290 TraceCheckUtils]: 78: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8237#true} is VALID [2022-02-20 18:02:40,475 INFO L290 TraceCheckUtils]: 79: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {8237#true} is VALID [2022-02-20 18:02:40,475 INFO L290 TraceCheckUtils]: 80: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,475 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {8237#true} {8238#false} #996#return; {8238#false} is VALID [2022-02-20 18:02:40,475 INFO L290 TraceCheckUtils]: 82: Hoare triple {8238#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {8238#false} is VALID [2022-02-20 18:02:40,475 INFO L272 TraceCheckUtils]: 83: Hoare triple {8238#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {8237#true} is VALID [2022-02-20 18:02:40,476 INFO L290 TraceCheckUtils]: 84: Hoare triple {8237#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {8237#true} is VALID [2022-02-20 18:02:40,476 INFO L290 TraceCheckUtils]: 85: Hoare triple {8237#true} assume 1 == ~handle; {8237#true} is VALID [2022-02-20 18:02:40,476 INFO L290 TraceCheckUtils]: 86: Hoare triple {8237#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {8237#true} is VALID [2022-02-20 18:02:40,476 INFO L290 TraceCheckUtils]: 87: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,476 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {8237#true} {8238#false} #998#return; {8238#false} is VALID [2022-02-20 18:02:40,476 INFO L290 TraceCheckUtils]: 89: Hoare triple {8238#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {8238#false} is VALID [2022-02-20 18:02:40,476 INFO L290 TraceCheckUtils]: 90: Hoare triple {8238#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {8238#false} is VALID [2022-02-20 18:02:40,476 INFO L290 TraceCheckUtils]: 91: Hoare triple {8238#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {8238#false} is VALID [2022-02-20 18:02:40,476 INFO L290 TraceCheckUtils]: 92: Hoare triple {8238#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {8238#false} is VALID [2022-02-20 18:02:40,477 INFO L290 TraceCheckUtils]: 93: Hoare triple {8238#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {8238#false} is VALID [2022-02-20 18:02:40,477 INFO L272 TraceCheckUtils]: 94: Hoare triple {8238#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {8311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:40,477 INFO L290 TraceCheckUtils]: 95: Hoare triple {8311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:40,477 INFO L290 TraceCheckUtils]: 96: Hoare triple {8237#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:40,477 INFO L290 TraceCheckUtils]: 97: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,477 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8237#true} {8238#false} #1004#return; {8238#false} is VALID [2022-02-20 18:02:40,477 INFO L290 TraceCheckUtils]: 99: Hoare triple {8238#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {8238#false} is VALID [2022-02-20 18:02:40,477 INFO L272 TraceCheckUtils]: 100: Hoare triple {8238#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {8237#true} is VALID [2022-02-20 18:02:40,477 INFO L290 TraceCheckUtils]: 101: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8237#true} is VALID [2022-02-20 18:02:40,477 INFO L290 TraceCheckUtils]: 102: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {8237#true} is VALID [2022-02-20 18:02:40,478 INFO L290 TraceCheckUtils]: 103: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,478 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {8237#true} {8238#false} #1006#return; {8238#false} is VALID [2022-02-20 18:02:40,478 INFO L290 TraceCheckUtils]: 105: Hoare triple {8238#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {8238#false} is VALID [2022-02-20 18:02:40,478 INFO L272 TraceCheckUtils]: 106: Hoare triple {8238#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {8237#true} is VALID [2022-02-20 18:02:40,478 INFO L290 TraceCheckUtils]: 107: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8237#true} is VALID [2022-02-20 18:02:40,478 INFO L290 TraceCheckUtils]: 108: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {8237#true} is VALID [2022-02-20 18:02:40,478 INFO L290 TraceCheckUtils]: 109: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,478 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {8237#true} {8238#false} #1008#return; {8238#false} is VALID [2022-02-20 18:02:40,478 INFO L290 TraceCheckUtils]: 111: Hoare triple {8238#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {8238#false} is VALID [2022-02-20 18:02:40,479 INFO L290 TraceCheckUtils]: 112: Hoare triple {8238#false} assume !(0 != incoming_~privkey~0#1); {8238#false} is VALID [2022-02-20 18:02:40,479 INFO L290 TraceCheckUtils]: 113: Hoare triple {8238#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {8238#false} is VALID [2022-02-20 18:02:40,479 INFO L272 TraceCheckUtils]: 114: Hoare triple {8238#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {8237#true} is VALID [2022-02-20 18:02:40,479 INFO L290 TraceCheckUtils]: 115: Hoare triple {8237#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {8237#true} is VALID [2022-02-20 18:02:40,479 INFO L272 TraceCheckUtils]: 116: Hoare triple {8237#true} call #t~ret88#1 := isEncrypted(~msg#1); {8237#true} is VALID [2022-02-20 18:02:40,479 INFO L290 TraceCheckUtils]: 117: Hoare triple {8237#true} ~handle := #in~handle;havoc ~retValue_acc~12; {8237#true} is VALID [2022-02-20 18:02:40,479 INFO L290 TraceCheckUtils]: 118: Hoare triple {8237#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {8237#true} is VALID [2022-02-20 18:02:40,479 INFO L290 TraceCheckUtils]: 119: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,480 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {8237#true} {8237#true} #1108#return; {8237#true} is VALID [2022-02-20 18:02:40,480 INFO L290 TraceCheckUtils]: 121: Hoare triple {8237#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {8237#true} is VALID [2022-02-20 18:02:40,480 INFO L290 TraceCheckUtils]: 122: Hoare triple {8237#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {8237#true} is VALID [2022-02-20 18:02:40,480 INFO L290 TraceCheckUtils]: 123: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:40,480 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {8237#true} {8238#false} #1020#return; {8238#false} is VALID [2022-02-20 18:02:40,480 INFO L290 TraceCheckUtils]: 125: Hoare triple {8238#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {8238#false} is VALID [2022-02-20 18:02:40,480 INFO L290 TraceCheckUtils]: 126: Hoare triple {8238#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {8238#false} is VALID [2022-02-20 18:02:40,480 INFO L290 TraceCheckUtils]: 127: Hoare triple {8238#false} assume !false; {8238#false} is VALID [2022-02-20 18:02:40,481 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:02:40,483 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:40,483 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [292018140] [2022-02-20 18:02:40,483 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [292018140] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:40,484 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1549145731] [2022-02-20 18:02:40,484 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:40,484 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:40,484 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:40,500 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:40,501 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:02:40,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,727 INFO L263 TraceCheckSpWp]: Trace formula consists of 1137 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:02:40,771 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:40,776 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:41,124 INFO L290 TraceCheckUtils]: 0: Hoare triple {8237#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8237#true} is VALID [2022-02-20 18:02:41,124 INFO L290 TraceCheckUtils]: 1: Hoare triple {8237#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {8237#true} is VALID [2022-02-20 18:02:41,124 INFO L290 TraceCheckUtils]: 2: Hoare triple {8237#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8237#true} is VALID [2022-02-20 18:02:41,124 INFO L290 TraceCheckUtils]: 3: Hoare triple {8237#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {8237#true} is VALID [2022-02-20 18:02:41,124 INFO L290 TraceCheckUtils]: 4: Hoare triple {8237#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L290 TraceCheckUtils]: 5: Hoare triple {8237#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L272 TraceCheckUtils]: 6: Hoare triple {8237#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L290 TraceCheckUtils]: 7: Hoare triple {8237#true} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L290 TraceCheckUtils]: 8: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L290 TraceCheckUtils]: 9: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8237#true} {8237#true} #1064#return; {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L290 TraceCheckUtils]: 11: Hoare triple {8237#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L272 TraceCheckUtils]: 12: Hoare triple {8237#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8237#true} is VALID [2022-02-20 18:02:41,125 INFO L290 TraceCheckUtils]: 13: Hoare triple {8237#true} ~handle := #in~handle;~value := #in~value; {8237#true} is VALID [2022-02-20 18:02:41,126 INFO L290 TraceCheckUtils]: 14: Hoare triple {8237#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8237#true} is VALID [2022-02-20 18:02:41,126 INFO L290 TraceCheckUtils]: 15: Hoare triple {8237#true} assume true; {8237#true} is VALID [2022-02-20 18:02:41,126 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8237#true} {8237#true} #1066#return; {8237#true} is VALID [2022-02-20 18:02:41,126 INFO L290 TraceCheckUtils]: 17: Hoare triple {8237#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8371#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:41,127 INFO L272 TraceCheckUtils]: 18: Hoare triple {8371#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8237#true} is VALID [2022-02-20 18:02:41,127 INFO L290 TraceCheckUtils]: 19: Hoare triple {8237#true} ~handle := #in~handle;~value := #in~value; {8378#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:02:41,128 INFO L290 TraceCheckUtils]: 20: Hoare triple {8378#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8382#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:41,128 INFO L290 TraceCheckUtils]: 21: Hoare triple {8382#(<= |setClientId_#in~handle| 1)} assume true; {8382#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:41,129 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8382#(<= |setClientId_#in~handle| 1)} {8371#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1068#return; {8238#false} is VALID [2022-02-20 18:02:41,129 INFO L290 TraceCheckUtils]: 23: Hoare triple {8238#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8238#false} is VALID [2022-02-20 18:02:41,129 INFO L272 TraceCheckUtils]: 24: Hoare triple {8238#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8238#false} is VALID [2022-02-20 18:02:41,129 INFO L290 TraceCheckUtils]: 25: Hoare triple {8238#false} ~handle := #in~handle;~value := #in~value; {8238#false} is VALID [2022-02-20 18:02:41,129 INFO L290 TraceCheckUtils]: 26: Hoare triple {8238#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8238#false} is VALID [2022-02-20 18:02:41,129 INFO L290 TraceCheckUtils]: 27: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,129 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8238#false} {8238#false} #1070#return; {8238#false} is VALID [2022-02-20 18:02:41,129 INFO L290 TraceCheckUtils]: 29: Hoare triple {8238#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L272 TraceCheckUtils]: 30: Hoare triple {8238#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L290 TraceCheckUtils]: 31: Hoare triple {8238#false} ~handle := #in~handle;~value := #in~value; {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L290 TraceCheckUtils]: 32: Hoare triple {8238#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L290 TraceCheckUtils]: 33: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8238#false} {8238#false} #1072#return; {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L290 TraceCheckUtils]: 35: Hoare triple {8238#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L272 TraceCheckUtils]: 36: Hoare triple {8238#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L290 TraceCheckUtils]: 37: Hoare triple {8238#false} ~handle := #in~handle;~value := #in~value; {8238#false} is VALID [2022-02-20 18:02:41,130 INFO L290 TraceCheckUtils]: 38: Hoare triple {8238#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L290 TraceCheckUtils]: 39: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8238#false} {8238#false} #1074#return; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L290 TraceCheckUtils]: 41: Hoare triple {8238#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L290 TraceCheckUtils]: 42: Hoare triple {8238#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L290 TraceCheckUtils]: 43: Hoare triple {8238#false} assume !false; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L290 TraceCheckUtils]: 44: Hoare triple {8238#false} assume test_~splverifierCounter~0#1 < 4; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L290 TraceCheckUtils]: 45: Hoare triple {8238#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L290 TraceCheckUtils]: 46: Hoare triple {8238#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet94#1 && test_#t~nondet94#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet94#1;havoc test_#t~nondet94#1; {8238#false} is VALID [2022-02-20 18:02:41,131 INFO L290 TraceCheckUtils]: 47: Hoare triple {8238#false} assume !(0 != test_~tmp___9~0#1); {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L290 TraceCheckUtils]: 48: Hoare triple {8238#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L290 TraceCheckUtils]: 49: Hoare triple {8238#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L290 TraceCheckUtils]: 50: Hoare triple {8238#false} assume !false; {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L290 TraceCheckUtils]: 51: Hoare triple {8238#false} assume !(test_~splverifierCounter~0#1 < 4); {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L290 TraceCheckUtils]: 52: Hoare triple {8238#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L272 TraceCheckUtils]: 53: Hoare triple {8238#false} call sendEmail(~bob~0, ~rjh~0); {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L290 TraceCheckUtils]: 54: Hoare triple {8238#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L272 TraceCheckUtils]: 55: Hoare triple {8238#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8238#false} is VALID [2022-02-20 18:02:41,132 INFO L290 TraceCheckUtils]: 56: Hoare triple {8238#false} ~handle := #in~handle;~value := #in~value; {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L290 TraceCheckUtils]: 57: Hoare triple {8238#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L290 TraceCheckUtils]: 58: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8238#false} {8238#false} #1050#return; {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L272 TraceCheckUtils]: 60: Hoare triple {8238#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L290 TraceCheckUtils]: 61: Hoare triple {8238#false} ~handle := #in~handle;~value := #in~value; {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L290 TraceCheckUtils]: 62: Hoare triple {8238#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L290 TraceCheckUtils]: 63: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {8238#false} {8238#false} #1052#return; {8238#false} is VALID [2022-02-20 18:02:41,133 INFO L290 TraceCheckUtils]: 65: Hoare triple {8238#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {8238#false} is VALID [2022-02-20 18:02:41,134 INFO L290 TraceCheckUtils]: 66: Hoare triple {8238#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {8238#false} is VALID [2022-02-20 18:02:41,134 INFO L272 TraceCheckUtils]: 67: Hoare triple {8238#false} call outgoing(~sender#1, ~email~0#1); {8238#false} is VALID [2022-02-20 18:02:41,134 INFO L290 TraceCheckUtils]: 68: Hoare triple {8238#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {8238#false} is VALID [2022-02-20 18:02:41,134 INFO L272 TraceCheckUtils]: 69: Hoare triple {8238#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {8238#false} is VALID [2022-02-20 18:02:41,134 INFO L290 TraceCheckUtils]: 70: Hoare triple {8238#false} ~handle := #in~handle;havoc ~retValue_acc~36; {8238#false} is VALID [2022-02-20 18:02:41,134 INFO L290 TraceCheckUtils]: 71: Hoare triple {8238#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {8238#false} is VALID [2022-02-20 18:02:41,134 INFO L290 TraceCheckUtils]: 72: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,134 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {8238#false} {8238#false} #994#return; {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L290 TraceCheckUtils]: 74: Hoare triple {8238#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L290 TraceCheckUtils]: 75: Hoare triple {8238#false} assume 0 == sign_~privkey~1#1; {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L290 TraceCheckUtils]: 76: Hoare triple {8238#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L272 TraceCheckUtils]: 77: Hoare triple {8238#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L290 TraceCheckUtils]: 78: Hoare triple {8238#false} ~handle := #in~handle;havoc ~retValue_acc~9; {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L290 TraceCheckUtils]: 79: Hoare triple {8238#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L290 TraceCheckUtils]: 80: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {8238#false} {8238#false} #996#return; {8238#false} is VALID [2022-02-20 18:02:41,135 INFO L290 TraceCheckUtils]: 82: Hoare triple {8238#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L272 TraceCheckUtils]: 83: Hoare triple {8238#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L290 TraceCheckUtils]: 84: Hoare triple {8238#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L290 TraceCheckUtils]: 85: Hoare triple {8238#false} assume 1 == ~handle; {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L290 TraceCheckUtils]: 86: Hoare triple {8238#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L290 TraceCheckUtils]: 87: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {8238#false} {8238#false} #998#return; {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L290 TraceCheckUtils]: 89: Hoare triple {8238#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L290 TraceCheckUtils]: 90: Hoare triple {8238#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L290 TraceCheckUtils]: 91: Hoare triple {8238#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {8238#false} is VALID [2022-02-20 18:02:41,136 INFO L290 TraceCheckUtils]: 92: Hoare triple {8238#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L290 TraceCheckUtils]: 93: Hoare triple {8238#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L272 TraceCheckUtils]: 94: Hoare triple {8238#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L290 TraceCheckUtils]: 95: Hoare triple {8238#false} ~handle := #in~handle;~value := #in~value; {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L290 TraceCheckUtils]: 96: Hoare triple {8238#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L290 TraceCheckUtils]: 97: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8238#false} {8238#false} #1004#return; {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L290 TraceCheckUtils]: 99: Hoare triple {8238#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L272 TraceCheckUtils]: 100: Hoare triple {8238#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {8238#false} is VALID [2022-02-20 18:02:41,137 INFO L290 TraceCheckUtils]: 101: Hoare triple {8238#false} ~handle := #in~handle;havoc ~retValue_acc~9; {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L290 TraceCheckUtils]: 102: Hoare triple {8238#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L290 TraceCheckUtils]: 103: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {8238#false} {8238#false} #1006#return; {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L290 TraceCheckUtils]: 105: Hoare triple {8238#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L272 TraceCheckUtils]: 106: Hoare triple {8238#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L290 TraceCheckUtils]: 107: Hoare triple {8238#false} ~handle := #in~handle;havoc ~retValue_acc~36; {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L290 TraceCheckUtils]: 108: Hoare triple {8238#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L290 TraceCheckUtils]: 109: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,138 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {8238#false} {8238#false} #1008#return; {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L290 TraceCheckUtils]: 111: Hoare triple {8238#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L290 TraceCheckUtils]: 112: Hoare triple {8238#false} assume !(0 != incoming_~privkey~0#1); {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L290 TraceCheckUtils]: 113: Hoare triple {8238#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L272 TraceCheckUtils]: 114: Hoare triple {8238#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L290 TraceCheckUtils]: 115: Hoare triple {8238#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L272 TraceCheckUtils]: 116: Hoare triple {8238#false} call #t~ret88#1 := isEncrypted(~msg#1); {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L290 TraceCheckUtils]: 117: Hoare triple {8238#false} ~handle := #in~handle;havoc ~retValue_acc~12; {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L290 TraceCheckUtils]: 118: Hoare triple {8238#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {8238#false} is VALID [2022-02-20 18:02:41,139 INFO L290 TraceCheckUtils]: 119: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,140 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {8238#false} {8238#false} #1108#return; {8238#false} is VALID [2022-02-20 18:02:41,140 INFO L290 TraceCheckUtils]: 121: Hoare triple {8238#false} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {8238#false} is VALID [2022-02-20 18:02:41,140 INFO L290 TraceCheckUtils]: 122: Hoare triple {8238#false} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {8238#false} is VALID [2022-02-20 18:02:41,140 INFO L290 TraceCheckUtils]: 123: Hoare triple {8238#false} assume true; {8238#false} is VALID [2022-02-20 18:02:41,140 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {8238#false} {8238#false} #1020#return; {8238#false} is VALID [2022-02-20 18:02:41,140 INFO L290 TraceCheckUtils]: 125: Hoare triple {8238#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {8238#false} is VALID [2022-02-20 18:02:41,140 INFO L290 TraceCheckUtils]: 126: Hoare triple {8238#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {8238#false} is VALID [2022-02-20 18:02:41,140 INFO L290 TraceCheckUtils]: 127: Hoare triple {8238#false} assume !false; {8238#false} is VALID [2022-02-20 18:02:41,141 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 19 trivial. 0 not checked. [2022-02-20 18:02:41,141 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:41,141 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1549145731] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:41,141 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:41,141 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:02:41,142 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [281868336] [2022-02-20 18:02:41,142 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:41,142 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 20.25) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 128 [2022-02-20 18:02:41,143 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:41,143 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 20.25) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:41,219 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:41,219 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:41,219 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:41,220 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:41,220 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:02:41,221 INFO L87 Difference]: Start difference. First operand 410 states and 615 transitions. Second operand has 5 states, 4 states have (on average 20.25) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:42,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:42,142 INFO L93 Difference]: Finished difference Result 811 states and 1220 transitions. [2022-02-20 18:02:42,142 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:02:42,143 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 20.25) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 128 [2022-02-20 18:02:42,143 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:42,143 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 20.25) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:42,152 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1048 transitions. [2022-02-20 18:02:42,153 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 20.25) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:42,161 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1048 transitions. [2022-02-20 18:02:42,162 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1048 transitions. [2022-02-20 18:02:42,856 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1048 edges. 