./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec8_product16.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec8_product16.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 8a7679b9688c44fd84543e8b684d34e72b379518d806d27199a245477e871776 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:03:03,948 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:03:03,950 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:03:03,996 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:03:03,996 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:03:04,000 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:03:04,001 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:03:04,004 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:03:04,005 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:03:04,009 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:03:04,010 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:03:04,011 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:03:04,011 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:03:04,013 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:03:04,015 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:03:04,017 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:03:04,018 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:03:04,019 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:03:04,021 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:03:04,028 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:03:04,029 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:03:04,030 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:03:04,035 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:03:04,036 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:03:04,038 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:03:04,038 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:03:04,039 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:03:04,040 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:03:04,040 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:03:04,041 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:03:04,041 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:03:04,042 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:03:04,043 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:03:04,044 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:03:04,045 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:03:04,045 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:03:04,046 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:03:04,046 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:03:04,046 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:03:04,047 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:03:04,047 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:03:04,048 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:03:04,080 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:03:04,080 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:03:04,081 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:03:04,081 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:03:04,082 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:03:04,082 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:03:04,082 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:03:04,083 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:03:04,083 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:03:04,083 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:03:04,084 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:03:04,084 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:03:04,084 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:03:04,084 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:03:04,084 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:03:04,085 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:03:04,085 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:03:04,085 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:03:04,085 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:03:04,085 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:03:04,085 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:03:04,086 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:03:04,086 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:03:04,086 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:03:04,086 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:03:04,086 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:03:04,086 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:03:04,088 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:03:04,088 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:03:04,088 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:03:04,088 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:03:04,088 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:03:04,088 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:03:04,089 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 8a7679b9688c44fd84543e8b684d34e72b379518d806d27199a245477e871776 [2022-02-20 18:03:04,328 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:03:04,359 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:03:04,361 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:03:04,362 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:03:04,363 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:03:04,364 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec8_product16.cil.c [2022-02-20 18:03:04,422 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f00a376d3/e83e7f70db744fe7b3ee71c86fdd330e/FLAG06a99b443 [2022-02-20 18:03:04,958 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:03:04,958 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product16.cil.c [2022-02-20 18:03:04,973 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f00a376d3/e83e7f70db744fe7b3ee71c86fdd330e/FLAG06a99b443 [2022-02-20 18:03:05,394 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f00a376d3/e83e7f70db744fe7b3ee71c86fdd330e [2022-02-20 18:03:05,396 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:03:05,398 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:03:05,401 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:03:05,401 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:03:05,405 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:03:05,406 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:03:05" (1/1) ... [2022-02-20 18:03:05,407 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@754678e0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:05, skipping insertion in model container [2022-02-20 18:03:05,407 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:03:05" (1/1) ... [2022-02-20 18:03:05,412 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:03:05,477 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:03:05,927 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product16.cil.c[51682,51695] [2022-02-20 18:03:05,956 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:03:05,964 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:03:06,064 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product16.cil.c[51682,51695] [2022-02-20 18:03:06,076 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:03:06,107 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:03:06,107 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06 WrapperNode [2022-02-20 18:03:06,108 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:03:06,109 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:03:06,109 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:03:06,109 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:03:06,115 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,151 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,223 INFO L137 Inliner]: procedures = 126, calls = 201, calls flagged for inlining = 57, calls inlined = 52, statements flattened = 994 [2022-02-20 18:03:06,227 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:03:06,228 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:03:06,228 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:03:06,243 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:03:06,250 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,251 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,262 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,263 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,281 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,290 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,297 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,324 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:03:06,325 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:03:06,325 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:03:06,325 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:03:06,326 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (1/1) ... [2022-02-20 18:03:06,384 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:03:06,398 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:06,412 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:03:06,439 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:03:06,454 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:03:06,454 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:03:06,454 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:03:06,454 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:03:06,455 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:03:06,455 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:03:06,455 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:03:06,455 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:03:06,456 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:03:06,457 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:03:06,457 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:03:06,457 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:03:06,457 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:03:06,457 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:03:06,457 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:03:06,458 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:03:06,458 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:03:06,458 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:03:06,458 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:03:06,458 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:03:06,458 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:03:06,458 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:03:06,459 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:03:06,459 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:03:06,459 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:03:06,459 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:03:06,459 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:03:06,459 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:03:06,459 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:03:06,460 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:03:06,460 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:03:06,460 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:03:06,460 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:03:06,460 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:03:06,460 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:03:06,461 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:03:06,461 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:03:06,683 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:03:06,686 