1048 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:42,871 INFO L225 Difference]: With dead ends: 811 [2022-02-20 18:02:42,871 INFO L226 Difference]: Without dead ends: 412 [2022-02-20 18:02:42,875 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 164 GetRequests, 153 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:02:42,876 INFO L933 BasicCegarLoop]: 520 mSDtfsCounter, 125 mSDsluCounter, 1416 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 145 SdHoareTripleChecker+Valid, 1936 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:42,876 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [145 Valid, 1936 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:42,877 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 412 states. [2022-02-20 18:02:42,948 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 412 to 412. [2022-02-20 18:02:42,948 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:42,949 INFO L82 GeneralOperation]: Start isEquivalent. First operand 412 states. Second operand has 412 states, 318 states have (on average 1.5062893081761006) internal successors, (479), 322 states have internal predecessors, (479), 69 states have call successors, (69), 23 states have call predecessors, (69), 24 states have return successors, (70), 68 states have call predecessors, (70), 68 states have call successors, (70) [2022-02-20 18:02:42,950 INFO L74 IsIncluded]: Start isIncluded. First operand 412 states. Second operand has 412 states, 318 states have (on average 1.5062893081761006) internal successors, (479), 322 states have internal predecessors, (479), 69 states have call successors, (69), 23 states have call predecessors, (69), 24 states have return successors, (70), 68 states have call predecessors, (70), 68 states have call successors, (70) [2022-02-20 18:02:42,951 INFO L87 Difference]: Start difference. First operand 412 states. Second operand has 412 states, 318 states have (on average 1.5062893081761006) internal successors, (479), 322 states have internal predecessors, (479), 69 states have call successors, (69), 23 states have call predecessors, (69), 24 states have return successors, (70), 68 states have call predecessors, (70), 68 states have call successors, (70) [2022-02-20 18:02:42,967 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:42,968 INFO L93 Difference]: Finished difference Result 412 states and 618 transitions. [2022-02-20 18:02:42,968 INFO L276 IsEmpty]: Start isEmpty. Operand 412 states and 618 transitions. [2022-02-20 18:02:42,969 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:42,970 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:42,971 INFO L74 IsIncluded]: Start isIncluded. First operand has 412 states, 318 states have (on average 1.5062893081761006) internal successors, (479), 322 states have internal predecessors, (479), 69 states have call successors, (69), 23 states have call predecessors, (69), 24 states have return successors, (70), 68 states have call predecessors, (70), 68 states have call successors, (70) Second operand 412 states. [2022-02-20 18:02:42,973 INFO L87 Difference]: Start difference. First operand has 412 states, 318 states have (on average 1.5062893081761006) internal successors, (479), 322 states have internal predecessors, (479), 69 states have call successors, (69), 23 states have call predecessors, (69), 24 states have return successors, (70), 68 states have call predecessors, (70), 68 states have call successors, (70) Second operand 412 states. [2022-02-20 18:02:42,988 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:42,988 INFO L93 Difference]: Finished difference Result 412 states and 618 transitions. [2022-02-20 18:02:42,988 INFO L276 IsEmpty]: Start isEmpty. Operand 412 states and 618 transitions. [2022-02-20 18:02:42,990 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:42,990 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:42,990 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:42,990 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:42,991 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 412 states, 318 states have (on average 1.5062893081761006) internal successors, (479), 322 states have internal predecessors, (479), 69 states have call successors, (69), 23 states have call predecessors, (69), 24 states have return successors, (70), 68 states have call predecessors, (70), 68 states have call successors, (70) [2022-02-20 18:02:43,008 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 412 states to 412 states and 618 transitions. [2022-02-20 18:02:43,008 INFO L78 Accepts]: Start accepts. Automaton has 412 states and 618 transitions. Word has length 128 [2022-02-20 18:02:43,009 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:43,009 INFO L470 AbstractCegarLoop]: Abstraction has 412 states and 618 transitions. [2022-02-20 18:02:43,009 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 20.25) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:43,009 INFO L276 IsEmpty]: Start isEmpty. Operand 412 states and 618 transitions. [2022-02-20 18:02:43,011 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 130 [2022-02-20 18:02:43,011 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:43,011 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:43,041 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:43,231 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:43,231 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:43,232 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:43,232 INFO L85 PathProgramCache]: Analyzing trace with hash -580569720, now seen corresponding path program 1 times [2022-02-20 18:02:43,232 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:43,232 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1910434234] [2022-02-20 18:02:43,232 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:43,232 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:43,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:43,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,313 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,313 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11263#true} #1064#return; {11263#true} is VALID [2022-02-20 18:02:43,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:43,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,323 INFO L290 TraceCheckUtils]: 0: Hoare triple {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,323 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,323 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,323 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11263#true} #1066#return; {11263#true} is VALID [2022-02-20 18:02:43,324 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:43,327 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,343 INFO L290 TraceCheckUtils]: 0: Hoare triple {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11337#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {11337#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11337#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,344 INFO L290 TraceCheckUtils]: 2: Hoare triple {11337#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11338#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,344 INFO L290 TraceCheckUtils]: 3: Hoare triple {11338#(= 2 |setClientId_#in~handle|)} assume true; {11338#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,345 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11338#(= 2 |setClientId_#in~handle|)} {11273#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1068#return; {11279#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:43,345 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:43,349 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,365 INFO L290 TraceCheckUtils]: 0: Hoare triple {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11339#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:43,365 INFO L290 TraceCheckUtils]: 1: Hoare triple {11339#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11340#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:43,365 INFO L290 TraceCheckUtils]: 2: Hoare triple {11340#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11340#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:43,366 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11340#(= |setClientPrivateKey_#in~handle| 1)} {11279#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1070#return; {11264#false} is VALID [2022-02-20 18:02:43,366 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:02:43,368 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,371 INFO L290 TraceCheckUtils]: 0: Hoare triple {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,371 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,371 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,371 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #1072#return; {11264#false} is VALID [2022-02-20 18:02:43,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:02:43,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,378 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,378 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #1074#return; {11264#false} is VALID [2022-02-20 18:02:43,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:02:43,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,392 INFO L290 TraceCheckUtils]: 0: Hoare triple {11341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,393 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,393 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,393 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #1050#return; {11264#false} is VALID [2022-02-20 18:02:43,401 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:02:43,403 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {11342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,406 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,406 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #1052#return; {11264#false} is VALID [2022-02-20 18:02:43,407 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:02:43,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,412 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11263#true} is VALID [2022-02-20 18:02:43,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {11263#true} is VALID [2022-02-20 18:02:43,413 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,413 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #994#return; {11264#false} is VALID [2022-02-20 18:02:43,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 18:02:43,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11263#true} is VALID [2022-02-20 18:02:43,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {11263#true} is VALID [2022-02-20 18:02:43,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,417 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #996#return; {11264#false} is VALID [2022-02-20 18:02:43,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:02:43,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,420 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {11263#true} is VALID [2022-02-20 18:02:43,420 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle; {11263#true} is VALID [2022-02-20 18:02:43,421 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {11263#true} is VALID [2022-02-20 18:02:43,421 INFO L290 TraceCheckUtils]: 3: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,421 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11263#true} {11264#false} #998#return; {11264#false} is VALID [2022-02-20 18:02:43,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:02:43,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,427 INFO L290 TraceCheckUtils]: 0: Hoare triple {11341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,428 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,428 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,428 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #1004#return; {11264#false} is VALID [2022-02-20 18:02:43,428 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:02:43,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,434 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11263#true} is VALID [2022-02-20 18:02:43,435 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {11263#true} is VALID [2022-02-20 18:02:43,435 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,435 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #1006#return; {11264#false} is VALID [2022-02-20 18:02:43,435 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 18:02:43,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,438 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11263#true} is VALID [2022-02-20 18:02:43,439 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {11263#true} is VALID [2022-02-20 18:02:43,439 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,439 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11264#false} #1008#return; {11264#false} is VALID [2022-02-20 18:02:43,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 18:02:43,442 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,445 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:43,446 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,448 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~12; {11263#true} is VALID [2022-02-20 18:02:43,448 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {11263#true} is VALID [2022-02-20 18:02:43,448 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,448 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11263#true} {11263#true} #1108#return; {11263#true} is VALID [2022-02-20 18:02:43,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {11263#true} is VALID [2022-02-20 18:02:43,449 INFO L272 TraceCheckUtils]: 1: Hoare triple {11263#true} call #t~ret88#1 := isEncrypted(~msg#1); {11263#true} is VALID [2022-02-20 18:02:43,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~12; {11263#true} is VALID [2022-02-20 18:02:43,449 INFO L290 TraceCheckUtils]: 3: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {11263#true} is VALID [2022-02-20 18:02:43,449 INFO L290 TraceCheckUtils]: 4: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,449 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {11263#true} {11263#true} #1108#return; {11263#true} is VALID [2022-02-20 18:02:43,449 INFO L290 TraceCheckUtils]: 6: Hoare triple {11263#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {11263#true} is VALID [2022-02-20 18:02:43,450 INFO L290 TraceCheckUtils]: 7: Hoare triple {11263#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {11263#true} is VALID [2022-02-20 18:02:43,450 INFO L290 TraceCheckUtils]: 8: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,450 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {11263#true} {11264#false} #1020#return; {11264#false} is VALID [2022-02-20 18:02:43,450 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11263#true} is VALID [2022-02-20 18:02:43,450 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {11263#true} is VALID [2022-02-20 18:02:43,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11263#true} is VALID [2022-02-20 18:02:43,450 INFO L290 TraceCheckUtils]: 3: Hoare triple {11263#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {11263#true} is VALID [2022-02-20 18:02:43,451 INFO L290 TraceCheckUtils]: 4: Hoare triple {11263#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {11263#true} is VALID [2022-02-20 18:02:43,451 INFO L290 TraceCheckUtils]: 5: Hoare triple {11263#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11263#true} is VALID [2022-02-20 18:02:43,452 INFO L272 TraceCheckUtils]: 6: Hoare triple {11263#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,452 INFO L290 TraceCheckUtils]: 7: Hoare triple {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,452 INFO L290 TraceCheckUtils]: 8: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,452 INFO L290 TraceCheckUtils]: 9: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,452 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11263#true} {11263#true} #1064#return; {11263#true} is VALID [2022-02-20 18:02:43,452 INFO L290 TraceCheckUtils]: 11: Hoare triple {11263#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11263#true} is VALID [2022-02-20 18:02:43,453 INFO L272 TraceCheckUtils]: 12: Hoare triple {11263#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,453 INFO L290 TraceCheckUtils]: 13: Hoare triple {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,453 INFO L290 TraceCheckUtils]: 14: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,453 INFO L290 TraceCheckUtils]: 15: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,453 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11263#true} {11263#true} #1066#return; {11263#true} is VALID [2022-02-20 18:02:43,454 INFO L290 TraceCheckUtils]: 17: Hoare triple {11263#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11273#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:02:43,455 INFO L272 TraceCheckUtils]: 18: Hoare triple {11273#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,455 INFO L290 TraceCheckUtils]: 19: Hoare triple {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11337#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,455 INFO L290 TraceCheckUtils]: 20: Hoare triple {11337#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11337#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,456 INFO L290 TraceCheckUtils]: 21: Hoare triple {11337#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11338#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,456 INFO L290 TraceCheckUtils]: 22: Hoare triple {11338#(= 2 |setClientId_#in~handle|)} assume true; {11338#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:43,457 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11338#(= 2 |setClientId_#in~handle|)} {11273#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1068#return; {11279#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:43,457 INFO L290 TraceCheckUtils]: 24: Hoare triple {11279#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11279#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:02:43,458 INFO L272 TraceCheckUtils]: 25: Hoare triple {11279#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,458 INFO L290 TraceCheckUtils]: 26: Hoare triple {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11339#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:02:43,458 INFO L290 TraceCheckUtils]: 27: Hoare triple {11339#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11340#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:43,459 INFO L290 TraceCheckUtils]: 28: Hoare triple {11340#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11340#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:43,459 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11340#(= |setClientPrivateKey_#in~handle| 1)} {11279#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1070#return; {11264#false} is VALID [2022-02-20 18:02:43,459 INFO L290 TraceCheckUtils]: 30: Hoare triple {11264#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11264#false} is VALID [2022-02-20 18:02:43,459 INFO L272 TraceCheckUtils]: 31: Hoare triple {11264#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:43,459 INFO L290 TraceCheckUtils]: 32: Hoare triple {11335#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,460 INFO L290 TraceCheckUtils]: 33: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,460 INFO L290 TraceCheckUtils]: 34: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,460 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11263#true} {11264#false} #1072#return; {11264#false} is VALID [2022-02-20 18:02:43,460 INFO L290 TraceCheckUtils]: 36: Hoare triple {11264#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11264#false} is VALID [2022-02-20 18:02:43,460 INFO L272 TraceCheckUtils]: 37: Hoare triple {11264#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:43,460 INFO L290 TraceCheckUtils]: 38: Hoare triple {11336#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,460 INFO L290 TraceCheckUtils]: 39: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,461 INFO L290 TraceCheckUtils]: 40: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,461 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11263#true} {11264#false} #1074#return; {11264#false} is VALID [2022-02-20 18:02:43,461 INFO L290 TraceCheckUtils]: 42: Hoare triple {11264#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {11264#false} is VALID [2022-02-20 18:02:43,461 INFO L290 TraceCheckUtils]: 43: Hoare triple {11264#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11264#false} is VALID [2022-02-20 18:02:43,461 INFO L290 TraceCheckUtils]: 44: Hoare triple {11264#false} assume !false; {11264#false} is VALID [2022-02-20 18:02:43,461 INFO L290 TraceCheckUtils]: 45: Hoare triple {11264#false} assume test_~splverifierCounter~0#1 < 4; {11264#false} is VALID [2022-02-20 18:02:43,461 INFO L290 TraceCheckUtils]: 46: Hoare triple {11264#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11264#false} is VALID [2022-02-20 18:02:43,462 INFO L290 TraceCheckUtils]: 47: Hoare triple {11264#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet94#1 && test_#t~nondet94#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet94#1;havoc test_#t~nondet94#1; {11264#false} is VALID [2022-02-20 18:02:43,462 INFO L290 TraceCheckUtils]: 48: Hoare triple {11264#false} assume !(0 != test_~tmp___9~0#1); {11264#false} is VALID [2022-02-20 18:02:43,462 INFO L290 TraceCheckUtils]: 49: Hoare triple {11264#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {11264#false} is VALID [2022-02-20 18:02:43,462 INFO L290 TraceCheckUtils]: 50: Hoare triple {11264#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11264#false} is VALID [2022-02-20 18:02:43,462 INFO L290 TraceCheckUtils]: 51: Hoare triple {11264#false} assume !false; {11264#false} is VALID [2022-02-20 18:02:43,462 INFO L290 TraceCheckUtils]: 52: Hoare triple {11264#false} assume !(test_~splverifierCounter~0#1 < 4); {11264#false} is VALID [2022-02-20 18:02:43,462 INFO L290 TraceCheckUtils]: 53: Hoare triple {11264#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {11264#false} is VALID [2022-02-20 18:02:43,462 INFO L272 TraceCheckUtils]: 54: Hoare triple {11264#false} call sendEmail(~bob~0, ~rjh~0); {11264#false} is VALID [2022-02-20 18:02:43,463 INFO L290 TraceCheckUtils]: 55: Hoare triple {11264#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11264#false} is VALID [2022-02-20 18:02:43,463 INFO L272 TraceCheckUtils]: 56: Hoare triple {11264#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:43,463 INFO L290 TraceCheckUtils]: 57: Hoare triple {11341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,463 INFO L290 TraceCheckUtils]: 58: Hoare triple {11263#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,463 INFO L290 TraceCheckUtils]: 59: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,463 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {11263#true} {11264#false} #1050#return; {11264#false} is VALID [2022-02-20 18:02:43,463 INFO L272 TraceCheckUtils]: 61: Hoare triple {11264#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:43,464 INFO L290 TraceCheckUtils]: 62: Hoare triple {11342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,464 INFO L290 TraceCheckUtils]: 63: Hoare triple {11263#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,464 INFO L290 TraceCheckUtils]: 64: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,464 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {11263#true} {11264#false} #1052#return; {11264#false} is VALID [2022-02-20 18:02:43,464 INFO L290 TraceCheckUtils]: 66: Hoare triple {11264#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {11264#false} is VALID [2022-02-20 18:02:43,464 INFO L290 TraceCheckUtils]: 67: Hoare triple {11264#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {11264#false} is VALID [2022-02-20 18:02:43,464 INFO L272 TraceCheckUtils]: 68: Hoare triple {11264#false} call outgoing(~sender#1, ~email~0#1); {11264#false} is VALID [2022-02-20 18:02:43,464 INFO L290 TraceCheckUtils]: 69: Hoare triple {11264#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {11264#false} is VALID [2022-02-20 18:02:43,465 INFO L272 TraceCheckUtils]: 70: Hoare triple {11264#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {11263#true} is VALID [2022-02-20 18:02:43,465 INFO L290 TraceCheckUtils]: 71: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11263#true} is VALID [2022-02-20 18:02:43,465 INFO L290 TraceCheckUtils]: 72: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {11263#true} is VALID [2022-02-20 18:02:43,465 INFO L290 TraceCheckUtils]: 73: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,465 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {11263#true} {11264#false} #994#return; {11264#false} is VALID [2022-02-20 18:02:43,465 INFO L290 TraceCheckUtils]: 75: Hoare triple {11264#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {11264#false} is VALID [2022-02-20 18:02:43,465 INFO L290 TraceCheckUtils]: 76: Hoare triple {11264#false} assume 0 == sign_~privkey~1#1; {11264#false} is VALID [2022-02-20 18:02:43,466 INFO L290 TraceCheckUtils]: 77: Hoare triple {11264#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {11264#false} is VALID [2022-02-20 18:02:43,466 INFO L272 TraceCheckUtils]: 78: Hoare triple {11264#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {11263#true} is VALID [2022-02-20 18:02:43,466 INFO L290 TraceCheckUtils]: 79: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11263#true} is VALID [2022-02-20 18:02:43,466 INFO L290 TraceCheckUtils]: 80: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {11263#true} is VALID [2022-02-20 18:02:43,466 INFO L290 TraceCheckUtils]: 81: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,466 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {11263#true} {11264#false} #996#return; {11264#false} is VALID [2022-02-20 18:02:43,466 INFO L290 TraceCheckUtils]: 83: Hoare triple {11264#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {11264#false} is VALID [2022-02-20 18:02:43,466 INFO L272 TraceCheckUtils]: 84: Hoare triple {11264#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {11263#true} is VALID [2022-02-20 18:02:43,467 INFO L290 TraceCheckUtils]: 85: Hoare triple {11263#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {11263#true} is VALID [2022-02-20 18:02:43,467 INFO L290 TraceCheckUtils]: 86: Hoare triple {11263#true} assume 1 == ~handle; {11263#true} is VALID [2022-02-20 18:02:43,467 INFO L290 TraceCheckUtils]: 87: Hoare triple {11263#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {11263#true} is VALID [2022-02-20 18:02:43,467 INFO L290 TraceCheckUtils]: 88: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,467 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {11263#true} {11264#false} #998#return; {11264#false} is VALID [2022-02-20 18:02:43,467 INFO L290 TraceCheckUtils]: 90: Hoare triple {11264#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {11264#false} is VALID [2022-02-20 18:02:43,467 INFO L290 TraceCheckUtils]: 91: Hoare triple {11264#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {11264#false} is VALID [2022-02-20 18:02:43,468 INFO L290 TraceCheckUtils]: 92: Hoare triple {11264#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {11264#false} is VALID [2022-02-20 18:02:43,468 INFO L290 TraceCheckUtils]: 93: Hoare triple {11264#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {11264#false} is VALID [2022-02-20 18:02:43,468 INFO L290 TraceCheckUtils]: 94: Hoare triple {11264#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {11264#false} is VALID [2022-02-20 18:02:43,468 INFO L272 TraceCheckUtils]: 95: Hoare triple {11264#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {11341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:43,468 INFO L290 TraceCheckUtils]: 96: Hoare triple {11341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:43,468 INFO L290 TraceCheckUtils]: 97: Hoare triple {11263#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:43,468 INFO L290 TraceCheckUtils]: 98: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,468 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11263#true} {11264#false} #1004#return; {11264#false} is VALID [2022-02-20 18:02:43,469 INFO L290 TraceCheckUtils]: 100: Hoare triple {11264#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {11264#false} is VALID [2022-02-20 18:02:43,469 INFO L272 TraceCheckUtils]: 101: Hoare triple {11264#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {11263#true} is VALID [2022-02-20 18:02:43,469 INFO L290 TraceCheckUtils]: 102: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11263#true} is VALID [2022-02-20 18:02:43,469 INFO L290 TraceCheckUtils]: 103: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {11263#true} is VALID [2022-02-20 18:02:43,469 INFO L290 TraceCheckUtils]: 104: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,469 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {11263#true} {11264#false} #1006#return; {11264#false} is VALID [2022-02-20 18:02:43,469 INFO L290 TraceCheckUtils]: 106: Hoare triple {11264#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {11264#false} is VALID [2022-02-20 18:02:43,470 INFO L272 TraceCheckUtils]: 107: Hoare triple {11264#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {11263#true} is VALID [2022-02-20 18:02:43,470 INFO L290 TraceCheckUtils]: 108: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11263#true} is VALID [2022-02-20 18:02:43,470 INFO L290 TraceCheckUtils]: 109: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {11263#true} is VALID [2022-02-20 18:02:43,470 INFO L290 TraceCheckUtils]: 110: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,470 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {11263#true} {11264#false} #1008#return; {11264#false} is VALID [2022-02-20 18:02:43,470 INFO L290 TraceCheckUtils]: 112: Hoare triple {11264#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {11264#false} is VALID [2022-02-20 18:02:43,470 INFO L290 TraceCheckUtils]: 113: Hoare triple {11264#false} assume !(0 != incoming_~privkey~0#1); {11264#false} is VALID [2022-02-20 18:02:43,470 INFO L290 TraceCheckUtils]: 114: Hoare triple {11264#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {11264#false} is VALID [2022-02-20 18:02:43,471 INFO L272 TraceCheckUtils]: 115: Hoare triple {11264#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {11263#true} is VALID [2022-02-20 18:02:43,471 INFO L290 TraceCheckUtils]: 116: Hoare triple {11263#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {11263#true} is VALID [2022-02-20 18:02:43,471 INFO L272 TraceCheckUtils]: 117: Hoare triple {11263#true} call #t~ret88#1 := isEncrypted(~msg#1); {11263#true} is VALID [2022-02-20 18:02:43,471 INFO L290 TraceCheckUtils]: 118: Hoare triple {11263#true} ~handle := #in~handle;havoc ~retValue_acc~12; {11263#true} is VALID [2022-02-20 18:02:43,471 INFO L290 TraceCheckUtils]: 119: Hoare triple {11263#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {11263#true} is VALID [2022-02-20 18:02:43,471 INFO L290 TraceCheckUtils]: 120: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,471 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {11263#true} {11263#true} #1108#return; {11263#true} is VALID [2022-02-20 18:02:43,472 INFO L290 TraceCheckUtils]: 122: Hoare triple {11263#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {11263#true} is VALID [2022-02-20 18:02:43,472 INFO L290 TraceCheckUtils]: 123: Hoare triple {11263#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {11263#true} is VALID [2022-02-20 18:02:43,472 INFO L290 TraceCheckUtils]: 124: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:43,472 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {11263#true} {11264#false} #1020#return; {11264#false} is VALID [2022-02-20 18:02:43,472 INFO L290 TraceCheckUtils]: 126: Hoare triple {11264#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {11264#false} is VALID [2022-02-20 18:02:43,472 INFO L290 TraceCheckUtils]: 127: Hoare triple {11264#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {11264#false} is VALID [2022-02-20 18:02:43,472 INFO L290 TraceCheckUtils]: 128: Hoare triple {11264#false} assume !false; {11264#false} is VALID [2022-02-20 18:02:43,473 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:02:43,473 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:43,473 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1910434234] [2022-02-20 18:02:43,473 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1910434234] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:02:43,473 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2006494299] [2022-02-20 18:02:43,474 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:43,474 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:43,474 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:02:43,487 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:02:43,488 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:02:43,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,757 INFO L263 TraceCheckSpWp]: Trace formula consists of 1138 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:02:43,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:43,802 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:02:44,069 INFO L290 TraceCheckUtils]: 0: Hoare triple {11263#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11263#true} is VALID [2022-02-20 18:02:44,069 INFO L290 TraceCheckUtils]: 1: Hoare triple {11263#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {11263#true} is VALID [2022-02-20 18:02:44,069 INFO L290 TraceCheckUtils]: 2: Hoare triple {11263#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11263#true} is VALID [2022-02-20 18:02:44,069 INFO L290 TraceCheckUtils]: 3: Hoare triple {11263#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {11263#true} is VALID [2022-02-20 18:02:44,070 INFO L290 TraceCheckUtils]: 4: Hoare triple {11263#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {11263#true} is VALID [2022-02-20 18:02:44,070 INFO L290 TraceCheckUtils]: 5: Hoare triple {11263#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11263#true} is VALID [2022-02-20 18:02:44,070 INFO L272 TraceCheckUtils]: 6: Hoare triple {11263#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11263#true} is VALID [2022-02-20 18:02:44,070 INFO L290 TraceCheckUtils]: 7: Hoare triple {11263#true} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:44,070 INFO L290 TraceCheckUtils]: 8: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:44,070 INFO L290 TraceCheckUtils]: 9: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:44,070 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11263#true} {11263#true} #1064#return; {11263#true} is VALID [2022-02-20 18:02:44,071 INFO L290 TraceCheckUtils]: 11: Hoare triple {11263#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11263#true} is VALID [2022-02-20 18:02:44,071 INFO L272 TraceCheckUtils]: 12: Hoare triple {11263#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11263#true} is VALID [2022-02-20 18:02:44,071 INFO L290 TraceCheckUtils]: 13: Hoare triple {11263#true} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:44,071 INFO L290 TraceCheckUtils]: 14: Hoare triple {11263#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:44,071 INFO L290 TraceCheckUtils]: 15: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:44,071 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11263#true} {11263#true} #1066#return; {11263#true} is VALID [2022-02-20 18:02:44,072 INFO L290 TraceCheckUtils]: 17: Hoare triple {11263#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11401#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:44,072 INFO L272 TraceCheckUtils]: 18: Hoare triple {11401#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11263#true} is VALID [2022-02-20 18:02:44,072 INFO L290 TraceCheckUtils]: 19: Hoare triple {11263#true} ~handle := #in~handle;~value := #in~value; {11263#true} is VALID [2022-02-20 18:02:44,072 INFO L290 TraceCheckUtils]: 20: Hoare triple {11263#true} assume !(1 == ~handle); {11263#true} is VALID [2022-02-20 18:02:44,073 INFO L290 TraceCheckUtils]: 21: Hoare triple {11263#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11263#true} is VALID [2022-02-20 18:02:44,073 INFO L290 TraceCheckUtils]: 22: Hoare triple {11263#true} assume true; {11263#true} is VALID [2022-02-20 18:02:44,073 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11263#true} {11401#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1068#return; {11401#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:44,074 INFO L290 TraceCheckUtils]: 24: Hoare triple {11401#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11401#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:02:44,074 INFO L272 TraceCheckUtils]: 25: Hoare triple {11401#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11263#true} is VALID [2022-02-20 18:02:44,074 INFO L290 TraceCheckUtils]: 26: Hoare triple {11263#true} ~handle := #in~handle;~value := #in~value; {11429#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:02:44,074 INFO L290 TraceCheckUtils]: 27: Hoare triple {11429#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11433#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:44,075 INFO L290 TraceCheckUtils]: 28: Hoare triple {11433#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11433#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:02:44,075 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11433#(<= |setClientPrivateKey_#in~handle| 1)} {11401#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1070#return; {11264#false} is VALID [2022-02-20 18:02:44,076 INFO L290 TraceCheckUtils]: 30: Hoare triple {11264#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11264#false} is VALID [2022-02-20 18:02:44,076 INFO L272 TraceCheckUtils]: 31: Hoare triple {11264#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11264#false} is VALID [2022-02-20 18:02:44,076 INFO L290 TraceCheckUtils]: 32: Hoare triple {11264#false} ~handle := #in~handle;~value := #in~value; {11264#false} is VALID [2022-02-20 18:02:44,076 INFO L290 TraceCheckUtils]: 33: Hoare triple {11264#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11264#false} is VALID [2022-02-20 18:02:44,076 INFO L290 TraceCheckUtils]: 34: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,076 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11264#false} {11264#false} #1072#return; {11264#false} is VALID [2022-02-20 18:02:44,076 INFO L290 TraceCheckUtils]: 36: Hoare triple {11264#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11264#false} is VALID [2022-02-20 18:02:44,077 INFO L272 TraceCheckUtils]: 37: Hoare triple {11264#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11264#false} is VALID [2022-02-20 18:02:44,077 INFO L290 TraceCheckUtils]: 38: Hoare triple {11264#false} ~handle := #in~handle;~value := #in~value; {11264#false} is VALID [2022-02-20 18:02:44,077 INFO L290 TraceCheckUtils]: 39: Hoare triple {11264#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11264#false} is VALID [2022-02-20 18:02:44,077 INFO L290 TraceCheckUtils]: 40: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,077 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11264#false} {11264#false} #1074#return; {11264#false} is VALID [2022-02-20 18:02:44,077 INFO L290 TraceCheckUtils]: 42: Hoare triple {11264#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {11264#false} is VALID [2022-02-20 18:02:44,077 INFO L290 TraceCheckUtils]: 43: Hoare triple {11264#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11264#false} is VALID [2022-02-20 18:02:44,078 INFO L290 TraceCheckUtils]: 44: Hoare triple {11264#false} assume !false; {11264#false} is VALID [2022-02-20 18:02:44,078 INFO L290 TraceCheckUtils]: 45: Hoare triple {11264#false} assume test_~splverifierCounter~0#1 < 4; {11264#false} is VALID [2022-02-20 18:02:44,078 INFO L290 TraceCheckUtils]: 46: Hoare triple {11264#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11264#false} is VALID [2022-02-20 18:02:44,078 INFO L290 TraceCheckUtils]: 47: Hoare triple {11264#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet94#1 && test_#t~nondet94#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet94#1;havoc test_#t~nondet94#1; {11264#false} is VALID [2022-02-20 18:02:44,078 INFO L290 TraceCheckUtils]: 48: Hoare triple {11264#false} assume !(0 != test_~tmp___9~0#1); {11264#false} is VALID [2022-02-20 18:02:44,078 INFO L290 TraceCheckUtils]: 49: Hoare triple {11264#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {11264#false} is VALID [2022-02-20 18:02:44,078 INFO L290 TraceCheckUtils]: 50: Hoare triple {11264#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11264#false} is VALID [2022-02-20 18:02:44,078 INFO L290 TraceCheckUtils]: 51: Hoare triple {11264#false} assume !false; {11264#false} is VALID [2022-02-20 18:02:44,079 INFO L290 TraceCheckUtils]: 52: Hoare triple {11264#false} assume !(test_~splverifierCounter~0#1 < 4); {11264#false} is VALID [2022-02-20 18:02:44,079 INFO L290 TraceCheckUtils]: 53: Hoare triple {11264#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {11264#false} is VALID [2022-02-20 18:02:44,079 INFO L272 TraceCheckUtils]: 54: Hoare triple {11264#false} call sendEmail(~bob~0, ~rjh~0); {11264#false} is VALID [2022-02-20 18:02:44,079 INFO L290 TraceCheckUtils]: 55: Hoare triple {11264#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11264#false} is VALID [2022-02-20 18:02:44,079 INFO L272 TraceCheckUtils]: 56: Hoare triple {11264#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11264#false} is VALID [2022-02-20 18:02:44,079 INFO L290 TraceCheckUtils]: 57: Hoare triple {11264#false} ~handle := #in~handle;~value := #in~value; {11264#false} is VALID [2022-02-20 18:02:44,079 INFO L290 TraceCheckUtils]: 58: Hoare triple {11264#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11264#false} is VALID [2022-02-20 18:02:44,080 INFO L290 TraceCheckUtils]: 59: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,080 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {11264#false} {11264#false} #1050#return; {11264#false} is VALID [2022-02-20 18:02:44,080 INFO L272 TraceCheckUtils]: 61: Hoare triple {11264#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11264#false} is VALID [2022-02-20 18:02:44,080 INFO L290 TraceCheckUtils]: 62: Hoare triple {11264#false} ~handle := #in~handle;~value := #in~value; {11264#false} is VALID [2022-02-20 18:02:44,080 INFO L290 TraceCheckUtils]: 63: Hoare triple {11264#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11264#false} is VALID [2022-02-20 18:02:44,080 INFO L290 TraceCheckUtils]: 64: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,080 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {11264#false} {11264#false} #1052#return; {11264#false} is VALID [2022-02-20 18:02:44,081 INFO L290 TraceCheckUtils]: 66: Hoare triple {11264#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {11264#false} is VALID [2022-02-20 18:02:44,081 INFO L290 TraceCheckUtils]: 67: Hoare triple {11264#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {11264#false} is VALID [2022-02-20 18:02:44,081 INFO L272 TraceCheckUtils]: 68: Hoare triple {11264#false} call outgoing(~sender#1, ~email~0#1); {11264#false} is VALID [2022-02-20 18:02:44,081 INFO L290 TraceCheckUtils]: 69: Hoare triple {11264#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {11264#false} is VALID [2022-02-20 18:02:44,081 INFO L272 TraceCheckUtils]: 70: Hoare triple {11264#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {11264#false} is VALID [2022-02-20 18:02:44,081 INFO L290 TraceCheckUtils]: 71: Hoare triple {11264#false} ~handle := #in~handle;havoc ~retValue_acc~36; {11264#false} is VALID [2022-02-20 18:02:44,081 INFO L290 TraceCheckUtils]: 72: Hoare triple {11264#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {11264#false} is VALID [2022-02-20 18:02:44,081 INFO L290 TraceCheckUtils]: 73: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,082 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {11264#false} {11264#false} #994#return; {11264#false} is VALID [2022-02-20 18:02:44,082 INFO L290 TraceCheckUtils]: 75: Hoare triple {11264#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {11264#false} is VALID [2022-02-20 18:02:44,082 INFO L290 TraceCheckUtils]: 76: Hoare triple {11264#false} assume 0 == sign_~privkey~1#1; {11264#false} is VALID [2022-02-20 18:02:44,082 INFO L290 TraceCheckUtils]: 77: Hoare triple {11264#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {11264#false} is VALID [2022-02-20 18:02:44,082 INFO L272 TraceCheckUtils]: 78: Hoare triple {11264#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {11264#false} is VALID [2022-02-20 18:02:44,082 INFO L290 TraceCheckUtils]: 79: Hoare triple {11264#false} ~handle := #in~handle;havoc ~retValue_acc~9; {11264#false} is VALID [2022-02-20 18:02:44,082 INFO L290 TraceCheckUtils]: 80: Hoare triple {11264#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {11264#false} is VALID [2022-02-20 18:02:44,083 INFO L290 TraceCheckUtils]: 81: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,083 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {11264#false} {11264#false} #996#return; {11264#false} is VALID [2022-02-20 18:02:44,083 INFO L290 TraceCheckUtils]: 83: Hoare triple {11264#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {11264#false} is VALID [2022-02-20 18:02:44,083 INFO L272 TraceCheckUtils]: 84: Hoare triple {11264#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {11264#false} is VALID [2022-02-20 18:02:44,083 INFO L290 TraceCheckUtils]: 85: Hoare triple {11264#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {11264#false} is VALID [2022-02-20 18:02:44,083 INFO L290 TraceCheckUtils]: 86: Hoare triple {11264#false} assume 1 == ~handle; {11264#false} is VALID [2022-02-20 18:02:44,083 INFO L290 TraceCheckUtils]: 87: Hoare triple {11264#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {11264#false} is VALID [2022-02-20 18:02:44,084 INFO L290 TraceCheckUtils]: 88: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,084 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {11264#false} {11264#false} #998#return; {11264#false} is VALID [2022-02-20 18:02:44,084 INFO L290 TraceCheckUtils]: 90: Hoare triple {11264#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {11264#false} is VALID [2022-02-20 18:02:44,084 INFO L290 TraceCheckUtils]: 91: Hoare triple {11264#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {11264#false} is VALID [2022-02-20 18:02:44,084 INFO L290 TraceCheckUtils]: 92: Hoare triple {11264#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {11264#false} is VALID [2022-02-20 18:02:44,084 INFO L290 TraceCheckUtils]: 93: Hoare triple {11264#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {11264#false} is VALID [2022-02-20 18:02:44,084 INFO L290 TraceCheckUtils]: 94: Hoare triple {11264#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {11264#false} is VALID [2022-02-20 18:02:44,084 INFO L272 TraceCheckUtils]: 95: Hoare triple {11264#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {11264#false} is VALID [2022-02-20 18:02:44,085 INFO L290 TraceCheckUtils]: 96: Hoare triple {11264#false} ~handle := #in~handle;~value := #in~value; {11264#false} is VALID [2022-02-20 18:02:44,085 INFO L290 TraceCheckUtils]: 97: Hoare triple {11264#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11264#false} is VALID [2022-02-20 18:02:44,085 INFO L290 TraceCheckUtils]: 98: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,085 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11264#false} {11264#false} #1004#return; {11264#false} is VALID [2022-02-20 18:02:44,085 INFO L290 TraceCheckUtils]: 100: Hoare triple {11264#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {11264#false} is VALID [2022-02-20 18:02:44,085 INFO L272 TraceCheckUtils]: 101: Hoare triple {11264#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {11264#false} is VALID [2022-02-20 18:02:44,085 INFO L290 TraceCheckUtils]: 102: Hoare triple {11264#false} ~handle := #in~handle;havoc ~retValue_acc~9; {11264#false} is VALID [2022-02-20 18:02:44,086 INFO L290 TraceCheckUtils]: 103: Hoare triple {11264#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {11264#false} is VALID [2022-02-20 18:02:44,086 INFO L290 TraceCheckUtils]: 104: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,086 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {11264#false} {11264#false} #1006#return; {11264#false} is VALID [2022-02-20 18:02:44,086 INFO L290 TraceCheckUtils]: 106: Hoare triple {11264#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {11264#false} is VALID [2022-02-20 18:02:44,086 INFO L272 TraceCheckUtils]: 107: Hoare triple {11264#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {11264#false} is VALID [2022-02-20 18:02:44,086 INFO L290 TraceCheckUtils]: 108: Hoare triple {11264#false} ~handle := #in~handle;havoc ~retValue_acc~36; {11264#false} is VALID [2022-02-20 18:02:44,086 INFO L290 TraceCheckUtils]: 109: Hoare triple {11264#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {11264#false} is VALID [2022-02-20 18:02:44,086 INFO L290 TraceCheckUtils]: 110: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,087 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {11264#false} {11264#false} #1008#return; {11264#false} is VALID [2022-02-20 18:02:44,087 INFO L290 TraceCheckUtils]: 112: Hoare triple {11264#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {11264#false} is VALID [2022-02-20 18:02:44,087 INFO L290 TraceCheckUtils]: 113: Hoare triple {11264#false} assume !(0 != incoming_~privkey~0#1); {11264#false} is VALID [2022-02-20 18:02:44,087 INFO L290 TraceCheckUtils]: 114: Hoare triple {11264#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {11264#false} is VALID [2022-02-20 18:02:44,087 INFO L272 TraceCheckUtils]: 115: Hoare triple {11264#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {11264#false} is VALID [2022-02-20 18:02:44,087 INFO L290 TraceCheckUtils]: 116: Hoare triple {11264#false} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {11264#false} is VALID [2022-02-20 18:02:44,087 INFO L272 TraceCheckUtils]: 117: Hoare triple {11264#false} call #t~ret88#1 := isEncrypted(~msg#1); {11264#false} is VALID [2022-02-20 18:02:44,088 INFO L290 TraceCheckUtils]: 118: Hoare triple {11264#false} ~handle := #in~handle;havoc ~retValue_acc~12; {11264#false} is VALID [2022-02-20 18:02:44,088 INFO L290 TraceCheckUtils]: 119: Hoare triple {11264#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {11264#false} is VALID [2022-02-20 18:02:44,088 INFO L290 TraceCheckUtils]: 120: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,088 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {11264#false} {11264#false} #1108#return; {11264#false} is VALID [2022-02-20 18:02:44,088 INFO L290 TraceCheckUtils]: 122: Hoare triple {11264#false} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {11264#false} is VALID [2022-02-20 18:02:44,088 INFO L290 TraceCheckUtils]: 123: Hoare triple {11264#false} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {11264#false} is VALID [2022-02-20 18:02:44,088 INFO L290 TraceCheckUtils]: 124: Hoare triple {11264#false} assume true; {11264#false} is VALID [2022-02-20 18:02:44,089 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {11264#false} {11264#false} #1020#return; {11264#false} is VALID [2022-02-20 18:02:44,089 INFO L290 TraceCheckUtils]: 126: Hoare triple {11264#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {11264#false} is VALID [2022-02-20 18:02:44,089 INFO L290 TraceCheckUtils]: 127: Hoare triple {11264#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {11264#false} is VALID [2022-02-20 18:02:44,089 INFO L290 TraceCheckUtils]: 128: Hoare triple {11264#false} assume !false; {11264#false} is VALID [2022-02-20 18:02:44,089 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 19 trivial. 0 not checked. [2022-02-20 18:02:44,089 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:02:44,090 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2006494299] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:44,090 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:02:44,090 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:02:44,090 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1580402698] [2022-02-20 18:02:44,090 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:44,091 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.6) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 3 states have call successors, (16) Word has length 129 [2022-02-20 18:02:44,091 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:44,092 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 16.6) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:44,171 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 117 edges. 117 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:44,171 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:02:44,172 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:44,172 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:02:44,173 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:02:44,173 INFO L87 Difference]: Start difference. First operand 412 states and 618 transitions. Second operand has 5 states, 5 states have (on average 16.6) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:45,313 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:45,314 INFO L93 Difference]: Finished difference Result 813 states and 1225 transitions. [2022-02-20 18:02:45,314 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:02:45,314 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 16.6) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 3 states have call successors, (16) Word has length 129 [2022-02-20 18:02:45,315 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:45,315 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.6) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:45,325 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1047 transitions. [2022-02-20 18:02:45,326 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 16.6) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:45,337 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1047 transitions. [2022-02-20 18:02:45,337 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1047 transitions. [2022-02-20 18:02:46,091 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1047 edges. 1047 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:46,105 INFO L225 Difference]: With dead ends: 813 [2022-02-20 18:02:46,105 INFO L226 Difference]: Without dead ends: 414 [2022-02-20 18:02:46,107 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 167 GetRequests, 153 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:02:46,108 INFO L933 BasicCegarLoop]: 518 mSDtfsCounter, 124 mSDsluCounter, 1407 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1925 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:46,110 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1925 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:02:46,112 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 414 states. [2022-02-20 18:02:46,193 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 414 to 414. [2022-02-20 18:02:46,193 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:46,195 INFO L82 GeneralOperation]: Start isEquivalent. First operand 414 states. Second operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) [2022-02-20 18:02:46,196 INFO L74 IsIncluded]: Start isIncluded. First operand 414 states. Second operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) [2022-02-20 18:02:46,197 INFO L87 Difference]: Start difference. First operand 414 states. Second operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) [2022-02-20 18:02:46,213 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:46,213 INFO L93 Difference]: Finished difference Result 414 states and 624 transitions. [2022-02-20 18:02:46,213 INFO L276 IsEmpty]: Start isEmpty. Operand 414 states and 624 transitions. [2022-02-20 18:02:46,215 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:46,215 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:46,217 INFO L74 IsIncluded]: Start isIncluded. First operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) Second operand 414 states. [2022-02-20 18:02:46,218 INFO L87 Difference]: Start difference. First operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) Second operand 414 states. [2022-02-20 18:02:46,233 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:46,233 INFO L93 Difference]: Finished difference Result 414 states and 624 transitions. [2022-02-20 18:02:46,233 INFO L276 IsEmpty]: Start isEmpty. Operand 414 states and 624 transitions. [2022-02-20 18:02:46,235 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:46,235 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:46,235 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:46,235 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:46,236 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) [2022-02-20 18:02:46,254 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 414 states to 414 states and 624 transitions. [2022-02-20 18:02:46,255 INFO L78 Accepts]: Start accepts. Automaton has 414 states and 624 transitions. Word has length 129 [2022-02-20 18:02:46,255 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:46,255 INFO L470 AbstractCegarLoop]: Abstraction has 414 states and 624 transitions. [2022-02-20 18:02:46,256 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 16.6) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:46,256 INFO L276 IsEmpty]: Start isEmpty. Operand 414 states and 624 transitions. [2022-02-20 18:02:46,258 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 131 [2022-02-20 18:02:46,258 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:46,258 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:46,290 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:02:46,483 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:02:46,484 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:46,484 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:46,484 INFO L85 PathProgramCache]: Analyzing trace with hash 2124784056, now seen corresponding path program 1 times [2022-02-20 18:02:46,484 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:46,484 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2072911404] [2022-02-20 18:02:46,484 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:46,484 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:46,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:46,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,548 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14302#true} #1064#return; {14302#true} is VALID [2022-02-20 18:02:46,554 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:46,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,559 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,559 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,559 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14302#true} #1066#return; {14302#true} is VALID [2022-02-20 18:02:46,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:46,561 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,564 INFO L290 TraceCheckUtils]: 0: Hoare triple {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,564 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume !(1 == ~handle); {14302#true} is VALID [2022-02-20 18:02:46,565 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,565 INFO L290 TraceCheckUtils]: 3: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,565 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14302#true} {14302#true} #1068#return; {14302#true} is VALID [2022-02-20 18:02:46,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:46,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,570 INFO L290 TraceCheckUtils]: 0: Hoare triple {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume !(1 == ~handle); {14302#true} is VALID [2022-02-20 18:02:46,571 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,571 INFO L290 TraceCheckUtils]: 3: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,571 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14302#true} {14302#true} #1070#return; {14302#true} is VALID [2022-02-20 18:02:46,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:46,574 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,588 INFO L290 TraceCheckUtils]: 0: Hoare triple {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14376#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:46,588 INFO L290 TraceCheckUtils]: 1: Hoare triple {14376#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14377#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:46,588 INFO L290 TraceCheckUtils]: 2: Hoare triple {14377#(= |setClientId_#in~handle| 1)} assume true; {14377#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:46,589 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14377#(= |setClientId_#in~handle| 1)} {14322#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1072#return; {14303#false} is VALID [2022-02-20 18:02:46,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:02:46,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,593 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,594 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14303#false} #1074#return; {14303#false} is VALID [2022-02-20 18:02:46,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:02:46,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {14378#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14303#false} #1050#return; {14303#false} is VALID [2022-02-20 18:02:46,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:02:46,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {14379#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,618 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14303#false} #1052#return; {14303#false} is VALID [2022-02-20 18:02:46,618 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:02:46,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,623 INFO L290 TraceCheckUtils]: 0: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~36; {14302#true} is VALID [2022-02-20 18:02:46,623 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {14302#true} is VALID [2022-02-20 18:02:46,623 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,623 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14303#false} #994#return; {14303#false} is VALID [2022-02-20 18:02:46,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 18:02:46,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~9; {14302#true} is VALID [2022-02-20 18:02:46,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {14302#true} is VALID [2022-02-20 18:02:46,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,627 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14303#false} #996#return; {14303#false} is VALID [2022-02-20 18:02:46,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:02:46,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {14302#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {14302#true} is VALID [2022-02-20 18:02:46,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle; {14302#true} is VALID [2022-02-20 18:02:46,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {14302#true} is VALID [2022-02-20 18:02:46,631 INFO L290 TraceCheckUtils]: 3: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,632 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14302#true} {14303#false} #998#return; {14303#false} is VALID [2022-02-20 18:02:46,632 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:02:46,636 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {14378#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,639 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,639 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,639 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14303#false} #1004#return; {14303#false} is VALID [2022-02-20 18:02:46,639 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:02:46,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,642 INFO L290 TraceCheckUtils]: 0: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~9; {14302#true} is VALID [2022-02-20 18:02:46,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {14302#true} is VALID [2022-02-20 18:02:46,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,643 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14303#false} #1006#return; {14303#false} is VALID [2022-02-20 18:02:46,643 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 18:02:46,644 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,646 INFO L290 TraceCheckUtils]: 0: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~36; {14302#true} is VALID [2022-02-20 18:02:46,646 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {14302#true} is VALID [2022-02-20 18:02:46,646 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,646 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14303#false} #1008#return; {14303#false} is VALID [2022-02-20 18:02:46,646 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 18:02:46,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:46,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:46,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~12; {14302#true} is VALID [2022-02-20 18:02:46,658 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {14302#true} is VALID [2022-02-20 18:02:46,658 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,658 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14302#true} {14302#true} #1108#return; {14302#true} is VALID [2022-02-20 18:02:46,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {14302#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {14302#true} is VALID [2022-02-20 18:02:46,659 INFO L272 TraceCheckUtils]: 1: Hoare triple {14302#true} call #t~ret88#1 := isEncrypted(~msg#1); {14302#true} is VALID [2022-02-20 18:02:46,659 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~12; {14302#true} is VALID [2022-02-20 18:02:46,659 INFO L290 TraceCheckUtils]: 3: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {14302#true} is VALID [2022-02-20 18:02:46,659 INFO L290 TraceCheckUtils]: 4: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,659 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {14302#true} {14302#true} #1108#return; {14302#true} is VALID [2022-02-20 18:02:46,659 INFO L290 TraceCheckUtils]: 6: Hoare triple {14302#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {14302#true} is VALID [2022-02-20 18:02:46,659 INFO L290 TraceCheckUtils]: 7: Hoare triple {14302#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {14302#true} is VALID [2022-02-20 18:02:46,660 INFO L290 TraceCheckUtils]: 8: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,660 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {14302#true} {14303#false} #1020#return; {14303#false} is VALID [2022-02-20 18:02:46,660 INFO L290 TraceCheckUtils]: 0: Hoare triple {14302#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {14302#true} is VALID [2022-02-20 18:02:46,660 INFO L290 TraceCheckUtils]: 1: Hoare triple {14302#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {14302#true} is VALID [2022-02-20 18:02:46,660 INFO L290 TraceCheckUtils]: 2: Hoare triple {14302#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14302#true} is VALID [2022-02-20 18:02:46,660 INFO L290 TraceCheckUtils]: 3: Hoare triple {14302#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {14302#true} is VALID [2022-02-20 18:02:46,660 INFO L290 TraceCheckUtils]: 4: Hoare triple {14302#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {14302#true} is VALID [2022-02-20 18:02:46,661 INFO L290 TraceCheckUtils]: 5: Hoare triple {14302#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14302#true} is VALID [2022-02-20 18:02:46,661 INFO L272 TraceCheckUtils]: 6: Hoare triple {14302#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:46,661 INFO L290 TraceCheckUtils]: 7: Hoare triple {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,662 INFO L290 TraceCheckUtils]: 8: Hoare triple {14302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,662 INFO L290 TraceCheckUtils]: 9: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,662 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14302#true} {14302#true} #1064#return; {14302#true} is VALID [2022-02-20 18:02:46,662 INFO L290 TraceCheckUtils]: 11: Hoare triple {14302#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14302#true} is VALID [2022-02-20 18:02:46,663 INFO L272 TraceCheckUtils]: 12: Hoare triple {14302#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:46,663 INFO L290 TraceCheckUtils]: 13: Hoare triple {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,663 INFO L290 TraceCheckUtils]: 14: Hoare triple {14302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,663 INFO L290 TraceCheckUtils]: 15: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,663 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14302#true} {14302#true} #1066#return; {14302#true} is VALID [2022-02-20 18:02:46,663 INFO L290 TraceCheckUtils]: 17: Hoare triple {14302#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14302#true} is VALID [2022-02-20 18:02:46,664 INFO L272 TraceCheckUtils]: 18: Hoare triple {14302#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:46,664 INFO L290 TraceCheckUtils]: 19: Hoare triple {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,664 INFO L290 TraceCheckUtils]: 20: Hoare triple {14302#true} assume !(1 == ~handle); {14302#true} is VALID [2022-02-20 18:02:46,664 INFO L290 TraceCheckUtils]: 21: Hoare triple {14302#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,664 INFO L290 TraceCheckUtils]: 22: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,664 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14302#true} {14302#true} #1068#return; {14302#true} is VALID [2022-02-20 18:02:46,665 INFO L290 TraceCheckUtils]: 24: Hoare triple {14302#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14302#true} is VALID [2022-02-20 18:02:46,665 INFO L272 TraceCheckUtils]: 25: Hoare triple {14302#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:46,665 INFO L290 TraceCheckUtils]: 26: Hoare triple {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,665 INFO L290 TraceCheckUtils]: 27: Hoare triple {14302#true} assume !(1 == ~handle); {14302#true} is VALID [2022-02-20 18:02:46,666 INFO L290 TraceCheckUtils]: 28: Hoare triple {14302#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,666 INFO L290 TraceCheckUtils]: 29: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,666 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14302#true} {14302#true} #1070#return; {14302#true} is VALID [2022-02-20 18:02:46,666 INFO L290 TraceCheckUtils]: 31: Hoare triple {14302#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14322#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:46,667 INFO L272 TraceCheckUtils]: 32: Hoare triple {14322#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:46,667 INFO L290 TraceCheckUtils]: 33: Hoare triple {14374#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14376#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:46,668 INFO L290 TraceCheckUtils]: 34: Hoare triple {14376#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14377#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:46,668 INFO L290 TraceCheckUtils]: 35: Hoare triple {14377#(= |setClientId_#in~handle| 1)} assume true; {14377#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:02:46,668 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {14377#(= |setClientId_#in~handle| 1)} {14322#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1072#return; {14303#false} is VALID [2022-02-20 18:02:46,669 INFO L290 TraceCheckUtils]: 37: Hoare triple {14303#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {14303#false} is VALID [2022-02-20 18:02:46,669 INFO L272 TraceCheckUtils]: 38: Hoare triple {14303#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:46,669 INFO L290 TraceCheckUtils]: 39: Hoare triple {14375#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,669 INFO L290 TraceCheckUtils]: 40: Hoare triple {14302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,669 INFO L290 TraceCheckUtils]: 41: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,669 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {14302#true} {14303#false} #1074#return; {14303#false} is VALID [2022-02-20 18:02:46,669 INFO L290 TraceCheckUtils]: 43: Hoare triple {14303#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {14303#false} is VALID [2022-02-20 18:02:46,670 INFO L290 TraceCheckUtils]: 44: Hoare triple {14303#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14303#false} is VALID [2022-02-20 18:02:46,670 INFO L290 TraceCheckUtils]: 45: Hoare triple {14303#false} assume !false; {14303#false} is VALID [2022-02-20 18:02:46,670 INFO L290 TraceCheckUtils]: 46: Hoare triple {14303#false} assume test_~splverifierCounter~0#1 < 4; {14303#false} is VALID [2022-02-20 18:02:46,670 INFO L290 TraceCheckUtils]: 47: Hoare triple {14303#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14303#false} is VALID [2022-02-20 18:02:46,670 INFO L290 TraceCheckUtils]: 48: Hoare triple {14303#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet94#1 && test_#t~nondet94#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet94#1;havoc test_#t~nondet94#1; {14303#false} is VALID [2022-02-20 18:02:46,670 INFO L290 TraceCheckUtils]: 49: Hoare triple {14303#false} assume !(0 != test_~tmp___9~0#1); {14303#false} is VALID [2022-02-20 18:02:46,670 INFO L290 TraceCheckUtils]: 50: Hoare triple {14303#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {14303#false} is VALID [2022-02-20 18:02:46,670 INFO L290 TraceCheckUtils]: 51: Hoare triple {14303#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {14303#false} is VALID [2022-02-20 18:02:46,671 INFO L290 TraceCheckUtils]: 52: Hoare triple {14303#false} assume !false; {14303#false} is VALID [2022-02-20 18:02:46,671 INFO L290 TraceCheckUtils]: 53: Hoare triple {14303#false} assume !(test_~splverifierCounter~0#1 < 4); {14303#false} is VALID [2022-02-20 18:02:46,671 INFO L290 TraceCheckUtils]: 54: Hoare triple {14303#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {14303#false} is VALID [2022-02-20 18:02:46,671 INFO L272 TraceCheckUtils]: 55: Hoare triple {14303#false} call sendEmail(~bob~0, ~rjh~0); {14303#false} is VALID [2022-02-20 18:02:46,671 INFO L290 TraceCheckUtils]: 56: Hoare triple {14303#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14303#false} is VALID [2022-02-20 18:02:46,671 INFO L272 TraceCheckUtils]: 57: Hoare triple {14303#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14378#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:46,671 INFO L290 TraceCheckUtils]: 58: Hoare triple {14378#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,671 INFO L290 TraceCheckUtils]: 59: Hoare triple {14302#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,672 INFO L290 TraceCheckUtils]: 60: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,672 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {14302#true} {14303#false} #1050#return; {14303#false} is VALID [2022-02-20 18:02:46,672 INFO L272 TraceCheckUtils]: 62: Hoare triple {14303#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14379#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:46,672 INFO L290 TraceCheckUtils]: 63: Hoare triple {14379#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,672 INFO L290 TraceCheckUtils]: 64: Hoare triple {14302#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,672 INFO L290 TraceCheckUtils]: 65: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,672 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {14302#true} {14303#false} #1052#return; {14303#false} is VALID [2022-02-20 18:02:46,672 INFO L290 TraceCheckUtils]: 67: Hoare triple {14303#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {14303#false} is VALID [2022-02-20 18:02:46,673 INFO L290 TraceCheckUtils]: 68: Hoare triple {14303#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {14303#false} is VALID [2022-02-20 18:02:46,673 INFO L272 TraceCheckUtils]: 69: Hoare triple {14303#false} call outgoing(~sender#1, ~email~0#1); {14303#false} is VALID [2022-02-20 18:02:46,673 INFO L290 TraceCheckUtils]: 70: Hoare triple {14303#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {14303#false} is VALID [2022-02-20 18:02:46,673 INFO L272 TraceCheckUtils]: 71: Hoare triple {14303#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {14302#true} is VALID [2022-02-20 18:02:46,673 INFO L290 TraceCheckUtils]: 72: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~36; {14302#true} is VALID [2022-02-20 18:02:46,673 INFO L290 TraceCheckUtils]: 73: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {14302#true} is VALID [2022-02-20 18:02:46,673 INFO L290 TraceCheckUtils]: 74: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,674 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {14302#true} {14303#false} #994#return; {14303#false} is VALID [2022-02-20 18:02:46,674 INFO L290 TraceCheckUtils]: 76: Hoare triple {14303#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {14303#false} is VALID [2022-02-20 18:02:46,674 INFO L290 TraceCheckUtils]: 77: Hoare triple {14303#false} assume 0 == sign_~privkey~1#1; {14303#false} is VALID [2022-02-20 18:02:46,674 INFO L290 TraceCheckUtils]: 78: Hoare triple {14303#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {14303#false} is VALID [2022-02-20 18:02:46,674 INFO L272 TraceCheckUtils]: 79: Hoare triple {14303#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {14302#true} is VALID [2022-02-20 18:02:46,674 INFO L290 TraceCheckUtils]: 80: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~9; {14302#true} is VALID [2022-02-20 18:02:46,674 INFO L290 TraceCheckUtils]: 81: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {14302#true} is VALID [2022-02-20 18:02:46,675 INFO L290 TraceCheckUtils]: 82: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,675 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {14302#true} {14303#false} #996#return; {14303#false} is VALID [2022-02-20 18:02:46,675 INFO L290 TraceCheckUtils]: 84: Hoare triple {14303#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {14303#false} is VALID [2022-02-20 18:02:46,675 INFO L272 TraceCheckUtils]: 85: Hoare triple {14303#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {14302#true} is VALID [2022-02-20 18:02:46,675 INFO L290 TraceCheckUtils]: 86: Hoare triple {14302#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {14302#true} is VALID [2022-02-20 18:02:46,675 INFO L290 TraceCheckUtils]: 87: Hoare triple {14302#true} assume 1 == ~handle; {14302#true} is VALID [2022-02-20 18:02:46,675 INFO L290 TraceCheckUtils]: 88: Hoare triple {14302#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {14302#true} is VALID [2022-02-20 18:02:46,675 INFO L290 TraceCheckUtils]: 89: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,676 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {14302#true} {14303#false} #998#return; {14303#false} is VALID [2022-02-20 18:02:46,676 INFO L290 TraceCheckUtils]: 91: Hoare triple {14303#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {14303#false} is VALID [2022-02-20 18:02:46,676 INFO L290 TraceCheckUtils]: 92: Hoare triple {14303#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {14303#false} is VALID [2022-02-20 18:02:46,676 INFO L290 TraceCheckUtils]: 93: Hoare triple {14303#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {14303#false} is VALID [2022-02-20 18:02:46,676 INFO L290 TraceCheckUtils]: 94: Hoare triple {14303#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {14303#false} is VALID [2022-02-20 18:02:46,676 INFO L290 TraceCheckUtils]: 95: Hoare triple {14303#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {14303#false} is VALID [2022-02-20 18:02:46,676 INFO L272 TraceCheckUtils]: 96: Hoare triple {14303#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {14378#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:46,676 INFO L290 TraceCheckUtils]: 97: Hoare triple {14378#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14302#true} is VALID [2022-02-20 18:02:46,677 INFO L290 TraceCheckUtils]: 98: Hoare triple {14302#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14302#true} is VALID [2022-02-20 18:02:46,677 INFO L290 TraceCheckUtils]: 99: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,677 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {14302#true} {14303#false} #1004#return; {14303#false} is VALID [2022-02-20 18:02:46,677 INFO L290 TraceCheckUtils]: 101: Hoare triple {14303#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {14303#false} is VALID [2022-02-20 18:02:46,677 INFO L272 TraceCheckUtils]: 102: Hoare triple {14303#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {14302#true} is VALID [2022-02-20 18:02:46,677 INFO L290 TraceCheckUtils]: 103: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~9; {14302#true} is VALID [2022-02-20 18:02:46,677 INFO L290 TraceCheckUtils]: 104: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {14302#true} is VALID [2022-02-20 18:02:46,678 INFO L290 TraceCheckUtils]: 105: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,678 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {14302#true} {14303#false} #1006#return; {14303#false} is VALID [2022-02-20 18:02:46,678 INFO L290 TraceCheckUtils]: 107: Hoare triple {14303#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {14303#false} is VALID [2022-02-20 18:02:46,678 INFO L272 TraceCheckUtils]: 108: Hoare triple {14303#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {14302#true} is VALID [2022-02-20 18:02:46,678 INFO L290 TraceCheckUtils]: 109: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~36; {14302#true} is VALID [2022-02-20 18:02:46,678 INFO L290 TraceCheckUtils]: 110: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {14302#true} is VALID [2022-02-20 18:02:46,678 INFO L290 TraceCheckUtils]: 111: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,678 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {14302#true} {14303#false} #1008#return; {14303#false} is VALID [2022-02-20 18:02:46,679 INFO L290 TraceCheckUtils]: 113: Hoare triple {14303#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {14303#false} is VALID [2022-02-20 18:02:46,679 INFO L290 TraceCheckUtils]: 114: Hoare triple {14303#false} assume !(0 != incoming_~privkey~0#1); {14303#false} is VALID [2022-02-20 18:02:46,679 INFO L290 TraceCheckUtils]: 115: Hoare triple {14303#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {14303#false} is VALID [2022-02-20 18:02:46,679 INFO L272 TraceCheckUtils]: 116: Hoare triple {14303#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {14302#true} is VALID [2022-02-20 18:02:46,679 INFO L290 TraceCheckUtils]: 117: Hoare triple {14302#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {14302#true} is VALID [2022-02-20 18:02:46,679 INFO L272 TraceCheckUtils]: 118: Hoare triple {14302#true} call #t~ret88#1 := isEncrypted(~msg#1); {14302#true} is VALID [2022-02-20 18:02:46,679 INFO L290 TraceCheckUtils]: 119: Hoare triple {14302#true} ~handle := #in~handle;havoc ~retValue_acc~12; {14302#true} is VALID [2022-02-20 18:02:46,679 INFO L290 TraceCheckUtils]: 120: Hoare triple {14302#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {14302#true} is VALID [2022-02-20 18:02:46,680 INFO L290 TraceCheckUtils]: 121: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,680 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {14302#true} {14302#true} #1108#return; {14302#true} is VALID [2022-02-20 18:02:46,680 INFO L290 TraceCheckUtils]: 123: Hoare triple {14302#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {14302#true} is VALID [2022-02-20 18:02:46,680 INFO L290 TraceCheckUtils]: 124: Hoare triple {14302#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {14302#true} is VALID [2022-02-20 18:02:46,680 INFO L290 TraceCheckUtils]: 125: Hoare triple {14302#true} assume true; {14302#true} is VALID [2022-02-20 18:02:46,680 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {14302#true} {14303#false} #1020#return; {14303#false} is VALID [2022-02-20 18:02:46,680 INFO L290 TraceCheckUtils]: 127: Hoare triple {14303#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {14303#false} is VALID [2022-02-20 18:02:46,680 INFO L290 TraceCheckUtils]: 128: Hoare triple {14303#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {14303#false} is VALID [2022-02-20 18:02:46,681 INFO L290 TraceCheckUtils]: 129: Hoare triple {14303#false} assume !false; {14303#false} is VALID [2022-02-20 18:02:46,681 INFO L134 CoverageAnalysis]: Checked inductivity of 38 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:02:46,681 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:46,681 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2072911404] [2022-02-20 18:02:46,681 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2072911404] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:46,682 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:46,682 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:46,682 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1861603162] [2022-02-20 18:02:46,682 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:46,683 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.875) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 130 [2022-02-20 18:02:46,683 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:46,683 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.875) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:46,756 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 113 edges. 