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:03:07,510 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:03:07,523 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:03:07,524 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:03:07,526 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:03:07 BoogieIcfgContainer [2022-02-20 18:03:07,526 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:03:07,527 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:03:07,527 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:03:07,530 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:03:07,530 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:03:05" (1/3) ... [2022-02-20 18:03:07,531 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2e24d024 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:03:07, skipping insertion in model container [2022-02-20 18:03:07,531 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:06" (2/3) ... [2022-02-20 18:03:07,531 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2e24d024 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:03:07, skipping insertion in model container [2022-02-20 18:03:07,532 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:03:07" (3/3) ... [2022-02-20 18:03:07,533 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec8_product16.cil.c [2022-02-20 18:03:07,537 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:03:07,537 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:03:07,587 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:03:07,600 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:03:07,601 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:03:07,633 INFO L276 IsEmpty]: Start isEmpty. Operand has 299 states, 236 states have (on average 1.5338983050847457) internal successors, (362), 240 states have internal predecessors, (362), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (45), 45 states have call predecessors, (45), 45 states have call successors, (45) [2022-02-20 18:03:07,651 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 90 [2022-02-20 18:03:07,651 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:07,652 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:07,652 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:07,657 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:07,657 INFO L85 PathProgramCache]: Analyzing trace with hash -806898450, now seen corresponding path program 1 times [2022-02-20 18:03:07,664 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:07,665 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [831499882] [2022-02-20 18:03:07,665 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:07,666 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:07,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:07,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:07,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:07,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:07,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:07,935 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:07,936 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {302#true} #927#return; {302#true} is VALID [2022-02-20 18:03:07,943 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:07,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:07,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:07,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:07,950 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:07,950 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {302#true} #929#return; {302#true} is VALID [2022-02-20 18:03:07,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:07,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:07,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {351#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:07,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {351#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {352#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:07,974 INFO L290 TraceCheckUtils]: 2: Hoare triple {352#(= |setClientId_#in~handle| 1)} assume true; {352#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:07,975 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {352#(= |setClientId_#in~handle| 1)} {312#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #931#return; {303#false} is VALID [2022-02-20 18:03:07,975 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:03:07,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:07,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:07,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:07,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:07,982 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {303#false} #933#return; {303#false} is VALID [2022-02-20 18:03:07,982 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:03:07,985 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:07,988 INFO L290 TraceCheckUtils]: 0: Hoare triple {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:07,988 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:07,988 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:07,989 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {303#false} #935#return; {303#false} is VALID [2022-02-20 18:03:07,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:03:07,993 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:07,996 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:07,996 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:07,996 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:07,997 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {303#false} #937#return; {303#false} is VALID [2022-02-20 18:03:08,005 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:03:08,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:08,009 INFO L290 TraceCheckUtils]: 0: Hoare triple {353#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,009 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,010 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,010 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {303#false} #921#return; {303#false} is VALID [2022-02-20 18:03:08,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:03:08,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:08,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {354#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,033 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,033 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,033 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {303#false} #923#return; {303#false} is VALID [2022-02-20 18:03:08,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:03:08,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:08,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {302#true} ~handle := #in~handle;havoc ~retValue_acc~28; {302#true} is VALID [2022-02-20 18:03:08,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {302#true} is VALID [2022-02-20 18:03:08,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {303#false} #881#return; {303#false} is VALID [2022-02-20 18:03:08,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:03:08,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:08,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {353#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,052 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,052 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {303#false} #887#return; {303#false} is VALID [2022-02-20 18:03:08,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:03:08,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:08,059 INFO L290 TraceCheckUtils]: 0: Hoare triple {302#true} ~handle := #in~handle;havoc ~retValue_acc~31; {302#true} is VALID [2022-02-20 18:03:08,060 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {302#true} is VALID [2022-02-20 18:03:08,060 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,061 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {302#true} {303#false} #889#return; {303#false} is VALID [2022-02-20 18:03:08,062 INFO L290 TraceCheckUtils]: 0: Hoare triple {302#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {302#true} is VALID [2022-02-20 18:03:08,066 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {302#true} is VALID [2022-02-20 18:03:08,066 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {302#true} is VALID [2022-02-20 18:03:08,067 INFO L290 TraceCheckUtils]: 3: Hoare triple {302#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {302#true} is VALID [2022-02-20 18:03:08,069 INFO L290 TraceCheckUtils]: 4: Hoare triple {302#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {302#true} is VALID [2022-02-20 18:03:08,069 INFO L290 TraceCheckUtils]: 5: Hoare triple {302#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {302#true} is VALID [2022-02-20 18:03:08,071 INFO L272 TraceCheckUtils]: 6: Hoare triple {302#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:08,071 INFO L290 TraceCheckUtils]: 7: Hoare triple {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,072 INFO L290 TraceCheckUtils]: 8: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,072 INFO L290 TraceCheckUtils]: 9: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,072 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {302#true} {302#true} #927#return; {302#true} is VALID [2022-02-20 18:03:08,073 INFO L290 TraceCheckUtils]: 11: Hoare triple {302#true} assume { :end_inline_setup_bob__wrappee__Base } true; {302#true} is VALID [2022-02-20 18:03:08,074 INFO L272 TraceCheckUtils]: 12: Hoare triple {302#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:08,074 INFO L290 TraceCheckUtils]: 13: Hoare triple {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,074 INFO L290 TraceCheckUtils]: 14: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,075 INFO L290 TraceCheckUtils]: 15: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,075 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {302#true} {302#true} #929#return; {302#true} is VALID [2022-02-20 18:03:08,076 INFO L290 TraceCheckUtils]: 17: Hoare triple {302#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {312#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:08,077 INFO L272 TraceCheckUtils]: 18: Hoare triple {312#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:08,078 INFO L290 TraceCheckUtils]: 19: Hoare triple {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {351#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:08,078 INFO L290 TraceCheckUtils]: 20: Hoare triple {351#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {352#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:08,079 INFO L290 TraceCheckUtils]: 21: Hoare triple {352#(= |setClientId_#in~handle| 1)} assume true; {352#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:08,079 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {352#(= |setClientId_#in~handle| 1)} {312#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #931#return; {303#false} is VALID [2022-02-20 18:03:08,080 INFO L290 TraceCheckUtils]: 23: Hoare triple {303#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {303#false} is VALID [2022-02-20 18:03:08,080 INFO L272 TraceCheckUtils]: 24: Hoare triple {303#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:08,080 INFO L290 TraceCheckUtils]: 25: Hoare triple {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,080 INFO L290 TraceCheckUtils]: 26: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,081 INFO L290 TraceCheckUtils]: 27: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,081 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {302#true} {303#false} #933#return; {303#false} is VALID [2022-02-20 18:03:08,082 INFO L290 TraceCheckUtils]: 29: Hoare triple {303#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {303#false} is VALID [2022-02-20 18:03:08,083 INFO L272 TraceCheckUtils]: 30: Hoare triple {303#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:08,083 INFO L290 TraceCheckUtils]: 31: Hoare triple {349#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,083 INFO L290 TraceCheckUtils]: 32: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,083 INFO L290 TraceCheckUtils]: 33: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,084 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {302#true} {303#false} #935#return; {303#false} is VALID [2022-02-20 18:03:08,084 INFO L290 TraceCheckUtils]: 35: Hoare triple {303#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {303#false} is VALID [2022-02-20 18:03:08,084 INFO L272 TraceCheckUtils]: 36: Hoare triple {303#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:08,086 INFO L290 TraceCheckUtils]: 37: Hoare triple {350#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,086 INFO L290 TraceCheckUtils]: 38: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,086 INFO L290 TraceCheckUtils]: 39: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,087 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {302#true} {303#false} #937#return; {303#false} is VALID [2022-02-20 18:03:08,087 INFO L290 TraceCheckUtils]: 41: Hoare triple {303#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {303#false} is VALID [2022-02-20 18:03:08,087 INFO L290 TraceCheckUtils]: 42: Hoare triple {303#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {303#false} is VALID [2022-02-20 18:03:08,088 INFO L290 TraceCheckUtils]: 43: Hoare triple {303#false} assume false; {303#false} is VALID [2022-02-20 18:03:08,088 INFO L290 TraceCheckUtils]: 44: Hoare triple {303#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {303#false} is VALID [2022-02-20 18:03:08,088 INFO L272 TraceCheckUtils]: 45: Hoare triple {303#false} call sendEmail(~bob~0, ~rjh~0); {303#false} is VALID [2022-02-20 18:03:08,089 INFO L290 TraceCheckUtils]: 46: Hoare triple {303#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {303#false} is VALID [2022-02-20 18:03:08,090 INFO L272 TraceCheckUtils]: 47: Hoare triple {303#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {353#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:08,090 INFO L290 TraceCheckUtils]: 48: Hoare triple {353#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,090 INFO L290 TraceCheckUtils]: 49: Hoare triple {302#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,091 INFO L290 TraceCheckUtils]: 50: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,091 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {302#true} {303#false} #921#return; {303#false} is VALID [2022-02-20 18:03:08,091 INFO L272 TraceCheckUtils]: 52: Hoare triple {303#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {354#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:08,091 INFO L290 TraceCheckUtils]: 53: Hoare triple {354#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,093 INFO L290 TraceCheckUtils]: 54: Hoare triple {302#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,093 INFO L290 TraceCheckUtils]: 55: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,095 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {302#true} {303#false} #923#return; {303#false} is VALID [2022-02-20 18:03:08,095 INFO L290 TraceCheckUtils]: 57: Hoare triple {303#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {303#false} is VALID [2022-02-20 18:03:08,096 INFO L290 TraceCheckUtils]: 58: Hoare triple {303#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {303#false} is VALID [2022-02-20 18:03:08,096 INFO L272 TraceCheckUtils]: 59: Hoare triple {303#false} call outgoing(~sender#1, ~email~0#1); {303#false} is VALID [2022-02-20 18:03:08,096 INFO L290 TraceCheckUtils]: 60: Hoare triple {303#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {303#false} is VALID [2022-02-20 18:03:08,096 INFO L272 TraceCheckUtils]: 61: Hoare triple {303#false} call #t~ret85#1 := getEmailTo(~msg#1); {302#true} is VALID [2022-02-20 18:03:08,097 INFO L290 TraceCheckUtils]: 62: Hoare triple {302#true} ~handle := #in~handle;havoc ~retValue_acc~28; {302#true} is VALID [2022-02-20 18:03:08,097 INFO L290 TraceCheckUtils]: 63: Hoare triple {302#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {302#true} is VALID [2022-02-20 18:03:08,099 INFO L290 TraceCheckUtils]: 64: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,099 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {302#true} {303#false} #881#return; {303#false} is VALID [2022-02-20 18:03:08,099 INFO L290 TraceCheckUtils]: 66: Hoare triple {303#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {303#false} is VALID [2022-02-20 18:03:08,101 INFO L290 TraceCheckUtils]: 67: Hoare triple {303#false} assume 1 == findPublicKey_~handle#1; {303#false} is VALID [2022-02-20 18:03:08,101 INFO L290 TraceCheckUtils]: 68: Hoare triple {303#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {303#false} is VALID [2022-02-20 18:03:08,101 INFO L290 TraceCheckUtils]: 69: Hoare triple {303#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {303#false} is VALID [2022-02-20 18:03:08,109 INFO L290 TraceCheckUtils]: 70: Hoare triple {303#false} assume !(0 != ~pubkey~0#1); {303#false} is VALID [2022-02-20 18:03:08,110 INFO L290 TraceCheckUtils]: 71: Hoare triple {303#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {303#false} is VALID [2022-02-20 18:03:08,110 INFO L290 TraceCheckUtils]: 72: Hoare triple {303#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {303#false} is VALID [2022-02-20 18:03:08,110 INFO L290 TraceCheckUtils]: 73: Hoare triple {303#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {303#false} is VALID [2022-02-20 18:03:08,111 INFO L272 TraceCheckUtils]: 74: Hoare triple {303#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {353#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:08,111 INFO L290 TraceCheckUtils]: 75: Hoare triple {353#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,111 INFO L290 TraceCheckUtils]: 76: Hoare triple {302#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,111 INFO L290 TraceCheckUtils]: 77: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,111 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {302#true} {303#false} #887#return; {303#false} is VALID [2022-02-20 18:03:08,112 INFO L290 TraceCheckUtils]: 79: Hoare triple {303#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {303#false} is VALID [2022-02-20 18:03:08,112 INFO L290 TraceCheckUtils]: 80: Hoare triple {303#false} assume 0 != ~in_encrypted~0; {303#false} is VALID [2022-02-20 18:03:08,112 INFO L272 TraceCheckUtils]: 81: Hoare triple {303#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {302#true} is VALID [2022-02-20 18:03:08,112 INFO L290 TraceCheckUtils]: 82: Hoare triple {302#true} ~handle := #in~handle;havoc ~retValue_acc~31; {302#true} is VALID [2022-02-20 18:03:08,113 INFO L290 TraceCheckUtils]: 83: Hoare triple {302#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {302#true} is VALID [2022-02-20 18:03:08,113 INFO L290 TraceCheckUtils]: 84: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,113 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {302#true} {303#false} #889#return; {303#false} is VALID [2022-02-20 18:03:08,113 INFO L290 TraceCheckUtils]: 86: Hoare triple {303#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {303#false} is VALID [2022-02-20 18:03:08,113 INFO L290 TraceCheckUtils]: 87: Hoare triple {303#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {303#false} is VALID [2022-02-20 18:03:08,114 INFO L290 TraceCheckUtils]: 88: Hoare triple {303#false} assume !false; {303#false} is VALID [2022-02-20 18:03:08,115 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:03:08,122 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:08,122 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [831499882] [2022-02-20 18:03:08,123 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [831499882] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:08,123 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [281433016] [2022-02-20 18:03:08,123 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:08,124 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:08,124 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:08,128 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:08,129 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:03:08,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:08,413 INFO L263 TraceCheckSpWp]: Trace formula consists of 958 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:03:08,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:08,479 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:08,711 INFO L290 TraceCheckUtils]: 0: Hoare triple {302#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {302#true} is VALID [2022-02-20 18:03:08,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {302#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {302#true} is VALID [2022-02-20 18:03:08,712 INFO L290 TraceCheckUtils]: 2: Hoare triple {302#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {302#true} is VALID [2022-02-20 18:03:08,712 INFO L290 TraceCheckUtils]: 3: Hoare triple {302#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {302#true} is VALID [2022-02-20 18:03:08,712 INFO L290 TraceCheckUtils]: 4: Hoare triple {302#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {302#true} is VALID [2022-02-20 18:03:08,712 INFO L290 TraceCheckUtils]: 5: Hoare triple {302#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {302#true} is VALID [2022-02-20 18:03:08,713 INFO L272 TraceCheckUtils]: 6: Hoare triple {302#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {302#true} is VALID [2022-02-20 18:03:08,713 INFO L290 TraceCheckUtils]: 7: Hoare triple {302#true} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,713 INFO L290 TraceCheckUtils]: 8: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,713 INFO L290 TraceCheckUtils]: 9: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,714 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {302#true} {302#true} #927#return; {302#true} is VALID [2022-02-20 18:03:08,714 INFO L290 TraceCheckUtils]: 11: Hoare triple {302#true} assume { :end_inline_setup_bob__wrappee__Base } true; {302#true} is VALID [2022-02-20 18:03:08,714 INFO L272 TraceCheckUtils]: 12: Hoare triple {302#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {302#true} is VALID [2022-02-20 18:03:08,714 INFO L290 TraceCheckUtils]: 13: Hoare triple {302#true} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,714 INFO L290 TraceCheckUtils]: 14: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,715 INFO L290 TraceCheckUtils]: 15: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,715 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {302#true} {302#true} #929#return; {302#true} is VALID [2022-02-20 18:03:08,715 INFO L290 TraceCheckUtils]: 17: Hoare triple {302#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {302#true} is VALID [2022-02-20 18:03:08,715 INFO L272 TraceCheckUtils]: 18: Hoare triple {302#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {302#true} is VALID [2022-02-20 18:03:08,716 INFO L290 TraceCheckUtils]: 19: Hoare triple {302#true} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,716 INFO L290 TraceCheckUtils]: 20: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,716 INFO L290 TraceCheckUtils]: 21: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,716 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {302#true} {302#true} #931#return; {302#true} is VALID [2022-02-20 18:03:08,716 INFO L290 TraceCheckUtils]: 23: Hoare triple {302#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {302#true} is VALID [2022-02-20 18:03:08,717 INFO L272 TraceCheckUtils]: 24: Hoare triple {302#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {302#true} is VALID [2022-02-20 18:03:08,717 INFO L290 TraceCheckUtils]: 25: Hoare triple {302#true} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,717 INFO L290 TraceCheckUtils]: 26: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,717 INFO L290 TraceCheckUtils]: 27: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,717 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {302#true} {302#true} #933#return; {302#true} is VALID [2022-02-20 18:03:08,718 INFO L290 TraceCheckUtils]: 29: Hoare triple {302#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {302#true} is VALID [2022-02-20 18:03:08,718 INFO L272 TraceCheckUtils]: 30: Hoare triple {302#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {302#true} is VALID [2022-02-20 18:03:08,718 INFO L290 TraceCheckUtils]: 31: Hoare triple {302#true} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,718 INFO L290 TraceCheckUtils]: 32: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,719 INFO L290 TraceCheckUtils]: 33: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,719 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {302#true} {302#true} #935#return; {302#true} is VALID [2022-02-20 18:03:08,719 INFO L290 TraceCheckUtils]: 35: Hoare triple {302#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {302#true} is VALID [2022-02-20 18:03:08,719 INFO L272 TraceCheckUtils]: 36: Hoare triple {302#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {302#true} is VALID [2022-02-20 18:03:08,719 INFO L290 TraceCheckUtils]: 37: Hoare triple {302#true} ~handle := #in~handle;~value := #in~value; {302#true} is VALID [2022-02-20 18:03:08,720 INFO L290 TraceCheckUtils]: 38: Hoare triple {302#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {302#true} is VALID [2022-02-20 18:03:08,720 INFO L290 TraceCheckUtils]: 39: Hoare triple {302#true} assume true; {302#true} is VALID [2022-02-20 18:03:08,720 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {302#true} {302#true} #937#return; {302#true} is VALID [2022-02-20 18:03:08,720 INFO L290 TraceCheckUtils]: 41: Hoare triple {302#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {302#true} is VALID [2022-02-20 18:03:08,720 INFO L290 TraceCheckUtils]: 42: Hoare triple {302#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {302#true} is VALID [2022-02-20 18:03:08,722 INFO L290 TraceCheckUtils]: 43: Hoare triple {302#true} assume false; {303#false} is VALID [2022-02-20 18:03:08,722 INFO L290 TraceCheckUtils]: 44: Hoare triple {303#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {303#false} is VALID [2022-02-20 18:03:08,722 INFO L272 TraceCheckUtils]: 45: Hoare triple {303#false} call sendEmail(~bob~0, ~rjh~0); {303#false} is VALID [2022-02-20 18:03:08,723 INFO L290 TraceCheckUtils]: 46: Hoare triple {303#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {303#false} is VALID [2022-02-20 18:03:08,723 INFO L272 TraceCheckUtils]: 47: Hoare triple {303#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {303#false} is VALID [2022-02-20 18:03:08,723 INFO L290 TraceCheckUtils]: 48: Hoare triple {303#false} ~handle := #in~handle;~value := #in~value; {303#false} is VALID [2022-02-20 18:03:08,723 INFO L290 TraceCheckUtils]: 49: Hoare triple {303#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {303#false} is VALID [2022-02-20 18:03:08,723 INFO L290 TraceCheckUtils]: 50: Hoare triple {303#false} assume true; {303#false} is VALID [2022-02-20 18:03:08,724 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {303#false} {303#false} #921#return; {303#false} is VALID [2022-02-20 18:03:08,724 INFO L272 TraceCheckUtils]: 52: Hoare triple {303#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {303#false} is VALID [2022-02-20 18:03:08,724 INFO L290 TraceCheckUtils]: 53: Hoare triple {303#false} ~handle := #in~handle;~value := #in~value; {303#false} is VALID [2022-02-20 18:03:08,724 INFO L290 TraceCheckUtils]: 54: Hoare triple {303#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {303#false} is VALID [2022-02-20 18:03:08,725 INFO L290 TraceCheckUtils]: 55: Hoare triple {303#false} assume true; {303#false} is VALID [2022-02-20 18:03:08,725 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {303#false} {303#false} #923#return; {303#false} is VALID [2022-02-20 18:03:08,725 INFO L290 TraceCheckUtils]: 57: Hoare triple {303#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {303#false} is VALID [2022-02-20 18:03:08,725 INFO L290 TraceCheckUtils]: 58: Hoare triple {303#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {303#false} is VALID [2022-02-20 18:03:08,725 INFO L272 TraceCheckUtils]: 59: Hoare triple {303#false} call outgoing(~sender#1, ~email~0#1); {303#false} is VALID [2022-02-20 18:03:08,726 INFO L290 TraceCheckUtils]: 60: Hoare triple {303#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {303#false} is VALID [2022-02-20 18:03:08,726 INFO L272 TraceCheckUtils]: 61: Hoare triple {303#false} call #t~ret85#1 := getEmailTo(~msg#1); {303#false} is VALID [2022-02-20 18:03:08,726 INFO L290 TraceCheckUtils]: 62: Hoare triple {303#false} ~handle := #in~handle;havoc ~retValue_acc~28; {303#false} is VALID [2022-02-20 18:03:08,726 INFO L290 TraceCheckUtils]: 63: Hoare triple {303#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {303#false} is VALID [2022-02-20 18:03:08,726 INFO L290 TraceCheckUtils]: 64: Hoare triple {303#false} assume true; {303#false} is VALID [2022-02-20 18:03:08,727 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {303#false} {303#false} #881#return; {303#false} is VALID [2022-02-20 18:03:08,727 INFO L290 TraceCheckUtils]: 66: Hoare triple {303#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {303#false} is VALID [2022-02-20 18:03:08,727 INFO L290 TraceCheckUtils]: 67: Hoare triple {303#false} assume 1 == findPublicKey_~handle#1; {303#false} is VALID [2022-02-20 18:03:08,727 INFO L290 TraceCheckUtils]: 68: Hoare triple {303#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {303#false} is VALID [2022-02-20 18:03:08,727 INFO L290 TraceCheckUtils]: 69: Hoare triple {303#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {303#false} is VALID [2022-02-20 18:03:08,728 INFO L290 TraceCheckUtils]: 70: Hoare triple {303#false} assume !(0 != ~pubkey~0#1); {303#false} is VALID [2022-02-20 18:03:08,728 INFO L290 TraceCheckUtils]: 71: Hoare triple {303#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {303#false} is VALID [2022-02-20 18:03:08,728 INFO L290 TraceCheckUtils]: 72: Hoare triple {303#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {303#false} is VALID [2022-02-20 18:03:08,728 INFO L290 TraceCheckUtils]: 73: Hoare triple {303#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {303#false} is VALID [2022-02-20 18:03:08,729 INFO L272 TraceCheckUtils]: 74: Hoare triple {303#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {303#false} is VALID [2022-02-20 18:03:08,729 INFO L290 TraceCheckUtils]: 75: Hoare triple {303#false} ~handle := #in~handle;~value := #in~value; {303#false} is VALID [2022-02-20 18:03:08,729 INFO L290 TraceCheckUtils]: 76: Hoare triple {303#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {303#false} is VALID [2022-02-20 18:03:08,729 INFO L290 TraceCheckUtils]: 77: Hoare triple {303#false} assume true; {303#false} is VALID [2022-02-20 18:03:08,729 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {303#false} {303#false} #887#return; {303#false} is VALID [2022-02-20 18:03:08,730 INFO L290 TraceCheckUtils]: 79: Hoare triple {303#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {303#false} is VALID [2022-02-20 18:03:08,730 INFO L290 TraceCheckUtils]: 80: Hoare triple {303#false} assume 0 != ~in_encrypted~0; {303#false} is VALID [2022-02-20 18:03:08,730 INFO L272 TraceCheckUtils]: 81: Hoare triple {303#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {303#false} is VALID [2022-02-20 18:03:08,730 INFO L290 TraceCheckUtils]: 82: Hoare triple {303#false} ~handle := #in~handle;havoc ~retValue_acc~31; {303#false} is VALID [2022-02-20 18:03:08,731 INFO L290 TraceCheckUtils]: 83: Hoare triple {303#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {303#false} is VALID [2022-02-20 18:03:08,731 INFO L290 TraceCheckUtils]: 84: Hoare triple {303#false} assume true; {303#false} is VALID [2022-02-20 18:03:08,731 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {303#false} {303#false} #889#return; {303#false} is VALID [2022-02-20 18:03:08,731 INFO L290 TraceCheckUtils]: 86: Hoare triple {303#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {303#false} is VALID [2022-02-20 18:03:08,731 INFO L290 TraceCheckUtils]: 87: Hoare triple {303#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {303#false} is VALID [2022-02-20 18:03:08,732 INFO L290 TraceCheckUtils]: 88: Hoare triple {303#false} assume !false; {303#false} is VALID [2022-02-20 18:03:08,732 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:03:08,732 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:08,733 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [281433016] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:08,733 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:08,733 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:03:08,735 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1383503540] [2022-02-20 18:03:08,735 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:08,740 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 25.0) internal successors, (50), 2 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) Word has length 89 [2022-02-20 18:03:08,742 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:08,744 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 25.0) internal successors, (50), 2 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:08,823 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:08,824 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:03:08,824 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:08,840 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:03:08,841 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:03:08,845 INFO L87 Difference]: Start difference. First operand has 299 states, 236 states have (on average 1.5338983050847457) internal successors, (362), 240 states have internal predecessors, (362), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (45), 45 states have call predecessors, (45), 45 states have call successors, (45) Second operand has 2 states, 2 states have (on average 25.0) internal successors, (50), 2 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:09,237 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:09,238 INFO L93 Difference]: Finished difference Result 444 states and 658 transitions. [2022-02-20 18:03:09,238 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:03:09,239 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 25.0) internal successors, (50), 2 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) Word has length 89 [2022-02-20 18:03:09,239 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:09,241 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 25.0) internal successors, (50), 2 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:09,278 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 658 transitions. [2022-02-20 18:03:09,279 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 25.0) internal successors, (50), 2 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:09,292 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 658 transitions. [2022-02-20 18:03:09,292 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 658 transitions. [2022-02-20 18:03:09,868 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 658 edges. 