113 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:46,756 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:46,756 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:46,757 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:46,757 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:46,757 INFO L87 Difference]: Start difference. First operand 414 states and 624 transitions. Second operand has 9 states, 8 states have (on average 9.875) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:55,297 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:55,298 INFO L93 Difference]: Finished difference Result 987 states and 1486 transitions. [2022-02-20 18:02:55,298 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:02:55,298 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.875) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 130 [2022-02-20 18:02:55,299 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:02:55,299 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.875) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:55,318 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1300 transitions. [2022-02-20 18:02:55,319 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.875) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:55,336 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1300 transitions. [2022-02-20 18:02:55,337 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1300 transitions. [2022-02-20 18:02:56,633 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1300 edges. 1300 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:56,659 INFO L225 Difference]: With dead ends: 987 [2022-02-20 18:02:56,659 INFO L226 Difference]: Without dead ends: 596 [2022-02-20 18:02:56,661 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 35 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:02:56,662 INFO L933 BasicCegarLoop]: 637 mSDtfsCounter, 1309 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 2269 mSolverCounterSat, 525 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1326 SdHoareTripleChecker+Valid, 1452 SdHoareTripleChecker+Invalid, 2794 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 525 IncrementalHoareTripleChecker+Valid, 2269 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:02:56,662 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1326 Valid, 1452 Invalid, 2794 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [525 Valid, 2269 Invalid, 0 Unknown, 0 Unchecked, 3.9s Time] [2022-02-20 18:02:56,666 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 596 states. [2022-02-20 18:02:56,772 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 596 to 414. [2022-02-20 18:02:56,772 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:02:56,774 INFO L82 GeneralOperation]: Start isEquivalent. First operand 596 states. Second operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (74), 68 states have call predecessors, (74), 68 states have call successors, (74) [2022-02-20 18:02:56,775 INFO L74 IsIncluded]: Start isIncluded. First operand 596 states. Second operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (74), 68 states have call predecessors, (74), 68 states have call successors, (74) [2022-02-20 18:02:56,776 INFO L87 Difference]: Start difference. First operand 596 states. Second operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (74), 68 states have call predecessors, (74), 68 states have call successors, (74) [2022-02-20 18:02:56,802 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:56,802 INFO L93 Difference]: Finished difference Result 596 states and 893 transitions. [2022-02-20 18:02:56,802 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 893 transitions. [2022-02-20 18:02:56,805 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:56,806 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:56,807 INFO L74 IsIncluded]: Start isIncluded. First operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (74), 68 states have call predecessors, (74), 68 states have call successors, (74) Second operand 596 states. [2022-02-20 18:02:56,809 INFO L87 Difference]: Start difference. First operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (74), 68 states have call predecessors, (74), 68 states have call successors, (74) Second operand 596 states. [2022-02-20 18:02:56,834 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:02:56,834 INFO L93 Difference]: Finished difference Result 596 states and 893 transitions. [2022-02-20 18:02:56,834 INFO L276 IsEmpty]: Start isEmpty. Operand 596 states and 893 transitions. [2022-02-20 18:02:56,839 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:02:56,839 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:02:56,840 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:02:56,840 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:02:56,841 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 414 states, 319 states have (on average 1.5047021943573669) internal successors, (480), 324 states have internal predecessors, (480), 69 states have call successors, (69), 23 states have call predecessors, (69), 25 states have return successors, (74), 68 states have call predecessors, (74), 68 states have call successors, (74) [2022-02-20 18:02:56,857 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 414 states to 414 states and 623 transitions. [2022-02-20 18:02:56,857 INFO L78 Accepts]: Start accepts. Automaton has 414 states and 623 transitions. Word has length 130 [2022-02-20 18:02:56,857 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:02:56,858 INFO L470 AbstractCegarLoop]: Abstraction has 414 states and 623 transitions. [2022-02-20 18:02:56,858 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.875) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:56,858 INFO L276 IsEmpty]: Start isEmpty. Operand 414 states and 623 transitions. [2022-02-20 18:02:56,860 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 132 [2022-02-20 18:02:56,860 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:02:56,860 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:02:56,860 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:02:56,861 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:02:56,861 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:02:56,861 INFO L85 PathProgramCache]: Analyzing trace with hash 657226353, now seen corresponding path program 2 times [2022-02-20 18:02:56,861 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:02:56,861 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1320934933] [2022-02-20 18:02:56,862 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:02:56,862 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:02:56,896 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,929 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:02:56,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,933 INFO L290 TraceCheckUtils]: 0: Hoare triple {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:56,934 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:56,934 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:56,934 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17598#true} #1064#return; {17598#true} is VALID [2022-02-20 18:02:56,939 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:02:56,941 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,943 INFO L290 TraceCheckUtils]: 0: Hoare triple {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:56,943 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:56,943 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:56,943 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17598#true} #1066#return; {17598#true} is VALID [2022-02-20 18:02:56,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:02:56,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:56,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume !(1 == ~handle); {17598#true} is VALID [2022-02-20 18:02:56,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:56,948 INFO L290 TraceCheckUtils]: 3: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:56,948 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17598#true} {17598#true} #1068#return; {17598#true} is VALID [2022-02-20 18:02:56,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:02:56,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:56,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume !(1 == ~handle); {17598#true} is VALID [2022-02-20 18:02:56,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:56,953 INFO L290 TraceCheckUtils]: 3: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:56,953 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17598#true} {17598#true} #1070#return; {17598#true} is VALID [2022-02-20 18:02:56,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:02:56,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:56,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {17673#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:56,968 INFO L290 TraceCheckUtils]: 2: Hoare triple {17673#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17674#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:56,969 INFO L290 TraceCheckUtils]: 3: Hoare triple {17674#(= 2 |setClientId_#in~handle|)} assume true; {17674#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:56,969 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17674#(= 2 |setClientId_#in~handle|)} {17618#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1072#return; {17599#false} is VALID [2022-02-20 18:02:56,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:02:56,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:56,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:56,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:56,975 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17599#false} #1074#return; {17599#false} is VALID [2022-02-20 18:02:56,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:02:56,983 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {17675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:56,985 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:56,985 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:56,985 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17599#false} #1050#return; {17599#false} is VALID [2022-02-20 18:02:56,992 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:02:56,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,995 INFO L290 TraceCheckUtils]: 0: Hoare triple {17676#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:56,995 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:56,996 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:56,996 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17599#false} #1052#return; {17599#false} is VALID [2022-02-20 18:02:56,996 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:02:56,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:56,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17598#true} is VALID [2022-02-20 18:02:56,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {17598#true} is VALID [2022-02-20 18:02:56,999 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:56,999 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17599#false} #994#return; {17599#false} is VALID [2022-02-20 18:02:56,999 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:02:57,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~9; {17598#true} is VALID [2022-02-20 18:02:57,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {17598#true} is VALID [2022-02-20 18:02:57,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,003 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17599#false} #996#return; {17599#false} is VALID [2022-02-20 18:02:57,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:02:57,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,006 INFO L290 TraceCheckUtils]: 0: Hoare triple {17598#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {17598#true} is VALID [2022-02-20 18:02:57,007 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle; {17598#true} is VALID [2022-02-20 18:02:57,007 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {17598#true} is VALID [2022-02-20 18:02:57,007 INFO L290 TraceCheckUtils]: 3: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,007 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17598#true} {17599#false} #998#return; {17599#false} is VALID [2022-02-20 18:02:57,007 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:02:57,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,010 INFO L290 TraceCheckUtils]: 0: Hoare triple {17675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,010 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,011 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17599#false} #1004#return; {17599#false} is VALID [2022-02-20 18:02:57,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:02:57,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~9; {17598#true} is VALID [2022-02-20 18:02:57,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {17598#true} is VALID [2022-02-20 18:02:57,014 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,014 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17599#false} #1006#return; {17599#false} is VALID [2022-02-20 18:02:57,014 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 18:02:57,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17598#true} is VALID [2022-02-20 18:02:57,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {17598#true} is VALID [2022-02-20 18:02:57,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,018 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17599#false} #1008#return; {17599#false} is VALID [2022-02-20 18:02:57,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 18:02:57,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,037 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:02:57,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:02:57,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~12; {17598#true} is VALID [2022-02-20 18:02:57,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {17598#true} is VALID [2022-02-20 18:02:57,041 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,041 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17598#true} {17598#true} #1108#return; {17598#true} is VALID [2022-02-20 18:02:57,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {17598#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {17598#true} is VALID [2022-02-20 18:02:57,041 INFO L272 TraceCheckUtils]: 1: Hoare triple {17598#true} call #t~ret88#1 := isEncrypted(~msg#1); {17598#true} is VALID [2022-02-20 18:02:57,041 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~12; {17598#true} is VALID [2022-02-20 18:02:57,041 INFO L290 TraceCheckUtils]: 3: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {17598#true} is VALID [2022-02-20 18:02:57,041 INFO L290 TraceCheckUtils]: 4: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,042 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17598#true} {17598#true} #1108#return; {17598#true} is VALID [2022-02-20 18:02:57,042 INFO L290 TraceCheckUtils]: 6: Hoare triple {17598#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {17598#true} is VALID [2022-02-20 18:02:57,042 INFO L290 TraceCheckUtils]: 7: Hoare triple {17598#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {17598#true} is VALID [2022-02-20 18:02:57,042 INFO L290 TraceCheckUtils]: 8: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,042 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {17598#true} {17599#false} #1020#return; {17599#false} is VALID [2022-02-20 18:02:57,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {17598#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {17598#true} is VALID [2022-02-20 18:02:57,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {17598#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {17598#true} is VALID [2022-02-20 18:02:57,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {17598#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17598#true} is VALID [2022-02-20 18:02:57,043 INFO L290 TraceCheckUtils]: 3: Hoare triple {17598#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {17598#true} is VALID [2022-02-20 18:02:57,043 INFO L290 TraceCheckUtils]: 4: Hoare triple {17598#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {17598#true} is VALID [2022-02-20 18:02:57,043 INFO L290 TraceCheckUtils]: 5: Hoare triple {17598#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17598#true} is VALID [2022-02-20 18:02:57,044 INFO L272 TraceCheckUtils]: 6: Hoare triple {17598#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:57,044 INFO L290 TraceCheckUtils]: 7: Hoare triple {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,044 INFO L290 TraceCheckUtils]: 8: Hoare triple {17598#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,044 INFO L290 TraceCheckUtils]: 9: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,044 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17598#true} {17598#true} #1064#return; {17598#true} is VALID [2022-02-20 18:02:57,044 INFO L290 TraceCheckUtils]: 11: Hoare triple {17598#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17598#true} is VALID [2022-02-20 18:02:57,045 INFO L272 TraceCheckUtils]: 12: Hoare triple {17598#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:57,045 INFO L290 TraceCheckUtils]: 13: Hoare triple {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,045 INFO L290 TraceCheckUtils]: 14: Hoare triple {17598#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,046 INFO L290 TraceCheckUtils]: 15: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,046 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17598#true} {17598#true} #1066#return; {17598#true} is VALID [2022-02-20 18:02:57,046 INFO L290 TraceCheckUtils]: 17: Hoare triple {17598#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17598#true} is VALID [2022-02-20 18:02:57,046 INFO L272 TraceCheckUtils]: 18: Hoare triple {17598#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:57,047 INFO L290 TraceCheckUtils]: 19: Hoare triple {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,047 INFO L290 TraceCheckUtils]: 20: Hoare triple {17598#true} assume !(1 == ~handle); {17598#true} is VALID [2022-02-20 18:02:57,047 INFO L290 TraceCheckUtils]: 21: Hoare triple {17598#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,047 INFO L290 TraceCheckUtils]: 22: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,047 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17598#true} {17598#true} #1068#return; {17598#true} is VALID [2022-02-20 18:02:57,047 INFO L290 TraceCheckUtils]: 24: Hoare triple {17598#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17598#true} is VALID [2022-02-20 18:02:57,048 INFO L272 TraceCheckUtils]: 25: Hoare triple {17598#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:57,048 INFO L290 TraceCheckUtils]: 26: Hoare triple {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,048 INFO L290 TraceCheckUtils]: 27: Hoare triple {17598#true} assume !(1 == ~handle); {17598#true} is VALID [2022-02-20 18:02:57,048 INFO L290 TraceCheckUtils]: 28: Hoare triple {17598#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,048 INFO L290 TraceCheckUtils]: 29: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,049 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17598#true} {17598#true} #1070#return; {17598#true} is VALID [2022-02-20 18:02:57,049 INFO L290 TraceCheckUtils]: 31: Hoare triple {17598#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17618#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:02:57,050 INFO L272 TraceCheckUtils]: 32: Hoare triple {17618#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:02:57,050 INFO L290 TraceCheckUtils]: 33: Hoare triple {17671#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:57,050 INFO L290 TraceCheckUtils]: 34: Hoare triple {17673#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17673#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:57,051 INFO L290 TraceCheckUtils]: 35: Hoare triple {17673#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17674#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:57,051 INFO L290 TraceCheckUtils]: 36: Hoare triple {17674#(= 2 |setClientId_#in~handle|)} assume true; {17674#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:02:57,052 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {17674#(= 2 |setClientId_#in~handle|)} {17618#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1072#return; {17599#false} is VALID [2022-02-20 18:02:57,052 INFO L290 TraceCheckUtils]: 38: Hoare triple {17599#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {17599#false} is VALID [2022-02-20 18:02:57,052 INFO L272 TraceCheckUtils]: 39: Hoare triple {17599#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:02:57,052 INFO L290 TraceCheckUtils]: 40: Hoare triple {17672#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,052 INFO L290 TraceCheckUtils]: 41: Hoare triple {17598#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,052 INFO L290 TraceCheckUtils]: 42: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,052 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {17598#true} {17599#false} #1074#return; {17599#false} is VALID [2022-02-20 18:02:57,053 INFO L290 TraceCheckUtils]: 44: Hoare triple {17599#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {17599#false} is VALID [2022-02-20 18:02:57,053 INFO L290 TraceCheckUtils]: 45: Hoare triple {17599#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17599#false} is VALID [2022-02-20 18:02:57,053 INFO L290 TraceCheckUtils]: 46: Hoare triple {17599#false} assume !false; {17599#false} is VALID [2022-02-20 18:02:57,053 INFO L290 TraceCheckUtils]: 47: Hoare triple {17599#false} assume test_~splverifierCounter~0#1 < 4; {17599#false} is VALID [2022-02-20 18:02:57,053 INFO L290 TraceCheckUtils]: 48: Hoare triple {17599#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17599#false} is VALID [2022-02-20 18:02:57,053 INFO L290 TraceCheckUtils]: 49: Hoare triple {17599#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet94#1 && test_#t~nondet94#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet94#1;havoc test_#t~nondet94#1; {17599#false} is VALID [2022-02-20 18:02:57,053 INFO L290 TraceCheckUtils]: 50: Hoare triple {17599#false} assume !(0 != test_~tmp___9~0#1); {17599#false} is VALID [2022-02-20 18:02:57,054 INFO L290 TraceCheckUtils]: 51: Hoare triple {17599#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {17599#false} is VALID [2022-02-20 18:02:57,054 INFO L290 TraceCheckUtils]: 52: Hoare triple {17599#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {17599#false} is VALID [2022-02-20 18:02:57,054 INFO L290 TraceCheckUtils]: 53: Hoare triple {17599#false} assume !false; {17599#false} is VALID [2022-02-20 18:02:57,054 INFO L290 TraceCheckUtils]: 54: Hoare triple {17599#false} assume !(test_~splverifierCounter~0#1 < 4); {17599#false} is VALID [2022-02-20 18:02:57,054 INFO L290 TraceCheckUtils]: 55: Hoare triple {17599#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {17599#false} is VALID [2022-02-20 18:02:57,054 INFO L272 TraceCheckUtils]: 56: Hoare triple {17599#false} call sendEmail(~bob~0, ~rjh~0); {17599#false} is VALID [2022-02-20 18:02:57,054 INFO L290 TraceCheckUtils]: 57: Hoare triple {17599#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17599#false} is VALID [2022-02-20 18:02:57,054 INFO L272 TraceCheckUtils]: 58: Hoare triple {17599#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:57,055 INFO L290 TraceCheckUtils]: 59: Hoare triple {17675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,055 INFO L290 TraceCheckUtils]: 60: Hoare triple {17598#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,055 INFO L290 TraceCheckUtils]: 61: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,055 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {17598#true} {17599#false} #1050#return; {17599#false} is VALID [2022-02-20 18:02:57,055 INFO L272 TraceCheckUtils]: 63: Hoare triple {17599#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17676#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:02:57,055 INFO L290 TraceCheckUtils]: 64: Hoare triple {17676#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,055 INFO L290 TraceCheckUtils]: 65: Hoare triple {17598#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,056 INFO L290 TraceCheckUtils]: 66: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,056 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {17598#true} {17599#false} #1052#return; {17599#false} is VALID [2022-02-20 18:02:57,056 INFO L290 TraceCheckUtils]: 68: Hoare triple {17599#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {17599#false} is VALID [2022-02-20 18:02:57,056 INFO L290 TraceCheckUtils]: 69: Hoare triple {17599#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {17599#false} is VALID [2022-02-20 18:02:57,056 INFO L272 TraceCheckUtils]: 70: Hoare triple {17599#false} call outgoing(~sender#1, ~email~0#1); {17599#false} is VALID [2022-02-20 18:02:57,056 INFO L290 TraceCheckUtils]: 71: Hoare triple {17599#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {17599#false} is VALID [2022-02-20 18:02:57,056 INFO L272 TraceCheckUtils]: 72: Hoare triple {17599#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {17598#true} is VALID [2022-02-20 18:02:57,056 INFO L290 TraceCheckUtils]: 73: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17598#true} is VALID [2022-02-20 18:02:57,057 INFO L290 TraceCheckUtils]: 74: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {17598#true} is VALID [2022-02-20 18:02:57,057 INFO L290 TraceCheckUtils]: 75: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,057 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {17598#true} {17599#false} #994#return; {17599#false} is VALID [2022-02-20 18:02:57,057 INFO L290 TraceCheckUtils]: 77: Hoare triple {17599#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {17599#false} is VALID [2022-02-20 18:02:57,057 INFO L290 TraceCheckUtils]: 78: Hoare triple {17599#false} assume 0 == sign_~privkey~1#1; {17599#false} is VALID [2022-02-20 18:02:57,057 INFO L290 TraceCheckUtils]: 79: Hoare triple {17599#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {17599#false} is VALID [2022-02-20 18:02:57,057 INFO L272 TraceCheckUtils]: 80: Hoare triple {17599#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {17598#true} is VALID [2022-02-20 18:02:57,057 INFO L290 TraceCheckUtils]: 81: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~9; {17598#true} is VALID [2022-02-20 18:02:57,058 INFO L290 TraceCheckUtils]: 82: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {17598#true} is VALID [2022-02-20 18:02:57,058 INFO L290 TraceCheckUtils]: 83: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,058 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {17598#true} {17599#false} #996#return; {17599#false} is VALID [2022-02-20 18:02:57,058 INFO L290 TraceCheckUtils]: 85: Hoare triple {17599#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {17599#false} is VALID [2022-02-20 18:02:57,058 INFO L272 TraceCheckUtils]: 86: Hoare triple {17599#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {17598#true} is VALID [2022-02-20 18:02:57,058 INFO L290 TraceCheckUtils]: 87: Hoare triple {17598#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {17598#true} is VALID [2022-02-20 18:02:57,058 INFO L290 TraceCheckUtils]: 88: Hoare triple {17598#true} assume 1 == ~handle; {17598#true} is VALID [2022-02-20 18:02:57,059 INFO L290 TraceCheckUtils]: 89: Hoare triple {17598#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {17598#true} is VALID [2022-02-20 18:02:57,059 INFO L290 TraceCheckUtils]: 90: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,059 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {17598#true} {17599#false} #998#return; {17599#false} is VALID [2022-02-20 18:02:57,059 INFO L290 TraceCheckUtils]: 92: Hoare triple {17599#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {17599#false} is VALID [2022-02-20 18:02:57,059 INFO L290 TraceCheckUtils]: 93: Hoare triple {17599#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {17599#false} is VALID [2022-02-20 18:02:57,059 INFO L290 TraceCheckUtils]: 94: Hoare triple {17599#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {17599#false} is VALID [2022-02-20 18:02:57,059 INFO L290 TraceCheckUtils]: 95: Hoare triple {17599#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {17599#false} is VALID [2022-02-20 18:02:57,059 INFO L290 TraceCheckUtils]: 96: Hoare triple {17599#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {17599#false} is VALID [2022-02-20 18:02:57,060 INFO L272 TraceCheckUtils]: 97: Hoare triple {17599#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {17675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:02:57,060 INFO L290 TraceCheckUtils]: 98: Hoare triple {17675#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17598#true} is VALID [2022-02-20 18:02:57,060 INFO L290 TraceCheckUtils]: 99: Hoare triple {17598#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17598#true} is VALID [2022-02-20 18:02:57,060 INFO L290 TraceCheckUtils]: 100: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,060 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {17598#true} {17599#false} #1004#return; {17599#false} is VALID [2022-02-20 18:02:57,060 INFO L290 TraceCheckUtils]: 102: Hoare triple {17599#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {17599#false} is VALID [2022-02-20 18:02:57,060 INFO L272 TraceCheckUtils]: 103: Hoare triple {17599#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {17598#true} is VALID [2022-02-20 18:02:57,060 INFO L290 TraceCheckUtils]: 104: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~9; {17598#true} is VALID [2022-02-20 18:02:57,061 INFO L290 TraceCheckUtils]: 105: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {17598#true} is VALID [2022-02-20 18:02:57,061 INFO L290 TraceCheckUtils]: 106: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,061 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {17598#true} {17599#false} #1006#return; {17599#false} is VALID [2022-02-20 18:02:57,061 INFO L290 TraceCheckUtils]: 108: Hoare triple {17599#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {17599#false} is VALID [2022-02-20 18:02:57,061 INFO L272 TraceCheckUtils]: 109: Hoare triple {17599#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {17598#true} is VALID [2022-02-20 18:02:57,061 INFO L290 TraceCheckUtils]: 110: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~36; {17598#true} is VALID [2022-02-20 18:02:57,061 INFO L290 TraceCheckUtils]: 111: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {17598#true} is VALID [2022-02-20 18:02:57,062 INFO L290 TraceCheckUtils]: 112: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,062 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {17598#true} {17599#false} #1008#return; {17599#false} is VALID [2022-02-20 18:02:57,062 INFO L290 TraceCheckUtils]: 114: Hoare triple {17599#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {17599#false} is VALID [2022-02-20 18:02:57,062 INFO L290 TraceCheckUtils]: 115: Hoare triple {17599#false} assume !