658 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:09,892 INFO L225 Difference]: With dead ends: 444 [2022-02-20 18:03:09,892 INFO L226 Difference]: Without dead ends: 292 [2022-02-20 18:03:09,897 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 114 GetRequests, 107 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:03:09,899 INFO L933 BasicCegarLoop]: 448 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 448 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:09,900 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 448 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:09,915 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 292 states. [2022-02-20 18:03:09,942 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 292 to 292. [2022-02-20 18:03:09,943 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:09,945 INFO L82 GeneralOperation]: Start isEquivalent. First operand 292 states. Second operand has 292 states, 230 states have (on average 1.5260869565217392) internal successors, (351), 233 states have internal predecessors, (351), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) [2022-02-20 18:03:09,947 INFO L74 IsIncluded]: Start isIncluded. First operand 292 states. Second operand has 292 states, 230 states have (on average 1.5260869565217392) internal successors, (351), 233 states have internal predecessors, (351), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) [2022-02-20 18:03:09,948 INFO L87 Difference]: Start difference. First operand 292 states. Second operand has 292 states, 230 states have (on average 1.5260869565217392) internal successors, (351), 233 states have internal predecessors, (351), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) [2022-02-20 18:03:09,967 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:09,968 INFO L93 Difference]: Finished difference Result 292 states and 440 transitions. [2022-02-20 18:03:09,968 INFO L276 IsEmpty]: Start isEmpty. Operand 292 states and 440 transitions. [2022-02-20 18:03:09,971 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:09,971 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:09,972 INFO L74 IsIncluded]: Start isIncluded. First operand has 292 states, 230 states have (on average 1.5260869565217392) internal successors, (351), 233 states have internal predecessors, (351), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) Second operand 292 states. [2022-02-20 18:03:09,974 INFO L87 Difference]: Start difference. First operand has 292 states, 230 states have (on average 1.5260869565217392) internal successors, (351), 233 states have internal predecessors, (351), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) Second operand 292 states. [2022-02-20 18:03:09,990 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:09,990 INFO L93 Difference]: Finished difference Result 292 states and 440 transitions. [2022-02-20 18:03:09,990 INFO L276 IsEmpty]: Start isEmpty. Operand 292 states and 440 transitions. [2022-02-20 18:03:09,992 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:09,992 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:09,992 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:09,992 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:09,994 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 292 states, 230 states have (on average 1.5260869565217392) internal successors, (351), 233 states have internal predecessors, (351), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) [2022-02-20 18:03:10,010 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 292 states to 292 states and 440 transitions. [2022-02-20 18:03:10,012 INFO L78 Accepts]: Start accepts. Automaton has 292 states and 440 transitions. Word has length 89 [2022-02-20 18:03:10,012 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:10,013 INFO L470 AbstractCegarLoop]: Abstraction has 292 states and 440 transitions. [2022-02-20 18:03:10,013 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 25.0) internal successors, (50), 2 states have internal predecessors, (50), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:10,013 INFO L276 IsEmpty]: Start isEmpty. Operand 292 states and 440 transitions. [2022-02-20 18:03:10,016 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 91 [2022-02-20 18:03:10,016 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:10,017 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:10,045 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:10,231 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:03:10,232 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:10,232 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:10,233 INFO L85 PathProgramCache]: Analyzing trace with hash 1177822227, now seen corresponding path program 1 times [2022-02-20 18:03:10,233 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:10,233 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [258248723] [2022-02-20 18:03:10,233 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:10,233 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:10,294 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,375 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:10,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,401 INFO L290 TraceCheckUtils]: 0: Hoare triple {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,401 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,401 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,401 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2242#true} #927#return; {2242#true} is VALID [2022-02-20 18:03:10,408 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:10,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,426 INFO L290 TraceCheckUtils]: 0: Hoare triple {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,426 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,426 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,427 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2242#true} #929#return; {2242#true} is VALID [2022-02-20 18:03:10,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:10,429 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,445 INFO L290 TraceCheckUtils]: 0: Hoare triple {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2291#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:10,445 INFO L290 TraceCheckUtils]: 1: Hoare triple {2291#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2292#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:10,446 INFO L290 TraceCheckUtils]: 2: Hoare triple {2292#(= |setClientId_#in~handle| 1)} assume true; {2292#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:10,447 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2292#(= |setClientId_#in~handle| 1)} {2252#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #931#return; {2243#false} is VALID [2022-02-20 18:03:10,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:03:10,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,466 INFO L290 TraceCheckUtils]: 0: Hoare triple {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,467 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,467 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,467 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2243#false} #933#return; {2243#false} is VALID [2022-02-20 18:03:10,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:03:10,469 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,472 INFO L290 TraceCheckUtils]: 0: Hoare triple {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,472 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,472 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,473 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2243#false} #935#return; {2243#false} is VALID [2022-02-20 18:03:10,473 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:03:10,475 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,478 INFO L290 TraceCheckUtils]: 0: Hoare triple {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,478 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,478 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,478 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2243#false} #937#return; {2243#false} is VALID [2022-02-20 18:03:10,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:03:10,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {2293#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,491 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2243#false} #921#return; {2243#false} is VALID [2022-02-20 18:03:10,516 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:03:10,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {2294#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,533 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,533 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,533 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2243#false} #923#return; {2243#false} is VALID [2022-02-20 18:03:10,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:03:10,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,538 INFO L290 TraceCheckUtils]: 0: Hoare triple {2242#true} ~handle := #in~handle;havoc ~retValue_acc~28; {2242#true} is VALID [2022-02-20 18:03:10,538 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {2242#true} is VALID [2022-02-20 18:03:10,542 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,542 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2243#false} #881#return; {2243#false} is VALID [2022-02-20 18:03:10,542 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:03:10,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {2293#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,555 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2243#false} #887#return; {2243#false} is VALID [2022-02-20 18:03:10,555 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:03:10,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,564 INFO L290 TraceCheckUtils]: 0: Hoare triple {2242#true} ~handle := #in~handle;havoc ~retValue_acc~31; {2242#true} is VALID [2022-02-20 18:03:10,564 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {2242#true} is VALID [2022-02-20 18:03:10,565 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,565 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2242#true} {2243#false} #889#return; {2243#false} is VALID [2022-02-20 18:03:10,565 INFO L290 TraceCheckUtils]: 0: Hoare triple {2242#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2242#true} is VALID [2022-02-20 18:03:10,565 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {2242#true} is VALID [2022-02-20 18:03:10,566 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2242#true} is VALID [2022-02-20 18:03:10,566 INFO L290 TraceCheckUtils]: 3: Hoare triple {2242#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {2242#true} is VALID [2022-02-20 18:03:10,566 INFO L290 TraceCheckUtils]: 4: Hoare triple {2242#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2242#true} is VALID [2022-02-20 18:03:10,566 INFO L290 TraceCheckUtils]: 5: Hoare triple {2242#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2242#true} is VALID [2022-02-20 18:03:10,569 INFO L272 TraceCheckUtils]: 6: Hoare triple {2242#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,569 INFO L290 TraceCheckUtils]: 7: Hoare triple {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,570 INFO L290 TraceCheckUtils]: 8: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,570 INFO L290 TraceCheckUtils]: 9: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,570 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2242#true} {2242#true} #927#return; {2242#true} is VALID [2022-02-20 18:03:10,570 INFO L290 TraceCheckUtils]: 11: Hoare triple {2242#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2242#true} is VALID [2022-02-20 18:03:10,571 INFO L272 TraceCheckUtils]: 12: Hoare triple {2242#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:10,571 INFO L290 TraceCheckUtils]: 13: Hoare triple {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,571 INFO L290 TraceCheckUtils]: 14: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,572 INFO L290 TraceCheckUtils]: 15: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,572 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2242#true} {2242#true} #929#return; {2242#true} is VALID [2022-02-20 18:03:10,572 INFO L290 TraceCheckUtils]: 17: Hoare triple {2242#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2252#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:10,573 INFO L272 TraceCheckUtils]: 18: Hoare triple {2252#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,574 INFO L290 TraceCheckUtils]: 19: Hoare triple {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2291#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:10,574 INFO L290 TraceCheckUtils]: 20: Hoare triple {2291#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2292#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:10,574 INFO L290 TraceCheckUtils]: 21: Hoare triple {2292#(= |setClientId_#in~handle| 1)} assume true; {2292#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:10,575 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2292#(= |setClientId_#in~handle| 1)} {2252#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #931#return; {2243#false} is VALID [2022-02-20 18:03:10,575 INFO L290 TraceCheckUtils]: 23: Hoare triple {2243#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2243#false} is VALID [2022-02-20 18:03:10,575 INFO L272 TraceCheckUtils]: 24: Hoare triple {2243#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:10,576 INFO L290 TraceCheckUtils]: 25: Hoare triple {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,576 INFO L290 TraceCheckUtils]: 26: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,576 INFO L290 TraceCheckUtils]: 27: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,576 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2242#true} {2243#false} #933#return; {2243#false} is VALID [2022-02-20 18:03:10,576 INFO L290 TraceCheckUtils]: 29: Hoare triple {2243#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2243#false} is VALID [2022-02-20 18:03:10,576 INFO L272 TraceCheckUtils]: 30: Hoare triple {2243#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:10,577 INFO L290 TraceCheckUtils]: 31: Hoare triple {2289#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,577 INFO L290 TraceCheckUtils]: 32: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,577 INFO L290 TraceCheckUtils]: 33: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,577 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2242#true} {2243#false} #935#return; {2243#false} is VALID [2022-02-20 18:03:10,577 INFO L290 TraceCheckUtils]: 35: Hoare triple {2243#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2243#false} is VALID [2022-02-20 18:03:10,577 INFO L272 TraceCheckUtils]: 36: Hoare triple {2243#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:10,578 INFO L290 TraceCheckUtils]: 37: Hoare triple {2290#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,578 INFO L290 TraceCheckUtils]: 38: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,578 INFO L290 TraceCheckUtils]: 39: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,578 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2242#true} {2243#false} #937#return; {2243#false} is VALID [2022-02-20 18:03:10,578 INFO L290 TraceCheckUtils]: 41: Hoare triple {2243#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {2243#false} is VALID [2022-02-20 18:03:10,579 INFO L290 TraceCheckUtils]: 42: Hoare triple {2243#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2243#false} is VALID [2022-02-20 18:03:10,579 INFO L290 TraceCheckUtils]: 43: Hoare triple {2243#false} assume !false; {2243#false} is VALID [2022-02-20 18:03:10,579 INFO L290 TraceCheckUtils]: 44: Hoare triple {2243#false} assume !(test_~splverifierCounter~0#1 < 4); {2243#false} is VALID [2022-02-20 18:03:10,579 INFO L290 TraceCheckUtils]: 45: Hoare triple {2243#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {2243#false} is VALID [2022-02-20 18:03:10,579 INFO L272 TraceCheckUtils]: 46: Hoare triple {2243#false} call sendEmail(~bob~0, ~rjh~0); {2243#false} is VALID [2022-02-20 18:03:10,580 INFO L290 TraceCheckUtils]: 47: Hoare triple {2243#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2243#false} is VALID [2022-02-20 18:03:10,580 INFO L272 TraceCheckUtils]: 48: Hoare triple {2243#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2293#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:10,580 INFO L290 TraceCheckUtils]: 49: Hoare triple {2293#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,580 INFO L290 TraceCheckUtils]: 50: Hoare triple {2242#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,580 INFO L290 TraceCheckUtils]: 51: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,580 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2242#true} {2243#false} #921#return; {2243#false} is VALID [2022-02-20 18:03:10,581 INFO L272 TraceCheckUtils]: 53: Hoare triple {2243#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2294#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:10,581 INFO L290 TraceCheckUtils]: 54: Hoare triple {2294#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,581 INFO L290 TraceCheckUtils]: 55: Hoare triple {2242#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,581 INFO L290 TraceCheckUtils]: 56: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,581 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2242#true} {2243#false} #923#return; {2243#false} is VALID [2022-02-20 18:03:10,581 INFO L290 TraceCheckUtils]: 58: Hoare triple {2243#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {2243#false} is VALID [2022-02-20 18:03:10,582 INFO L290 TraceCheckUtils]: 59: Hoare triple {2243#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {2243#false} is VALID [2022-02-20 18:03:10,582 INFO L272 TraceCheckUtils]: 60: Hoare triple {2243#false} call outgoing(~sender#1, ~email~0#1); {2243#false} is VALID [2022-02-20 18:03:10,582 INFO L290 TraceCheckUtils]: 61: Hoare triple {2243#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {2243#false} is VALID [2022-02-20 18:03:10,582 INFO L272 TraceCheckUtils]: 62: Hoare triple {2243#false} call #t~ret85#1 := getEmailTo(~msg#1); {2242#true} is VALID [2022-02-20 18:03:10,582 INFO L290 TraceCheckUtils]: 63: Hoare triple {2242#true} ~handle := #in~handle;havoc ~retValue_acc~28; {2242#true} is VALID [2022-02-20 18:03:10,582 INFO L290 TraceCheckUtils]: 64: Hoare triple {2242#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {2242#true} is VALID [2022-02-20 18:03:10,583 INFO L290 TraceCheckUtils]: 65: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,583 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2242#true} {2243#false} #881#return; {2243#false} is VALID [2022-02-20 18:03:10,583 INFO L290 TraceCheckUtils]: 67: Hoare triple {2243#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {2243#false} is VALID [2022-02-20 18:03:10,583 INFO L290 TraceCheckUtils]: 68: Hoare triple {2243#false} assume 1 == findPublicKey_~handle#1; {2243#false} is VALID [2022-02-20 18:03:10,583 INFO L290 TraceCheckUtils]: 69: Hoare triple {2243#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {2243#false} is VALID [2022-02-20 18:03:10,583 INFO L290 TraceCheckUtils]: 70: Hoare triple {2243#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {2243#false} is VALID [2022-02-20 18:03:10,584 INFO L290 TraceCheckUtils]: 71: Hoare triple {2243#false} assume !(0 != ~pubkey~0#1); {2243#false} is VALID [2022-02-20 18:03:10,584 INFO L290 TraceCheckUtils]: 72: Hoare triple {2243#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2243#false} is VALID [2022-02-20 18:03:10,584 INFO L290 TraceCheckUtils]: 73: Hoare triple {2243#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2243#false} is VALID [2022-02-20 18:03:10,584 INFO L290 TraceCheckUtils]: 74: Hoare triple {2243#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {2243#false} is VALID [2022-02-20 18:03:10,584 INFO L272 TraceCheckUtils]: 75: Hoare triple {2243#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {2293#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:10,584 INFO L290 TraceCheckUtils]: 76: Hoare triple {2293#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:10,585 INFO L290 TraceCheckUtils]: 77: Hoare triple {2242#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:10,585 INFO L290 TraceCheckUtils]: 78: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,585 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {2242#true} {2243#false} #887#return; {2243#false} is VALID [2022-02-20 18:03:10,585 INFO L290 TraceCheckUtils]: 80: Hoare triple {2243#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {2243#false} is VALID [2022-02-20 18:03:10,585 INFO L290 TraceCheckUtils]: 81: Hoare triple {2243#false} assume 0 != ~in_encrypted~0; {2243#false} is VALID [2022-02-20 18:03:10,585 INFO L272 TraceCheckUtils]: 82: Hoare triple {2243#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {2242#true} is VALID [2022-02-20 18:03:10,586 INFO L290 TraceCheckUtils]: 83: Hoare triple {2242#true} ~handle := #in~handle;havoc ~retValue_acc~31; {2242#true} is VALID [2022-02-20 18:03:10,586 INFO L290 TraceCheckUtils]: 84: Hoare triple {2242#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {2242#true} is VALID [2022-02-20 18:03:10,586 INFO L290 TraceCheckUtils]: 85: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:10,586 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {2242#true} {2243#false} #889#return; {2243#false} is VALID [2022-02-20 18:03:10,586 INFO L290 TraceCheckUtils]: 87: Hoare triple {2243#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {2243#false} is VALID [2022-02-20 18:03:10,586 INFO L290 TraceCheckUtils]: 88: Hoare triple {2243#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {2243#false} is VALID [2022-02-20 18:03:10,587 INFO L290 TraceCheckUtils]: 89: Hoare triple {2243#false} assume !false; {2243#false} is VALID [2022-02-20 18:03:10,587 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:03:10,587 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:10,588 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [258248723] [2022-02-20 18:03:10,588 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [258248723] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:10,588 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1547304736] [2022-02-20 18:03:10,588 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:10,588 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:10,589 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:10,590 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:10,593 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:03:10,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,822 INFO L263 TraceCheckSpWp]: Trace formula consists of 959 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:03:10,867 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:10,870 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:11,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {2242#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {2242#true} is VALID [2022-02-20 18:03:11,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {2242#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {2242#true} is