(0 != incoming_~privkey~0#1); {17599#false} is VALID [2022-02-20 18:02:57,062 INFO L290 TraceCheckUtils]: 116: Hoare triple {17599#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {17599#false} is VALID [2022-02-20 18:02:57,062 INFO L272 TraceCheckUtils]: 117: Hoare triple {17599#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {17598#true} is VALID [2022-02-20 18:02:57,062 INFO L290 TraceCheckUtils]: 118: Hoare triple {17598#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {17598#true} is VALID [2022-02-20 18:02:57,062 INFO L272 TraceCheckUtils]: 119: Hoare triple {17598#true} call #t~ret88#1 := isEncrypted(~msg#1); {17598#true} is VALID [2022-02-20 18:02:57,063 INFO L290 TraceCheckUtils]: 120: Hoare triple {17598#true} ~handle := #in~handle;havoc ~retValue_acc~12; {17598#true} is VALID [2022-02-20 18:02:57,063 INFO L290 TraceCheckUtils]: 121: Hoare triple {17598#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {17598#true} is VALID [2022-02-20 18:02:57,063 INFO L290 TraceCheckUtils]: 122: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,063 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {17598#true} {17598#true} #1108#return; {17598#true} is VALID [2022-02-20 18:02:57,063 INFO L290 TraceCheckUtils]: 124: Hoare triple {17598#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {17598#true} is VALID [2022-02-20 18:02:57,063 INFO L290 TraceCheckUtils]: 125: Hoare triple {17598#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {17598#true} is VALID [2022-02-20 18:02:57,063 INFO L290 TraceCheckUtils]: 126: Hoare triple {17598#true} assume true; {17598#true} is VALID [2022-02-20 18:02:57,063 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {17598#true} {17599#false} #1020#return; {17599#false} is VALID [2022-02-20 18:02:57,064 INFO L290 TraceCheckUtils]: 128: Hoare triple {17599#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {17599#false} is VALID [2022-02-20 18:02:57,064 INFO L290 TraceCheckUtils]: 129: Hoare triple {17599#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {17599#false} is VALID [2022-02-20 18:02:57,064 INFO L290 TraceCheckUtils]: 130: Hoare triple {17599#false} assume !false; {17599#false} is VALID [2022-02-20 18:02:57,064 INFO L134 CoverageAnalysis]: Checked inductivity of 39 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 32 trivial. 0 not checked. [2022-02-20 18:02:57,064 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:02:57,065 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1320934933] [2022-02-20 18:02:57,065 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1320934933] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:02:57,065 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:02:57,065 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:02:57,065 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [810128822] [2022-02-20 18:02:57,065 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:02:57,066 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.0) internal successors, (80), 5 states have internal predecessors, (80), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 131 [2022-02-20 18:02:57,067 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:02:57,067 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.0) internal successors, (80), 5 states have internal predecessors, (80), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:02:57,156 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 114 edges. 114 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:02:57,156 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:02:57,156 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:02:57,157 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:02:57,157 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:02:57,158 INFO L87 Difference]: Start difference. First operand 414 states and 623 transitions. Second operand has 9 states, 8 states have (on average 10.0) internal successors, (80), 5 states have internal predecessors, (80), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:03:04,412 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:04,413 INFO L93 Difference]: Finished difference Result 989 states and 1489 transitions. [2022-02-20 18:03:04,413 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:03:04,413 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.0) internal successors, (80), 5 states have internal predecessors, (80), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) Word has length 131 [2022-02-20 18:03:04,414 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:04,414 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.0) internal successors, (80), 5 states have internal predecessors, (80), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:03:04,426 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1301 transitions. [2022-02-20 18:03:04,427 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.0) internal successors, (80), 5 states have internal predecessors, (80), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:03:04,438 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1301 transitions. [2022-02-20 18:03:04,439 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1301 transitions. [2022-02-20 18:03:05,640 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1301 edges. 1301 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:05,668 INFO L225 Difference]: With dead ends: 989 [2022-02-20 18:03:05,669 INFO L226 Difference]: Without dead ends: 598 [2022-02-20 18:03:05,670 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 50 GetRequests, 35 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:03:05,670 INFO L933 BasicCegarLoop]: 583 mSDtfsCounter, 1441 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 2080 mSolverCounterSat, 536 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1458 SdHoareTripleChecker+Valid, 1398 SdHoareTripleChecker+Invalid, 2616 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 536 IncrementalHoareTripleChecker+Valid, 2080 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:05,670 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1458 Valid, 1398 Invalid, 2616 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [536 Valid, 2080 Invalid, 0 Unknown, 0 Unchecked, 3.1s Time] [2022-02-20 18:03:05,671 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 598 states. [2022-02-20 18:03:05,795 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 598 to 416. [2022-02-20 18:03:05,795 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:05,796 INFO L82 GeneralOperation]: Start isEquivalent. First operand 598 states. Second operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (76), 68 states have call predecessors, (76), 68 states have call successors, (76) [2022-02-20 18:03:05,797 INFO L74 IsIncluded]: Start isIncluded. First operand 598 states. Second operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (76), 68 states have call predecessors, (76), 68 states have call successors, (76) [2022-02-20 18:03:05,797 INFO L87 Difference]: Start difference. First operand 598 states. Second operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (76), 68 states have call predecessors, (76), 68 states have call successors, (76) [2022-02-20 18:03:05,820 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:05,820 INFO L93 Difference]: Finished difference Result 598 states and 896 transitions. [2022-02-20 18:03:05,821 INFO L276 IsEmpty]: Start isEmpty. Operand 598 states and 896 transitions. [2022-02-20 18:03:05,824 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:05,824 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:05,826 INFO L74 IsIncluded]: Start isIncluded. First operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (76), 68 states have call predecessors, (76), 68 states have call successors, (76) Second operand 598 states. [2022-02-20 18:03:05,841 INFO L87 Difference]: Start difference. First operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (76), 68 states have call predecessors, (76), 68 states have call successors, (76) Second operand 598 states. [2022-02-20 18:03:05,866 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:05,866 INFO L93 Difference]: Finished difference Result 598 states and 896 transitions. [2022-02-20 18:03:05,866 INFO L276 IsEmpty]: Start isEmpty. Operand 598 states and 896 transitions. [2022-02-20 18:03:05,870 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:05,870 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:05,870 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:05,870 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:05,874 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (76), 68 states have call predecessors, (76), 68 states have call successors, (76) [2022-02-20 18:03:05,888 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 416 states to 416 states and 626 transitions. [2022-02-20 18:03:05,889 INFO L78 Accepts]: Start accepts. Automaton has 416 states and 626 transitions. Word has length 131 [2022-02-20 18:03:05,889 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:05,889 INFO L470 AbstractCegarLoop]: Abstraction has 416 states and 626 transitions. [2022-02-20 18:03:05,890 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.0) internal successors, (80), 5 states have internal predecessors, (80), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (16), 2 states have call predecessors, (16), 3 states have call successors, (16) [2022-02-20 18:03:05,890 INFO L276 IsEmpty]: Start isEmpty. Operand 416 states and 626 transitions. [2022-02-20 18:03:05,892 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 133 [2022-02-20 18:03:05,892 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:05,893 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:05,893 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:03:05,893 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:05,894 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:05,894 INFO L85 PathProgramCache]: Analyzing trace with hash -234250189, now seen corresponding path program 1 times [2022-02-20 18:03:05,894 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:05,894 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [687655581] [2022-02-20 18:03:05,894 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:05,894 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:05,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:05,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:05,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:05,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:05,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:05,963 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:05,963 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20903#true} #1064#return; {20903#true} is VALID [2022-02-20 18:03:05,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:05,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:05,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:05,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:05,972 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:05,972 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20903#true} #1066#return; {20903#true} is VALID [2022-02-20 18:03:05,973 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:05,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:05,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:05,976 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume !(1 == ~handle); {20903#true} is VALID [2022-02-20 18:03:05,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:05,976 INFO L290 TraceCheckUtils]: 3: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:05,976 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20903#true} {20903#true} #1068#return; {20903#true} is VALID [2022-02-20 18:03:05,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:05,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:05,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:05,981 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume !(1 == ~handle); {20903#true} is VALID [2022-02-20 18:03:05,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:05,981 INFO L290 TraceCheckUtils]: 3: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:05,981 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20903#true} {20903#true} #1070#return; {20903#true} is VALID [2022-02-20 18:03:05,982 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:05,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:05,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:05,998 INFO L290 TraceCheckUtils]: 1: Hoare triple {20980#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:05,998 INFO L290 TraceCheckUtils]: 2: Hoare triple {20980#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {20980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:05,999 INFO L290 TraceCheckUtils]: 3: Hoare triple {20980#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {20981#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:05,999 INFO L290 TraceCheckUtils]: 4: Hoare triple {20981#(= 3 |setClientId_#in~handle|)} assume true; {20981#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:06,000 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20981#(= 3 |setClientId_#in~handle|)} {20923#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1072#return; {20930#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:03:06,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:03:06,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20982#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:06,015 INFO L290 TraceCheckUtils]: 1: Hoare triple {20982#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20983#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:06,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {20983#(= |setClientPrivateKey_#in~handle| 1)} assume true; {20983#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:06,016 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20983#(= |setClientPrivateKey_#in~handle| 1)} {20930#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1074#return; {20904#false} is VALID [2022-02-20 18:03:06,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:03:06,024 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {20984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,026 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,026 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20904#false} #1050#return; {20904#false} is VALID [2022-02-20 18:03:06,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:03:06,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {20985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,037 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,037 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,037 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20904#false} #1052#return; {20904#false} is VALID [2022-02-20 18:03:06,037 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:03:06,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~36; {20903#true} is VALID [2022-02-20 18:03:06,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {20903#true} is VALID [2022-02-20 18:03:06,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,040 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20904#false} #994#return; {20904#false} is VALID [2022-02-20 18:03:06,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:03:06,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~9; {20903#true} is VALID [2022-02-20 18:03:06,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {20903#true} is VALID [2022-02-20 18:03:06,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,042 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20904#false} #996#return; {20904#false} is VALID [2022-02-20 18:03:06,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:03:06,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {20903#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {20903#true} is VALID [2022-02-20 18:03:06,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle; {20903#true} is VALID [2022-02-20 18:03:06,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {20903#true} is VALID [2022-02-20 18:03:06,045 INFO L290 TraceCheckUtils]: 3: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,045 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20903#true} {20904#false} #998#return; {20904#false} is VALID [2022-02-20 18:03:06,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:03:06,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,048 INFO L290 TraceCheckUtils]: 0: Hoare triple {20984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,048 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,048 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20904#false} #1004#return; {20904#false} is VALID [2022-02-20 18:03:06,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:03:06,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~9; {20903#true} is VALID [2022-02-20 18:03:06,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {20903#true} is VALID [2022-02-20 18:03:06,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,050 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20904#false} #1006#return; {20904#false} is VALID [2022-02-20 18:03:06,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 18:03:06,051 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,054 INFO L290 TraceCheckUtils]: 0: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~36; {20903#true} is VALID [2022-02-20 18:03:06,054 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {20903#true} is VALID [2022-02-20 18:03:06,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,054 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20904#false} #1008#return; {20904#false} is VALID [2022-02-20 18:03:06,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 18:03:06,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,059 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:06,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:06,061 INFO L290 TraceCheckUtils]: 0: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~12; {20903#true} is VALID [2022-02-20 18:03:06,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {20903#true} is VALID [2022-02-20 18:03:06,061 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,061 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20903#true} {20903#true} #1108#return; {20903#true} is VALID [2022-02-20 18:03:06,061 INFO L290 TraceCheckUtils]: 0: Hoare triple {20903#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {20903#true} is VALID [2022-02-20 18:03:06,061 INFO L272 TraceCheckUtils]: 1: Hoare triple {20903#true} call #t~ret88#1 := isEncrypted(~msg#1); {20903#true} is VALID [2022-02-20 18:03:06,061 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~12; {20903#true} is VALID [2022-02-20 18:03:06,061 INFO L290 TraceCheckUtils]: 3: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {20903#true} is VALID [2022-02-20 18:03:06,062 INFO L290 TraceCheckUtils]: 4: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,062 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20903#true} {20903#true} #1108#return; {20903#true} is VALID [2022-02-20 18:03:06,062 INFO L290 TraceCheckUtils]: 6: Hoare triple {20903#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {20903#true} is VALID [2022-02-20 18:03:06,062 INFO L290 TraceCheckUtils]: 7: Hoare triple {20903#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {20903#true} is VALID [2022-02-20 18:03:06,062 INFO L290 TraceCheckUtils]: 8: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,062 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {20903#true} {20904#false} #1020#return; {20904#false} is VALID [2022-02-20 18:03:06,062 INFO L290 TraceCheckUtils]: 0: Hoare triple {20903#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {20903#true} is VALID [2022-02-20 18:03:06,062 INFO L290 TraceCheckUtils]: 1: Hoare triple {20903#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {20903#true} is VALID [2022-02-20 18:03:06,063 INFO L290 TraceCheckUtils]: 2: Hoare triple {20903#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {20903#true} is VALID [2022-02-20 18:03:06,063 INFO L290 TraceCheckUtils]: 3: Hoare triple {20903#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {20903#true} is VALID [2022-02-20 18:03:06,063 INFO L290 TraceCheckUtils]: 4: Hoare triple {20903#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {20903#true} is VALID [2022-02-20 18:03:06,063 INFO L290 TraceCheckUtils]: 5: Hoare triple {20903#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {20903#true} is VALID [2022-02-20 18:03:06,063 INFO L272 TraceCheckUtils]: 6: Hoare triple {20903#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:06,064 INFO L290 TraceCheckUtils]: 7: Hoare triple {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,064 INFO L290 TraceCheckUtils]: 8: Hoare triple {20903#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,064 INFO L290 TraceCheckUtils]: 9: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,064 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {20903#true} {20903#true} #1064#return; {20903#true} is VALID [2022-02-20 18:03:06,064 INFO L290 TraceCheckUtils]: 11: Hoare triple {20903#true} assume { :end_inline_setup_bob__wrappee__Base } true; {20903#true} is VALID [2022-02-20 18:03:06,065 INFO L272 TraceCheckUtils]: 12: Hoare triple {20903#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:06,065 INFO L290 TraceCheckUtils]: 13: Hoare triple {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,065 INFO L290 TraceCheckUtils]: 14: Hoare triple {20903#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,065 INFO L290 TraceCheckUtils]: 15: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,065 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {20903#true} {20903#true} #1066#return; {20903#true} is VALID [2022-02-20 18:03:06,065 INFO L290 TraceCheckUtils]: 17: Hoare triple {20903#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {20903#true} is VALID [2022-02-20 18:03:06,066 INFO L272 TraceCheckUtils]: 18: Hoare triple {20903#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:06,066 INFO L290 TraceCheckUtils]: 19: Hoare triple {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,066 INFO L290 TraceCheckUtils]: 20: Hoare triple {20903#true} assume !(1 == ~handle); {20903#true} is VALID [2022-02-20 18:03:06,066 INFO L290 TraceCheckUtils]: 21: Hoare triple {20903#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,066 INFO L290 TraceCheckUtils]: 22: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,066 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {20903#true} {20903#true} #1068#return; {20903#true} is VALID [2022-02-20 18:03:06,066 INFO L290 TraceCheckUtils]: 24: Hoare triple {20903#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {20903#true} is VALID [2022-02-20 18:03:06,067 INFO L272 TraceCheckUtils]: 25: Hoare triple {20903#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:06,067 INFO L290 TraceCheckUtils]: 26: Hoare triple {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,067 INFO L290 TraceCheckUtils]: 27: Hoare triple {20903#true} assume !