VALID [2022-02-20 18:03:11,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {2242#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2242#true} is VALID [2022-02-20 18:03:11,069 INFO L290 TraceCheckUtils]: 3: Hoare triple {2242#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {2242#true} is VALID [2022-02-20 18:03:11,069 INFO L290 TraceCheckUtils]: 4: Hoare triple {2242#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2242#true} is VALID [2022-02-20 18:03:11,069 INFO L290 TraceCheckUtils]: 5: Hoare triple {2242#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2242#true} is VALID [2022-02-20 18:03:11,069 INFO L272 TraceCheckUtils]: 6: Hoare triple {2242#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2242#true} is VALID [2022-02-20 18:03:11,069 INFO L290 TraceCheckUtils]: 7: Hoare triple {2242#true} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:11,069 INFO L290 TraceCheckUtils]: 8: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:11,070 INFO L290 TraceCheckUtils]: 9: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:11,070 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2242#true} {2242#true} #927#return; {2242#true} is VALID [2022-02-20 18:03:11,070 INFO L290 TraceCheckUtils]: 11: Hoare triple {2242#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2242#true} is VALID [2022-02-20 18:03:11,070 INFO L272 TraceCheckUtils]: 12: Hoare triple {2242#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2242#true} is VALID [2022-02-20 18:03:11,070 INFO L290 TraceCheckUtils]: 13: Hoare triple {2242#true} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:11,070 INFO L290 TraceCheckUtils]: 14: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:11,071 INFO L290 TraceCheckUtils]: 15: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:11,071 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2242#true} {2242#true} #929#return; {2242#true} is VALID [2022-02-20 18:03:11,071 INFO L290 TraceCheckUtils]: 17: Hoare triple {2242#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2242#true} is VALID [2022-02-20 18:03:11,071 INFO L272 TraceCheckUtils]: 18: Hoare triple {2242#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2242#true} is VALID [2022-02-20 18:03:11,071 INFO L290 TraceCheckUtils]: 19: Hoare triple {2242#true} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:11,071 INFO L290 TraceCheckUtils]: 20: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:11,072 INFO L290 TraceCheckUtils]: 21: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:11,072 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2242#true} {2242#true} #931#return; {2242#true} is VALID [2022-02-20 18:03:11,072 INFO L290 TraceCheckUtils]: 23: Hoare triple {2242#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2242#true} is VALID [2022-02-20 18:03:11,072 INFO L272 TraceCheckUtils]: 24: Hoare triple {2242#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2242#true} is VALID [2022-02-20 18:03:11,072 INFO L290 TraceCheckUtils]: 25: Hoare triple {2242#true} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:11,072 INFO L290 TraceCheckUtils]: 26: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:11,073 INFO L290 TraceCheckUtils]: 27: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:11,073 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2242#true} {2242#true} #933#return; {2242#true} is VALID [2022-02-20 18:03:11,073 INFO L290 TraceCheckUtils]: 29: Hoare triple {2242#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2242#true} is VALID [2022-02-20 18:03:11,073 INFO L272 TraceCheckUtils]: 30: Hoare triple {2242#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2242#true} is VALID [2022-02-20 18:03:11,073 INFO L290 TraceCheckUtils]: 31: Hoare triple {2242#true} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:11,073 INFO L290 TraceCheckUtils]: 32: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:11,074 INFO L290 TraceCheckUtils]: 33: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:11,074 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2242#true} {2242#true} #935#return; {2242#true} is VALID [2022-02-20 18:03:11,074 INFO L290 TraceCheckUtils]: 35: Hoare triple {2242#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2242#true} is VALID [2022-02-20 18:03:11,074 INFO L272 TraceCheckUtils]: 36: Hoare triple {2242#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2242#true} is VALID [2022-02-20 18:03:11,074 INFO L290 TraceCheckUtils]: 37: Hoare triple {2242#true} ~handle := #in~handle;~value := #in~value; {2242#true} is VALID [2022-02-20 18:03:11,074 INFO L290 TraceCheckUtils]: 38: Hoare triple {2242#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2242#true} is VALID [2022-02-20 18:03:11,075 INFO L290 TraceCheckUtils]: 39: Hoare triple {2242#true} assume true; {2242#true} is VALID [2022-02-20 18:03:11,075 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2242#true} {2242#true} #937#return; {2242#true} is VALID [2022-02-20 18:03:11,075 INFO L290 TraceCheckUtils]: 41: Hoare triple {2242#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {2242#true} is VALID [2022-02-20 18:03:11,076 INFO L290 TraceCheckUtils]: 42: Hoare triple {2242#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2424#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:11,076 INFO L290 TraceCheckUtils]: 43: Hoare triple {2424#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2424#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:11,077 INFO L290 TraceCheckUtils]: 44: Hoare triple {2424#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2243#false} is VALID [2022-02-20 18:03:11,077 INFO L290 TraceCheckUtils]: 45: Hoare triple {2243#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {2243#false} is VALID [2022-02-20 18:03:11,077 INFO L272 TraceCheckUtils]: 46: Hoare triple {2243#false} call sendEmail(~bob~0, ~rjh~0); {2243#false} is VALID [2022-02-20 18:03:11,077 INFO L290 TraceCheckUtils]: 47: Hoare triple {2243#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2243#false} is VALID [2022-02-20 18:03:11,077 INFO L272 TraceCheckUtils]: 48: Hoare triple {2243#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2243#false} is VALID [2022-02-20 18:03:11,077 INFO L290 TraceCheckUtils]: 49: Hoare triple {2243#false} ~handle := #in~handle;~value := #in~value; {2243#false} is VALID [2022-02-20 18:03:11,078 INFO L290 TraceCheckUtils]: 50: Hoare triple {2243#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2243#false} is VALID [2022-02-20 18:03:11,078 INFO L290 TraceCheckUtils]: 51: Hoare triple {2243#false} assume true; {2243#false} is VALID [2022-02-20 18:03:11,078 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2243#false} {2243#false} #921#return; {2243#false} is VALID [2022-02-20 18:03:11,078 INFO L272 TraceCheckUtils]: 53: Hoare triple {2243#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2243#false} is VALID [2022-02-20 18:03:11,078 INFO L290 TraceCheckUtils]: 54: Hoare triple {2243#false} ~handle := #in~handle;~value := #in~value; {2243#false} is VALID [2022-02-20 18:03:11,078 INFO L290 TraceCheckUtils]: 55: Hoare triple {2243#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2243#false} is VALID [2022-02-20 18:03:11,079 INFO L290 TraceCheckUtils]: 56: Hoare triple {2243#false} assume true; {2243#false} is VALID [2022-02-20 18:03:11,079 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2243#false} {2243#false} #923#return; {2243#false} is VALID [2022-02-20 18:03:11,079 INFO L290 TraceCheckUtils]: 58: Hoare triple {2243#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {2243#false} is VALID [2022-02-20 18:03:11,079 INFO L290 TraceCheckUtils]: 59: Hoare triple {2243#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {2243#false} is VALID [2022-02-20 18:03:11,079 INFO L272 TraceCheckUtils]: 60: Hoare triple {2243#false} call outgoing(~sender#1, ~email~0#1); {2243#false} is VALID [2022-02-20 18:03:11,079 INFO L290 TraceCheckUtils]: 61: Hoare triple {2243#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {2243#false} is VALID [2022-02-20 18:03:11,080 INFO L272 TraceCheckUtils]: 62: Hoare triple {2243#false} call #t~ret85#1 := getEmailTo(~msg#1); {2243#false} is VALID [2022-02-20 18:03:11,080 INFO L290 TraceCheckUtils]: 63: Hoare triple {2243#false} ~handle := #in~handle;havoc ~retValue_acc~28; {2243#false} is VALID [2022-02-20 18:03:11,080 INFO L290 TraceCheckUtils]: 64: Hoare triple {2243#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {2243#false} is VALID [2022-02-20 18:03:11,080 INFO L290 TraceCheckUtils]: 65: Hoare triple {2243#false} assume true; {2243#false} is VALID [2022-02-20 18:03:11,080 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2243#false} {2243#false} #881#return; {2243#false} is VALID [2022-02-20 18:03:11,080 INFO L290 TraceCheckUtils]: 67: Hoare triple {2243#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {2243#false} is VALID [2022-02-20 18:03:11,081 INFO L290 TraceCheckUtils]: 68: Hoare triple {2243#false} assume 1 == findPublicKey_~handle#1; {2243#false} is VALID [2022-02-20 18:03:11,081 INFO L290 TraceCheckUtils]: 69: Hoare triple {2243#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {2243#false} is VALID [2022-02-20 18:03:11,081 INFO L290 TraceCheckUtils]: 70: Hoare triple {2243#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {2243#false} is VALID [2022-02-20 18:03:11,081 INFO L290 TraceCheckUtils]: 71: Hoare triple {2243#false} assume !(0 != ~pubkey~0#1); {2243#false} is VALID [2022-02-20 18:03:11,081 INFO L290 TraceCheckUtils]: 72: Hoare triple {2243#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2243#false} is VALID [2022-02-20 18:03:11,081 INFO L290 TraceCheckUtils]: 73: Hoare triple {2243#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2243#false} is VALID [2022-02-20 18:03:11,082 INFO L290 TraceCheckUtils]: 74: Hoare triple {2243#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {2243#false} is VALID [2022-02-20 18:03:11,082 INFO L272 TraceCheckUtils]: 75: Hoare triple {2243#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {2243#false} is VALID [2022-02-20 18:03:11,082 INFO L290 TraceCheckUtils]: 76: Hoare triple {2243#false} ~handle := #in~handle;~value := #in~value; {2243#false} is VALID [2022-02-20 18:03:11,082 INFO L290 TraceCheckUtils]: 77: Hoare triple {2243#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2243#false} is VALID [2022-02-20 18:03:11,082 INFO L290 TraceCheckUtils]: 78: Hoare triple {2243#false} assume true; {2243#false} is VALID [2022-02-20 18:03:11,082 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {2243#false} {2243#false} #887#return; {2243#false} is VALID [2022-02-20 18:03:11,083 INFO L290 TraceCheckUtils]: 80: Hoare triple {2243#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {2243#false} is VALID [2022-02-20 18:03:11,083 INFO L290 TraceCheckUtils]: 81: Hoare triple {2243#false} assume 0 != ~in_encrypted~0; {2243#false} is VALID [2022-02-20 18:03:11,083 INFO L272 TraceCheckUtils]: 82: Hoare triple {2243#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {2243#false} is VALID [2022-02-20 18:03:11,083 INFO L290 TraceCheckUtils]: 83: Hoare triple {2243#false} ~handle := #in~handle;havoc ~retValue_acc~31; {2243#false} is VALID [2022-02-20 18:03:11,083 INFO L290 TraceCheckUtils]: 84: Hoare triple {2243#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {2243#false} is VALID [2022-02-20 18:03:11,083 INFO L290 TraceCheckUtils]: 85: Hoare triple {2243#false} assume true; {2243#false} is VALID [2022-02-20 18:03:11,084 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {2243#false} {2243#false} #889#return; {2243#false} is VALID [2022-02-20 18:03:11,084 INFO L290 TraceCheckUtils]: 87: Hoare triple {2243#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {2243#false} is VALID [2022-02-20 18:03:11,084 INFO L290 TraceCheckUtils]: 88: Hoare triple {2243#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {2243#false} is VALID [2022-02-20 18:03:11,084 INFO L290 TraceCheckUtils]: 89: Hoare triple {2243#false} assume !false; {2243#false} is VALID [2022-02-20 18:03:11,084 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:03:11,085 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:11,085 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1547304736] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:11,085 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:11,085 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:03:11,085 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [492830355] [2022-02-20 18:03:11,086 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:11,087 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 17.0) internal successors, (51), 3 states have internal predecessors, (51), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) Word has length 90 [2022-02-20 18:03:11,087 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:11,087 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 17.0) internal successors, (51), 3 states have internal predecessors, (51), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:11,148 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 75 edges. 