(1 == ~handle); {20903#true} is VALID [2022-02-20 18:03:06,067 INFO L290 TraceCheckUtils]: 28: Hoare triple {20903#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,067 INFO L290 TraceCheckUtils]: 29: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,068 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {20903#true} {20903#true} #1070#return; {20903#true} is VALID [2022-02-20 18:03:06,068 INFO L290 TraceCheckUtils]: 31: Hoare triple {20903#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {20923#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:06,069 INFO L272 TraceCheckUtils]: 32: Hoare triple {20923#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:06,069 INFO L290 TraceCheckUtils]: 33: Hoare triple {20978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:06,069 INFO L290 TraceCheckUtils]: 34: Hoare triple {20980#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:06,069 INFO L290 TraceCheckUtils]: 35: Hoare triple {20980#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {20980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:06,070 INFO L290 TraceCheckUtils]: 36: Hoare triple {20980#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {20981#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:06,070 INFO L290 TraceCheckUtils]: 37: Hoare triple {20981#(= 3 |setClientId_#in~handle|)} assume true; {20981#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:06,070 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {20981#(= 3 |setClientId_#in~handle|)} {20923#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1072#return; {20930#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:03:06,071 INFO L290 TraceCheckUtils]: 39: Hoare triple {20930#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {20930#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:03:06,071 INFO L272 TraceCheckUtils]: 40: Hoare triple {20930#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:06,071 INFO L290 TraceCheckUtils]: 41: Hoare triple {20979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20982#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:06,072 INFO L290 TraceCheckUtils]: 42: Hoare triple {20982#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20983#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:06,072 INFO L290 TraceCheckUtils]: 43: Hoare triple {20983#(= |setClientPrivateKey_#in~handle| 1)} assume true; {20983#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:06,072 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {20983#(= |setClientPrivateKey_#in~handle| 1)} {20930#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1074#return; {20904#false} is VALID [2022-02-20 18:03:06,072 INFO L290 TraceCheckUtils]: 45: Hoare triple {20904#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {20904#false} is VALID [2022-02-20 18:03:06,073 INFO L290 TraceCheckUtils]: 46: Hoare triple {20904#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20904#false} is VALID [2022-02-20 18:03:06,073 INFO L290 TraceCheckUtils]: 47: Hoare triple {20904#false} assume !false; {20904#false} is VALID [2022-02-20 18:03:06,073 INFO L290 TraceCheckUtils]: 48: Hoare triple {20904#false} assume test_~splverifierCounter~0#1 < 4; {20904#false} is VALID [2022-02-20 18:03:06,073 INFO L290 TraceCheckUtils]: 49: Hoare triple {20904#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {20904#false} is VALID [2022-02-20 18:03:06,073 INFO L290 TraceCheckUtils]: 50: Hoare triple {20904#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet94#1 && test_#t~nondet94#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet94#1;havoc test_#t~nondet94#1; {20904#false} is VALID [2022-02-20 18:03:06,073 INFO L290 TraceCheckUtils]: 51: Hoare triple {20904#false} assume !(0 != test_~tmp___9~0#1); {20904#false} is VALID [2022-02-20 18:03:06,073 INFO L290 TraceCheckUtils]: 52: Hoare triple {20904#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {20904#false} is VALID [2022-02-20 18:03:06,073 INFO L290 TraceCheckUtils]: 53: Hoare triple {20904#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {20904#false} is VALID [2022-02-20 18:03:06,074 INFO L290 TraceCheckUtils]: 54: Hoare triple {20904#false} assume !false; {20904#false} is VALID [2022-02-20 18:03:06,074 INFO L290 TraceCheckUtils]: 55: Hoare triple {20904#false} assume !(test_~splverifierCounter~0#1 < 4); {20904#false} is VALID [2022-02-20 18:03:06,074 INFO L290 TraceCheckUtils]: 56: Hoare triple {20904#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {20904#false} is VALID [2022-02-20 18:03:06,074 INFO L272 TraceCheckUtils]: 57: Hoare triple {20904#false} call sendEmail(~bob~0, ~rjh~0); {20904#false} is VALID [2022-02-20 18:03:06,074 INFO L290 TraceCheckUtils]: 58: Hoare triple {20904#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {20904#false} is VALID [2022-02-20 18:03:06,074 INFO L272 TraceCheckUtils]: 59: Hoare triple {20904#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:06,074 INFO L290 TraceCheckUtils]: 60: Hoare triple {20984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,074 INFO L290 TraceCheckUtils]: 61: Hoare triple {20903#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,074 INFO L290 TraceCheckUtils]: 62: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,074 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {20903#true} {20904#false} #1050#return; {20904#false} is VALID [2022-02-20 18:03:06,075 INFO L272 TraceCheckUtils]: 64: Hoare triple {20904#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {20985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:06,075 INFO L290 TraceCheckUtils]: 65: Hoare triple {20985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,075 INFO L290 TraceCheckUtils]: 66: Hoare triple {20903#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,075 INFO L290 TraceCheckUtils]: 67: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,075 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {20903#true} {20904#false} #1052#return; {20904#false} is VALID [2022-02-20 18:03:06,075 INFO L290 TraceCheckUtils]: 69: Hoare triple {20904#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {20904#false} is VALID [2022-02-20 18:03:06,075 INFO L290 TraceCheckUtils]: 70: Hoare triple {20904#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {20904#false} is VALID [2022-02-20 18:03:06,075 INFO L272 TraceCheckUtils]: 71: Hoare triple {20904#false} call outgoing(~sender#1, ~email~0#1); {20904#false} is VALID [2022-02-20 18:03:06,075 INFO L290 TraceCheckUtils]: 72: Hoare triple {20904#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {20904#false} is VALID [2022-02-20 18:03:06,076 INFO L272 TraceCheckUtils]: 73: Hoare triple {20904#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {20903#true} is VALID [2022-02-20 18:03:06,076 INFO L290 TraceCheckUtils]: 74: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~36; {20903#true} is VALID [2022-02-20 18:03:06,076 INFO L290 TraceCheckUtils]: 75: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {20903#true} is VALID [2022-02-20 18:03:06,076 INFO L290 TraceCheckUtils]: 76: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,076 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {20903#true} {20904#false} #994#return; {20904#false} is VALID [2022-02-20 18:03:06,076 INFO L290 TraceCheckUtils]: 78: Hoare triple {20904#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {20904#false} is VALID [2022-02-20 18:03:06,076 INFO L290 TraceCheckUtils]: 79: Hoare triple {20904#false} assume 0 == sign_~privkey~1#1; {20904#false} is VALID [2022-02-20 18:03:06,076 INFO L290 TraceCheckUtils]: 80: Hoare triple {20904#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {20904#false} is VALID [2022-02-20 18:03:06,076 INFO L272 TraceCheckUtils]: 81: Hoare triple {20904#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {20903#true} is VALID [2022-02-20 18:03:06,077 INFO L290 TraceCheckUtils]: 82: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~9; {20903#true} is VALID [2022-02-20 18:03:06,077 INFO L290 TraceCheckUtils]: 83: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {20903#true} is VALID [2022-02-20 18:03:06,077 INFO L290 TraceCheckUtils]: 84: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,077 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {20903#true} {20904#false} #996#return; {20904#false} is VALID [2022-02-20 18:03:06,077 INFO L290 TraceCheckUtils]: 86: Hoare triple {20904#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {20904#false} is VALID [2022-02-20 18:03:06,077 INFO L272 TraceCheckUtils]: 87: Hoare triple {20904#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {20903#true} is VALID [2022-02-20 18:03:06,077 INFO L290 TraceCheckUtils]: 88: Hoare triple {20903#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {20903#true} is VALID [2022-02-20 18:03:06,077 INFO L290 TraceCheckUtils]: 89: Hoare triple {20903#true} assume 1 == ~handle; {20903#true} is VALID [2022-02-20 18:03:06,077 INFO L290 TraceCheckUtils]: 90: Hoare triple {20903#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {20903#true} is VALID [2022-02-20 18:03:06,078 INFO L290 TraceCheckUtils]: 91: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,078 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {20903#true} {20904#false} #998#return; {20904#false} is VALID [2022-02-20 18:03:06,078 INFO L290 TraceCheckUtils]: 93: Hoare triple {20904#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {20904#false} is VALID [2022-02-20 18:03:06,078 INFO L290 TraceCheckUtils]: 94: Hoare triple {20904#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {20904#false} is VALID [2022-02-20 18:03:06,078 INFO L290 TraceCheckUtils]: 95: Hoare triple {20904#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {20904#false} is VALID [2022-02-20 18:03:06,078 INFO L290 TraceCheckUtils]: 96: Hoare triple {20904#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {20904#false} is VALID [2022-02-20 18:03:06,078 INFO L290 TraceCheckUtils]: 97: Hoare triple {20904#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {20904#false} is VALID [2022-02-20 18:03:06,078 INFO L272 TraceCheckUtils]: 98: Hoare triple {20904#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {20984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:06,078 INFO L290 TraceCheckUtils]: 99: Hoare triple {20984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20903#true} is VALID [2022-02-20 18:03:06,078 INFO L290 TraceCheckUtils]: 100: Hoare triple {20903#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20903#true} is VALID [2022-02-20 18:03:06,079 INFO L290 TraceCheckUtils]: 101: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,079 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {20903#true} {20904#false} #1004#return; {20904#false} is VALID [2022-02-20 18:03:06,079 INFO L290 TraceCheckUtils]: 103: Hoare triple {20904#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {20904#false} is VALID [2022-02-20 18:03:06,079 INFO L272 TraceCheckUtils]: 104: Hoare triple {20904#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {20903#true} is VALID [2022-02-20 18:03:06,079 INFO L290 TraceCheckUtils]: 105: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~9; {20903#true} is VALID [2022-02-20 18:03:06,079 INFO L290 TraceCheckUtils]: 106: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {20903#true} is VALID [2022-02-20 18:03:06,079 INFO L290 TraceCheckUtils]: 107: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,079 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {20903#true} {20904#false} #1006#return; {20904#false} is VALID [2022-02-20 18:03:06,080 INFO L290 TraceCheckUtils]: 109: Hoare triple {20904#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {20904#false} is VALID [2022-02-20 18:03:06,080 INFO L272 TraceCheckUtils]: 110: Hoare triple {20904#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {20903#true} is VALID [2022-02-20 18:03:06,080 INFO L290 TraceCheckUtils]: 111: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~36; {20903#true} is VALID [2022-02-20 18:03:06,080 INFO L290 TraceCheckUtils]: 112: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {20903#true} is VALID [2022-02-20 18:03:06,080 INFO L290 TraceCheckUtils]: 113: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,080 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {20903#true} {20904#false} #1008#return; {20904#false} is VALID [2022-02-20 18:03:06,080 INFO L290 TraceCheckUtils]: 115: Hoare triple {20904#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {20904#false} is VALID [2022-02-20 18:03:06,080 INFO L290 TraceCheckUtils]: 116: Hoare triple {20904#false} assume !(0 != incoming_~privkey~0#1); {20904#false} is VALID [2022-02-20 18:03:06,081 INFO L290 TraceCheckUtils]: 117: Hoare triple {20904#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {20904#false} is VALID [2022-02-20 18:03:06,081 INFO L272 TraceCheckUtils]: 118: Hoare triple {20904#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {20903#true} is VALID [2022-02-20 18:03:06,081 INFO L290 TraceCheckUtils]: 119: Hoare triple {20903#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {20903#true} is VALID [2022-02-20 18:03:06,081 INFO L272 TraceCheckUtils]: 120: Hoare triple {20903#true} call #t~ret88#1 := isEncrypted(~msg#1); {20903#true} is VALID [2022-02-20 18:03:06,081 INFO L290 TraceCheckUtils]: 121: Hoare triple {20903#true} ~handle := #in~handle;havoc ~retValue_acc~12; {20903#true} is VALID [2022-02-20 18:03:06,081 INFO L290 TraceCheckUtils]: 122: Hoare triple {20903#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {20903#true} is VALID [2022-02-20 18:03:06,081 INFO L290 TraceCheckUtils]: 123: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,082 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {20903#true} {20903#true} #1108#return; {20903#true} is VALID [2022-02-20 18:03:06,082 INFO L290 TraceCheckUtils]: 125: Hoare triple {20903#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {20903#true} is VALID [2022-02-20 18:03:06,082 INFO L290 TraceCheckUtils]: 126: Hoare triple {20903#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {20903#true} is VALID [2022-02-20 18:03:06,082 INFO L290 TraceCheckUtils]: 127: Hoare triple {20903#true} assume true; {20903#true} is VALID [2022-02-20 18:03:06,082 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {20903#true} {20904#false} #1020#return; {20904#false} is VALID [2022-02-20 18:03:06,082 INFO L290 TraceCheckUtils]: 129: Hoare triple {20904#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {20904#false} is VALID [2022-02-20 18:03:06,082 INFO L290 TraceCheckUtils]: 130: Hoare triple {20904#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {20904#false} is VALID [2022-02-20 18:03:06,082 INFO L290 TraceCheckUtils]: 131: Hoare triple {20904#false} assume !false; {20904#false} is VALID [2022-02-20 18:03:06,083 INFO L134 CoverageAnalysis]: Checked inductivity of 39 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:03:06,083 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:06,083 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [687655581] [2022-02-20 18:03:06,083 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [687655581] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:06,083 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:06,084 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:03:06,084 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [922519790] [2022-02-20 18:03:06,084 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:06,085 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.636363636363637) internal successors, (84), 8 states have internal predecessors, (84), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) Word has length 132 [2022-02-20 18:03:06,085 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:06,085 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.636363636363637) internal successors, (84), 8 states have internal predecessors, (84), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) [2022-02-20 18:03:06,170 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 118 edges. 118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:06,171 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:03:06,171 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:06,172 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:03:06,172 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:06,172 INFO L87 Difference]: Start difference. First operand 416 states and 626 transitions. Second operand has 12 states, 11 states have (on average 7.636363636363637) internal successors, (84), 8 states have internal predecessors, (84), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) [2022-02-20 18:03:17,469 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:17,470 INFO L93 Difference]: Finished difference Result 987 states and 1484 transitions. [2022-02-20 18:03:17,470 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:03:17,470 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.636363636363637) internal successors, (84), 8 states have internal predecessors, (84), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) Word has length 132 [2022-02-20 18:03:17,470 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:17,471 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.636363636363637) internal successors, (84), 8 states have internal predecessors, (84), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) [2022-02-20 18:03:17,484 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1302 transitions. [2022-02-20 18:03:17,485 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.636363636363637) internal successors, (84), 8 states have internal predecessors, (84), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) [2022-02-20 18:03:17,514 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1302 transitions. [2022-02-20 18:03:17,514 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1302 transitions. [2022-02-20 18:03:18,723 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1302 edges. 1302 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:18,748 INFO L225 Difference]: With dead ends: 987 [2022-02-20 18:03:18,748 INFO L226 Difference]: Without dead ends: 598 [2022-02-20 18:03:18,750 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 57 GetRequests, 35 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:03:18,750 INFO L933 BasicCegarLoop]: 582 mSDtfsCounter, 1537 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 3807 mSolverCounterSat, 589 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 5.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1537 SdHoareTripleChecker+Valid, 1714 SdHoareTripleChecker+Invalid, 4396 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 589 IncrementalHoareTripleChecker+Valid, 3807 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 5.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:18,750 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1537 Valid, 1714 Invalid, 4396 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [589 Valid, 3807 Invalid, 0 Unknown, 0 Unchecked, 5.3s Time] [2022-02-20 18:03:18,752 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 598 states. [2022-02-20 18:03:18,855 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 598 to 416. [2022-02-20 18:03:18,855 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:18,857 INFO L82 GeneralOperation]: Start isEquivalent. First operand 598 states. Second operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) [2022-02-20 18:03:18,857 INFO L74 IsIncluded]: Start isIncluded. First operand 598 states. Second operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) [2022-02-20 18:03:18,858 INFO L87 Difference]: Start difference. First operand 598 states. Second operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) [2022-02-20 18:03:18,884 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:18,884 INFO L93 Difference]: Finished difference Result 598 states and 895 transitions. [2022-02-20 18:03:18,884 INFO L276 IsEmpty]: Start isEmpty. Operand 598 states and 895 transitions. [2022-02-20 18:03:18,888 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:18,888 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:18,889 INFO L74 IsIncluded]: Start isIncluded. First operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) Second operand 598 states. [2022-02-20 18:03:18,890 INFO L87 Difference]: Start difference. First operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) Second operand 598 states. [2022-02-20 18:03:18,915 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:18,915 INFO L93 Difference]: Finished difference Result 598 states and 895 transitions. [2022-02-20 18:03:18,916 INFO L276 IsEmpty]: Start isEmpty. Operand 598 states and 895 transitions. [2022-02-20 18:03:18,919 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:18,919 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:18,919 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:18,919 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:18,920 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 416 states, 320 states have (on average 1.503125) internal successors, (481), 326 states have internal predecessors, (481), 69 states have call successors, (69), 23 states have call predecessors, (69), 26 states have return successors, (75), 68 states have call predecessors, (75), 68 states have call successors, (75) [2022-02-20 18:03:18,936 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 416 states to 416 states and 625 transitions. [2022-02-20 18:03:18,937 INFO L78 Accepts]: Start accepts. Automaton has 416 states and 625 transitions. Word has length 132 [2022-02-20 18:03:18,937 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:18,937 INFO L470 AbstractCegarLoop]: Abstraction has 416 states and 625 transitions. [2022-02-20 18:03:18,937 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.636363636363637) internal successors, (84), 8 states have internal predecessors, (84), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) [2022-02-20 18:03:18,938 INFO L276 IsEmpty]: Start isEmpty. Operand 416 states and 625 transitions. [2022-02-20 18:03:18,940 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 134 [2022-02-20 18:03:18,940 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:18,940 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:18,940 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:03:18,940 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:18,941 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:18,941 INFO L85 PathProgramCache]: Analyzing trace with hash -273473343, now seen corresponding path program 2 times [2022-02-20 18:03:18,941 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:18,941 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [5381847] [2022-02-20 18:03:18,941 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:18,941 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:18,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:19,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,022 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24217#true} #1064#return; {24217#true} is VALID [2022-02-20 18:03:19,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:19,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24217#true} #1066#return; {24217#true} is VALID [2022-02-20 18:03:19,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:19,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,041 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume !(1 == ~handle); {24217#true} is VALID [2022-02-20 18:03:19,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,042 INFO L290 TraceCheckUtils]: 3: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,042 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24217#true} {24217#true} #1068#return; {24217#true} is VALID [2022-02-20 18:03:19,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:19,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,046 INFO L290 TraceCheckUtils]: 0: Hoare triple {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume !(1 == ~handle); {24217#true} is VALID [2022-02-20 18:03:19,047 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,047 INFO L290 TraceCheckUtils]: 3: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,047 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24217#true} {24217#true} #1070#return; {24217#true} is VALID [2022-02-20 18:03:19,047 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:19,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,067 INFO L290 TraceCheckUtils]: 0: Hoare triple {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24295#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {24295#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {24295#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {24295#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {24295#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,068 INFO L290 TraceCheckUtils]: 3: Hoare triple {24295#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24296#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,069 INFO L290 TraceCheckUtils]: 4: Hoare triple {24296#(= 3 |setClientId_#in~handle|)} assume true; {24296#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,069 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24296#(= 3 |setClientId_#in~handle|)} {24237#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1072#return; {24244#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:19,069 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:03:19,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24297#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:19,088 INFO L290 TraceCheckUtils]: 1: Hoare triple {24297#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {24297#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:19,089 INFO L290 TraceCheckUtils]: 2: Hoare triple {24297#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24298#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:19,089 INFO L290 TraceCheckUtils]: 3: Hoare triple {24298#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {24298#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:19,090 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24298#(= 2 |setClientPrivateKey_#in~handle|)} {24244#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1074#return; {24218#false} is VALID [2022-02-20 18:03:19,098 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:03:19,099 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {24299#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,101 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,101 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24218#false} #1050#return; {24218#false} is VALID [2022-02-20 18:03:19,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:03:19,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {24300#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,113 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,113 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24218#false} #1052#return; {24218#false} is VALID [2022-02-20 18:03:19,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:03:19,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24217#true} is VALID [2022-02-20 18:03:19,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {24217#true} is VALID [2022-02-20 18:03:19,116 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,117 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24218#false} #994#return; {24218#false} is VALID [2022-02-20 18:03:19,117 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:03:19,118 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,120 INFO L290 TraceCheckUtils]: 0: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~9; {24217#true} is VALID [2022-02-20 18:03:19,120 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {24217#true} is VALID [2022-02-20 18:03:19,120 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,120 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24218#false} #996#return; {24218#false} is VALID [2022-02-20 18:03:19,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:03:19,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {24217#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {24217#true} is VALID [2022-02-20 18:03:19,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle; {24217#true} is VALID [2022-02-20 18:03:19,125 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {24217#true} is VALID [2022-02-20 18:03:19,125 INFO L290 TraceCheckUtils]: 3: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,125 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24217#true} {24218#false} #998#return; {24218#false} is VALID [2022-02-20 18:03:19,126 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:03:19,127 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,129 INFO L290 TraceCheckUtils]: 0: Hoare triple {24299#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,129 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,129 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,129 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24218#false} #1004#return; {24218#false} is VALID [2022-02-20 18:03:19,129 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:03:19,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,132 INFO L290 TraceCheckUtils]: 0: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~9; {24217#true} is VALID [2022-02-20 18:03:19,132 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {24217#true} is VALID [2022-02-20 18:03:19,133 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24218#false} #1006#return; {24218#false} is VALID [2022-02-20 18:03:19,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:03:19,134 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,136 INFO L290 TraceCheckUtils]: 0: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24217#true} is VALID [2022-02-20 18:03:19,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {24217#true} is VALID [2022-02-20 18:03:19,136 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,137 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24218#false} #1008#return; {24218#false} is VALID [2022-02-20 18:03:19,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 18:03:19,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2022-02-20 18:03:19,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:19,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~12; {24217#true} is VALID [2022-02-20 18:03:19,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {24217#true} is VALID [2022-02-20 18:03:19,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,144 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24217#true} {24217#true} #1108#return; {24217#true} is VALID [2022-02-20 18:03:19,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {24217#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {24217#true} is VALID [2022-02-20 18:03:19,145 INFO L272 TraceCheckUtils]: 1: Hoare triple {24217#true} call #t~ret88#1 := isEncrypted(~msg#1); {24217#true} is VALID [2022-02-20 18:03:19,145 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~12; {24217#true} is VALID [2022-02-20 18:03:19,145 INFO L290 TraceCheckUtils]: 3: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {24217#true} is VALID [2022-02-20 18:03:19,145 INFO L290 TraceCheckUtils]: 4: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,145 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24217#true} {24217#true} #1108#return; {24217#true} is VALID [2022-02-20 18:03:19,145 INFO L290 TraceCheckUtils]: 6: Hoare triple {24217#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {24217#true} is VALID [2022-02-20 18:03:19,145 INFO L290 TraceCheckUtils]: 7: Hoare triple {24217#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {24217#true} is VALID [2022-02-20 18:03:19,145 INFO L290 TraceCheckUtils]: 8: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,146 INFO L284 TraceCheckUtils]: 9: Hoare quadruple {24217#true} {24218#false} #1020#return; {24218#false} is VALID [2022-02-20 18:03:19,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {24217#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(25, 36);call #Ultimate.allocInit(4, 37);call write~init~int(37, 37, 0, 1);call write~init~int(115, 37, 1, 1);call write~init~int(10, 37, 2, 1);call write~init~int(0, 37, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {24217#true} is VALID [2022-02-20 18:03:19,146 INFO L290 TraceCheckUtils]: 1: Hoare triple {24217#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {24217#true} is VALID [2022-02-20 18:03:19,146 INFO L290 TraceCheckUtils]: 2: Hoare triple {24217#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24217#true} is VALID [2022-02-20 18:03:19,146 INFO L290 TraceCheckUtils]: 3: Hoare triple {24217#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~26#1;havoc valid_product_~retValue_acc~26#1;valid_product_~retValue_acc~26#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~26#1; {24217#true} is VALID [2022-02-20 18:03:19,146 INFO L290 TraceCheckUtils]: 4: Hoare triple {24217#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {24217#true} is VALID [2022-02-20 18:03:19,146 INFO L290 TraceCheckUtils]: 5: Hoare triple {24217#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24217#true} is VALID [2022-02-20 18:03:19,147 INFO L272 TraceCheckUtils]: 6: Hoare triple {24217#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:19,147 INFO L290 TraceCheckUtils]: 7: Hoare triple {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,147 INFO L290 TraceCheckUtils]: 8: Hoare triple {24217#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,148 INFO L290 TraceCheckUtils]: 9: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,148 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24217#true} {24217#true} #1064#return; {24217#true} is VALID [2022-02-20 18:03:19,148 INFO L290 TraceCheckUtils]: 11: Hoare triple {24217#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24217#true} is VALID [2022-02-20 18:03:19,148 INFO L272 TraceCheckUtils]: 12: Hoare triple {24217#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:19,149 INFO L290 TraceCheckUtils]: 13: Hoare triple {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,149 INFO L290 TraceCheckUtils]: 14: Hoare triple {24217#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,149 INFO L290 TraceCheckUtils]: 15: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,149 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24217#true} {24217#true} #1066#return; {24217#true} is VALID [2022-02-20 18:03:19,149 INFO L290 TraceCheckUtils]: 17: Hoare triple {24217#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24217#true} is VALID [2022-02-20 18:03:19,150 INFO L272 TraceCheckUtils]: 18: Hoare triple {24217#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:19,150 INFO L290 TraceCheckUtils]: 19: Hoare triple {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,150 INFO L290 TraceCheckUtils]: 20: Hoare triple {24217#true} assume !(1 == ~handle); {24217#true} is VALID [2022-02-20 18:03:19,150 INFO L290 TraceCheckUtils]: 21: Hoare triple {24217#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,150 INFO L290 TraceCheckUtils]: 22: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,150 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24217#true} {24217#true} #1068#return; {24217#true} is VALID [2022-02-20 18:03:19,150 INFO L290 TraceCheckUtils]: 24: Hoare triple {24217#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24217#true} is VALID [2022-02-20 18:03:19,151 INFO L272 TraceCheckUtils]: 25: Hoare triple {24217#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:19,151 INFO L290 TraceCheckUtils]: 26: Hoare triple {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,151 INFO L290 TraceCheckUtils]: 27: Hoare triple {24217#true} assume !(1 == ~handle); {24217#true} is VALID [2022-02-20 18:03:19,151 INFO L290 TraceCheckUtils]: 28: Hoare triple {24217#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,152 INFO L290 TraceCheckUtils]: 29: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,152 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24217#true} {24217#true} #1070#return; {24217#true} is VALID [2022-02-20 18:03:19,152 INFO L290 TraceCheckUtils]: 31: Hoare triple {24217#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24237#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:19,153 INFO L272 TraceCheckUtils]: 32: Hoare triple {24237#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:19,153 INFO L290 TraceCheckUtils]: 33: Hoare triple {24293#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24295#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,153 INFO L290 TraceCheckUtils]: 34: Hoare triple {24295#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {24295#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,154 INFO L290 TraceCheckUtils]: 35: Hoare triple {24295#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {24295#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,154 INFO L290 TraceCheckUtils]: 36: Hoare triple {24295#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24296#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,154 INFO L290 TraceCheckUtils]: 37: Hoare triple {24296#(= 3 |setClientId_#in~handle|)} assume true; {24296#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:19,155 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24296#(= 3 |setClientId_#in~handle|)} {24237#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1072#return; {24244#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:19,155 INFO L290 TraceCheckUtils]: 39: Hoare triple {24244#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {24244#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:19,156 INFO L272 TraceCheckUtils]: 40: Hoare triple {24244#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:19,156 INFO L290 TraceCheckUtils]: 41: Hoare triple {24294#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24297#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:19,157 INFO L290 TraceCheckUtils]: 42: Hoare triple {24297#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {24297#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:19,157 INFO L290 TraceCheckUtils]: 43: Hoare triple {24297#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24298#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:19,157 INFO L290 TraceCheckUtils]: 44: Hoare triple {24298#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {24298#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:19,158 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {24298#(= 2 |setClientPrivateKey_#in~handle|)} {24244#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1074#return; {24218#false} is VALID [2022-02-20 18:03:19,158 INFO L290 TraceCheckUtils]: 46: Hoare triple {24218#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {24218#false} is VALID [2022-02-20 18:03:19,158 INFO L290 TraceCheckUtils]: 47: Hoare triple {24218#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet94#1, test_#t~nondet95#1, test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~23#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~23#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24218#false} is VALID [2022-02-20 18:03:19,158 INFO L290 TraceCheckUtils]: 48: Hoare triple {24218#false} assume !false; {24218#false} is VALID [2022-02-20 18:03:19,158 INFO L290 TraceCheckUtils]: 49: Hoare triple {24218#false} assume test_~splverifierCounter~0#1 < 4; {24218#false} is VALID [2022-02-20 18:03:19,159 INFO L290 TraceCheckUtils]: 50: Hoare triple {24218#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24218#false} is VALID [2022-02-20 18:03:19,159 INFO L290 TraceCheckUtils]: 51: Hoare triple {24218#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet94#1 && test_#t~nondet94#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet94#1;havoc test_#t~nondet94#1; {24218#false} is VALID [2022-02-20 18:03:19,159 INFO L290 TraceCheckUtils]: 52: Hoare triple {24218#false} assume !(0 != test_~tmp___9~0#1); {24218#false} is VALID [2022-02-20 18:03:19,159 INFO L290 TraceCheckUtils]: 53: Hoare triple {24218#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet95#1 && test_#t~nondet95#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet95#1;havoc test_#t~nondet95#1; {24218#false} is VALID [2022-02-20 18:03:19,159 INFO L290 TraceCheckUtils]: 54: Hoare triple {24218#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {24218#false} is VALID [2022-02-20 18:03:19,159 INFO L290 TraceCheckUtils]: 55: Hoare triple {24218#false} assume !false; {24218#false} is VALID [2022-02-20 18:03:19,159 INFO L290 TraceCheckUtils]: 56: Hoare triple {24218#false} assume !(test_~splverifierCounter~0#1 < 4); {24218#false} is VALID [2022-02-20 18:03:19,159 INFO L290 TraceCheckUtils]: 57: Hoare triple {24218#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {24218#false} is VALID [2022-02-20 18:03:19,160 INFO L272 TraceCheckUtils]: 58: Hoare triple {24218#false} call sendEmail(~bob~0, ~rjh~0); {24218#false} is VALID [2022-02-20 18:03:19,160 INFO L290 TraceCheckUtils]: 59: Hoare triple {24218#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~10#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~23#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~23#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24218#false} is VALID [2022-02-20 18:03:19,160 INFO L272 TraceCheckUtils]: 60: Hoare triple {24218#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24299#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:19,160 INFO L290 TraceCheckUtils]: 61: Hoare triple {24299#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,160 INFO L290 TraceCheckUtils]: 62: Hoare triple {24217#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,160 INFO L290 TraceCheckUtils]: 63: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,160 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {24217#true} {24218#false} #1050#return; {24218#false} is VALID [2022-02-20 18:03:19,161 INFO L272 TraceCheckUtils]: 65: Hoare triple {24218#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24300#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:19,161 INFO L290 TraceCheckUtils]: 66: Hoare triple {24300#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,161 INFO L290 TraceCheckUtils]: 67: Hoare triple {24217#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,161 INFO L290 TraceCheckUtils]: 68: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,161 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {24217#true} {24218#false} #1052#return; {24218#false} is VALID [2022-02-20 18:03:19,161 INFO L290 TraceCheckUtils]: 70: Hoare triple {24218#false} createEmail_~retValue_acc~23#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~23#1; {24218#false} is VALID [2022-02-20 18:03:19,161 INFO L290 TraceCheckUtils]: 71: Hoare triple {24218#false} #t~ret37#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret37#1 && #t~ret37#1 <= 2147483647;~tmp~10#1 := #t~ret37#1;havoc #t~ret37#1;~email~0#1 := ~tmp~10#1; {24218#false} is VALID [2022-02-20 18:03:19,162 INFO L272 TraceCheckUtils]: 72: Hoare triple {24218#false} call outgoing(~sender#1, ~email~0#1); {24218#false} is VALID [2022-02-20 18:03:19,162 INFO L290 TraceCheckUtils]: 73: Hoare triple {24218#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret39#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~11#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~11#1; {24218#false} is VALID [2022-02-20 18:03:19,162 INFO L272 TraceCheckUtils]: 74: Hoare triple {24218#false} call sign_#t~ret39#1 := getClientPrivateKey(sign_~client#1); {24217#true} is VALID [2022-02-20 18:03:19,162 INFO L290 TraceCheckUtils]: 75: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24217#true} is VALID [2022-02-20 18:03:19,162 INFO L290 TraceCheckUtils]: 76: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {24217#true} is VALID [2022-02-20 18:03:19,162 INFO L290 TraceCheckUtils]: 77: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,162 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {24217#true} {24218#false} #994#return; {24218#false} is VALID [2022-02-20 18:03:19,163 INFO L290 TraceCheckUtils]: 79: Hoare triple {24218#false} assume -2147483648 <= sign_#t~ret39#1 && sign_#t~ret39#1 <= 2147483647;sign_~tmp~11#1 := sign_#t~ret39#1;havoc sign_#t~ret39#1;sign_~privkey~1#1 := sign_~tmp~11#1; {24218#false} is VALID [2022-02-20 18:03:19,163 INFO L290 TraceCheckUtils]: 80: Hoare triple {24218#false} assume 0 == sign_~privkey~1#1; {24218#false} is VALID [2022-02-20 18:03:19,163 INFO L290 TraceCheckUtils]: 81: Hoare triple {24218#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1, outgoing__wrappee__Encrypt_#t~ret29#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~6#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~2#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~6#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~2#1; {24218#false} is VALID [2022-02-20 18:03:19,163 INFO L272 TraceCheckUtils]: 82: Hoare triple {24218#false} call outgoing__wrappee__Encrypt_#t~ret28#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {24217#true} is VALID [2022-02-20 18:03:19,163 INFO L290 TraceCheckUtils]: 83: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~9; {24217#true} is VALID [2022-02-20 18:03:19,163 INFO L290 TraceCheckUtils]: 84: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {24217#true} is VALID [2022-02-20 18:03:19,163 INFO L290 TraceCheckUtils]: 85: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,164 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {24217#true} {24218#false} #996#return; {24218#false} is VALID [2022-02-20 18:03:19,164 INFO L290 TraceCheckUtils]: 87: Hoare triple {24218#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret28#1 && outgoing__wrappee__Encrypt_#t~ret28#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~6#1 := outgoing__wrappee__Encrypt_#t~ret28#1;havoc outgoing__wrappee__Encrypt_#t~ret28#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~6#1; {24218#false} is VALID [2022-02-20 18:03:19,164 INFO L272 TraceCheckUtils]: 88: Hoare triple {24218#false} call outgoing__wrappee__Encrypt_#t~ret29#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {24217#true} is VALID [2022-02-20 18:03:19,164 INFO L290 TraceCheckUtils]: 89: Hoare triple {24217#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~41; {24217#true} is VALID [2022-02-20 18:03:19,164 INFO L290 TraceCheckUtils]: 90: Hoare triple {24217#true} assume 1 == ~handle; {24217#true} is VALID [2022-02-20 18:03:19,165 INFO L290 TraceCheckUtils]: 91: Hoare triple {24217#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~41 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~41; {24217#true} is VALID [2022-02-20 18:03:19,165 INFO L290 TraceCheckUtils]: 92: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,165 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {24217#true} {24218#false} #998#return; {24218#false} is VALID [2022-02-20 18:03:19,165 INFO L290 TraceCheckUtils]: 94: Hoare triple {24218#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret29#1 && outgoing__wrappee__Encrypt_#t~ret29#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~2#1 := outgoing__wrappee__Encrypt_#t~ret29#1;havoc outgoing__wrappee__Encrypt_#t~ret29#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~2#1; {24218#false} is VALID [2022-02-20 18:03:19,165 INFO L290 TraceCheckUtils]: 95: Hoare triple {24218#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {24218#false} is VALID [2022-02-20 18:03:19,165 INFO L290 TraceCheckUtils]: 96: Hoare triple {24218#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret27#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {24218#false} is VALID [2022-02-20 18:03:19,165 INFO L290 TraceCheckUtils]: 97: Hoare triple {24218#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {24218#false} is VALID [2022-02-20 18:03:19,166 INFO L290 TraceCheckUtils]: 98: Hoare triple {24218#false} outgoing__wrappee__Keys_#t~ret27#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret27#1 && outgoing__wrappee__Keys_#t~ret27#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret27#1;havoc outgoing__wrappee__Keys_#t~ret27#1; {24218#false} is VALID [2022-02-20 18:03:19,166 INFO L272 TraceCheckUtils]: 99: Hoare triple {24218#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {24299#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:19,166 INFO L290 TraceCheckUtils]: 100: Hoare triple {24299#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24217#true} is VALID [2022-02-20 18:03:19,166 INFO L290 TraceCheckUtils]: 101: Hoare triple {24217#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24217#true} is VALID [2022-02-20 18:03:19,166 INFO L290 TraceCheckUtils]: 102: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,166 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {24217#true} {24218#false} #1004#return; {24218#false} is VALID [2022-02-20 18:03:19,166 INFO L290 TraceCheckUtils]: 104: Hoare triple {24218#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret25#1, mail_#t~ret26#1, mail_~client#1, mail_~msg#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~tmp~4#1;call mail_#t~ret25#1 := puts(12, 0);assume -2147483648 <= mail_#t~ret25#1 && mail_#t~ret25#1 <= 2147483647;havoc mail_#t~ret25#1; {24218#false} is VALID [2022-02-20 18:03:19,166 INFO L272 TraceCheckUtils]: 105: Hoare triple {24218#false} call mail_#t~ret26#1 := getEmailTo(mail_~msg#1); {24217#true} is VALID [2022-02-20 18:03:19,167 INFO L290 TraceCheckUtils]: 106: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~9; {24217#true} is VALID [2022-02-20 18:03:19,167 INFO L290 TraceCheckUtils]: 107: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_email_to0~0;#res := ~retValue_acc~9; {24217#true} is VALID [2022-02-20 18:03:19,167 INFO L290 TraceCheckUtils]: 108: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,167 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {24217#true} {24218#false} #1006#return; {24218#false} is VALID [2022-02-20 18:03:19,167 INFO L290 TraceCheckUtils]: 110: Hoare triple {24218#false} assume -2147483648 <= mail_#t~ret26#1 && mail_#t~ret26#1 <= 2147483647;mail_~tmp~4#1 := mail_#t~ret26#1;havoc mail_#t~ret26#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~4#1, mail_~msg#1;havoc incoming_#t~ret32#1, incoming_#t~ret33#1, incoming_#t~ret34#1, incoming_#t~ret35#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~8#1, incoming_~tmp___0~3#1, incoming_~tmp___1~1#1, incoming_~tmp___2~0#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~8#1;havoc incoming_~tmp___0~3#1;havoc incoming_~tmp___1~1#1;havoc incoming_~tmp___2~0#1; {24218#false} is VALID [2022-02-20 18:03:19,167 INFO L272 TraceCheckUtils]: 111: Hoare triple {24218#false} call incoming_#t~ret32#1 := getClientPrivateKey(incoming_~client#1); {24217#true} is VALID [2022-02-20 18:03:19,167 INFO L290 TraceCheckUtils]: 112: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24217#true} is VALID [2022-02-20 18:03:19,168 INFO L290 TraceCheckUtils]: 113: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~36; {24217#true} is VALID [2022-02-20 18:03:19,168 INFO L290 TraceCheckUtils]: 114: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,168 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {24217#true} {24218#false} #1008#return; {24218#false} is VALID [2022-02-20 18:03:19,168 INFO L290 TraceCheckUtils]: 116: Hoare triple {24218#false} assume -2147483648 <= incoming_#t~ret32#1 && incoming_#t~ret32#1 <= 2147483647;incoming_~tmp~8#1 := incoming_#t~ret32#1;havoc incoming_#t~ret32#1;incoming_~privkey~0#1 := incoming_~tmp~8#1; {24218#false} is VALID [2022-02-20 18:03:19,168 INFO L290 TraceCheckUtils]: 117: Hoare triple {24218#false} assume !(0 != incoming_~privkey~0#1); {24218#false} is VALID [2022-02-20 18:03:19,168 INFO L290 TraceCheckUtils]: 118: Hoare triple {24218#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret41#1, verify_#t~ret42#1, verify_#t~ret43#1, verify_#t~ret44#1, verify_#t~ret45#1, verify_#t~ret46#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~0#1, verify_~tmp~12#1, verify_~tmp___0~4#1, verify_~pubkey~1#1, verify_~tmp___1~2#1, verify_~tmp___2~1#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~0#1;havoc verify_~tmp~12#1;havoc verify_~tmp___0~4#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~2#1;havoc verify_~tmp___2~1#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__EncryptVerify_spec__1 } true;__utac_acc__EncryptVerify_spec__1_#in~msg#1 := verify_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1, __utac_acc__EncryptVerify_spec__1_~msg#1, __utac_acc__EncryptVerify_spec__1_~tmp~3#1;__utac_acc__EncryptVerify_spec__1_~msg#1 := __utac_acc__EncryptVerify_spec__1_#in~msg#1;havoc __utac_acc__EncryptVerify_spec__1_~tmp~3#1; {24218#false} is VALID [2022-02-20 18:03:19,168 INFO L272 TraceCheckUtils]: 119: Hoare triple {24218#false} call __utac_acc__EncryptVerify_spec__1_#t~ret24#1 := isReadable(__utac_acc__EncryptVerify_spec__1_~msg#1); {24217#true} is VALID [2022-02-20 18:03:19,169 INFO L290 TraceCheckUtils]: 120: Hoare triple {24217#true} ~msg#1 := #in~msg#1;havoc ~retValue_acc~21#1;havoc ~tmp~20#1; {24217#true} is VALID [2022-02-20 18:03:19,169 INFO L272 TraceCheckUtils]: 121: Hoare triple {24217#true} call #t~ret88#1 := isEncrypted(~msg#1); {24217#true} is VALID [2022-02-20 18:03:19,169 INFO L290 TraceCheckUtils]: 122: Hoare triple {24217#true} ~handle := #in~handle;havoc ~retValue_acc~12; {24217#true} is VALID [2022-02-20 18:03:19,169 INFO L290 TraceCheckUtils]: 123: Hoare triple {24217#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~12; {24217#true} is VALID [2022-02-20 18:03:19,169 INFO L290 TraceCheckUtils]: 124: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,169 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {24217#true} {24217#true} #1108#return; {24217#true} is VALID [2022-02-20 18:03:19,169 INFO L290 TraceCheckUtils]: 126: Hoare triple {24217#true} assume -2147483648 <= #t~ret88#1 && #t~ret88#1 <= 2147483647;~tmp~20#1 := #t~ret88#1;havoc #t~ret88#1; {24217#true} is VALID [2022-02-20 18:03:19,169 INFO L290 TraceCheckUtils]: 127: Hoare triple {24217#true} assume 0 != ~tmp~20#1;~retValue_acc~21#1 := 0;#res#1 := ~retValue_acc~21#1; {24217#true} is VALID [2022-02-20 18:03:19,170 INFO L290 TraceCheckUtils]: 128: Hoare triple {24217#true} assume true; {24217#true} is VALID [2022-02-20 18:03:19,170 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {24217#true} {24218#false} #1020#return; {24218#false} is VALID [2022-02-20 18:03:19,170 INFO L290 TraceCheckUtils]: 130: Hoare triple {24218#false} assume -2147483648 <= __utac_acc__EncryptVerify_spec__1_#t~ret24#1 && __utac_acc__EncryptVerify_spec__1_#t~ret24#1 <= 2147483647;__utac_acc__EncryptVerify_spec__1_~tmp~3#1 := __utac_acc__EncryptVerify_spec__1_#t~ret24#1;havoc __utac_acc__EncryptVerify_spec__1_#t~ret24#1; {24218#false} is VALID [2022-02-20 18:03:19,170 INFO L290 TraceCheckUtils]: 131: Hoare triple {24218#false} assume !(0 != __utac_acc__EncryptVerify_spec__1_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {24218#false} is VALID [2022-02-20 18:03:19,170 INFO L290 TraceCheckUtils]: 132: Hoare triple {24218#false} assume !false; {24218#false} is VALID [2022-02-20 18:03:19,171 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 18:03:19,171 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:19,171 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [5381847] [2022-02-20 18:03:19,171 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [5381847] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:19,171 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:19,171 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:03:19,172 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2009492330] [2022-02-20 18:03:19,172 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:19,172 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.7272727272727275) internal successors, (85), 8 states have internal predecessors, (85), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) Word has length 133 [2022-02-20 18:03:19,172 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:19,173 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.7272727272727275) internal successors, (85), 8 states have internal predecessors, (85), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16) [2022-02-20 18:03:19,249 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:19,250 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:03:19,250 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:19,250 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:03:19,250 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:19,251 INFO L87 Difference]: Start difference. First operand 416 states and 625 transitions. Second operand has 12 states, 11 states have (on average 7.7272727272727275) internal successors, (85), 8 states have internal predecessors, (85), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (16), 3 states have call predecessors, (16), 4 states have call successors, (16)