75 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:11,148 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:03:11,149 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:11,149 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:03:11,149 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:03:11,150 INFO L87 Difference]: Start difference. First operand 292 states and 440 transitions. Second operand has 3 states, 3 states have (on average 17.0) internal successors, (51), 3 states have internal predecessors, (51), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:11,580 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:11,580 INFO L93 Difference]: Finished difference Result 434 states and 639 transitions. [2022-02-20 18:03:11,580 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:03:11,581 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 17.0) internal successors, (51), 3 states have internal predecessors, (51), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) Word has length 90 [2022-02-20 18:03:11,581 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:11,581 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 17.0) internal successors, (51), 3 states have internal predecessors, (51), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:11,591 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 639 transitions. [2022-02-20 18:03:11,591 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 17.0) internal successors, (51), 3 states have internal predecessors, (51), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:11,600 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 639 transitions. [2022-02-20 18:03:11,600 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 639 transitions. [2022-02-20 18:03:12,101 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 639 edges. 639 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:12,114 INFO L225 Difference]: With dead ends: 434 [2022-02-20 18:03:12,115 INFO L226 Difference]: Without dead ends: 295 [2022-02-20 18:03:12,117 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 115 GetRequests, 107 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:03:12,119 INFO L933 BasicCegarLoop]: 438 mSDtfsCounter, 1 mSDsluCounter, 436 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 874 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:12,120 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 874 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:12,121 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 295 states. [2022-02-20 18:03:12,145 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 295 to 294. [2022-02-20 18:03:12,146 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:12,147 INFO L82 GeneralOperation]: Start isEquivalent. First operand 295 states. Second operand has 294 states, 232 states have (on average 1.521551724137931) internal successors, (353), 235 states have internal predecessors, (353), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) [2022-02-20 18:03:12,148 INFO L74 IsIncluded]: Start isIncluded. First operand 295 states. Second operand has 294 states, 232 states have (on average 1.521551724137931) internal successors, (353), 235 states have internal predecessors, (353), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) [2022-02-20 18:03:12,149 INFO L87 Difference]: Start difference. First operand 295 states. Second operand has 294 states, 232 states have (on average 1.521551724137931) internal successors, (353), 235 states have internal predecessors, (353), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) [2022-02-20 18:03:12,161 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:12,162 INFO L93 Difference]: Finished difference Result 295 states and 443 transitions. [2022-02-20 18:03:12,162 INFO L276 IsEmpty]: Start isEmpty. Operand 295 states and 443 transitions. [2022-02-20 18:03:12,163 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:12,163 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:12,165 INFO L74 IsIncluded]: Start isIncluded. First operand has 294 states, 232 states have (on average 1.521551724137931) internal successors, (353), 235 states have internal predecessors, (353), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) Second operand 295 states. [2022-02-20 18:03:12,165 INFO L87 Difference]: Start difference. First operand has 294 states, 232 states have (on average 1.521551724137931) internal successors, (353), 235 states have internal predecessors, (353), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) Second operand 295 states. [2022-02-20 18:03:12,178 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:12,178 INFO L93 Difference]: Finished difference Result 295 states and 443 transitions. [2022-02-20 18:03:12,178 INFO L276 IsEmpty]: Start isEmpty. Operand 295 states and 443 transitions. [2022-02-20 18:03:12,179 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:12,180 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:12,180 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:12,180 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:12,181 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 294 states, 232 states have (on average 1.521551724137931) internal successors, (353), 235 states have internal predecessors, (353), 45 states have call successors, (45), 16 states have call predecessors, (45), 16 states have return successors, (44), 44 states have call predecessors, (44), 44 states have call successors, (44) [2022-02-20 18:03:12,193 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 294 states to 294 states and 442 transitions. [2022-02-20 18:03:12,194 INFO L78 Accepts]: Start accepts. Automaton has 294 states and 442 transitions. Word has length 90 [2022-02-20 18:03:12,194 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:12,194 INFO L470 AbstractCegarLoop]: Abstraction has 294 states and 442 transitions. [2022-02-20 18:03:12,195 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 17.0) internal successors, (51), 3 states have internal predecessors, (51), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:12,195 INFO L276 IsEmpty]: Start isEmpty. Operand 294 states and 442 transitions. [2022-02-20 18:03:12,196 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-02-20 18:03:12,196 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:12,197 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:12,220 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:12,415 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:03:12,416 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:12,416 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:12,416 INFO L85 PathProgramCache]: Analyzing trace with hash 213599068, now seen corresponding path program 1 times [2022-02-20 18:03:12,416 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:12,416 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [350566310] [2022-02-20 18:03:12,417 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:12,417 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:12,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,510 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:12,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,517 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,518 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4179#true} #927#return; {4179#true} is VALID [2022-02-20 18:03:12,524 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:12,526 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,534 INFO L290 TraceCheckUtils]: 0: Hoare triple {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,534 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,534 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,534 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4179#true} #929#return; {4179#true} is VALID [2022-02-20 18:03:12,535 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:12,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4228#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:12,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {4228#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4229#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:12,552 INFO L290 TraceCheckUtils]: 2: Hoare triple {4229#(= |setClientId_#in~handle| 1)} assume true; {4229#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:12,553 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4229#(= |setClientId_#in~handle| 1)} {4189#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #931#return; {4180#false} is VALID [2022-02-20 18:03:12,553 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:03:12,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,560 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,560 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4180#false} #933#return; {4180#false} is VALID [2022-02-20 18:03:12,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:03:12,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,565 INFO L290 TraceCheckUtils]: 0: Hoare triple {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,565 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,565 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,566 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4180#false} #935#return; {4180#false} is VALID [2022-02-20 18:03:12,566 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:03:12,568 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,570 INFO L290 TraceCheckUtils]: 0: Hoare triple {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,571 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,571 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4180#false} #937#return; {4180#false} is VALID [2022-02-20 18:03:12,577 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 18:03:12,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,583 INFO L290 TraceCheckUtils]: 0: Hoare triple {4230#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,583 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,583 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,583 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4180#false} #921#return; {4180#false} is VALID [2022-02-20 18:03:12,590 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:03:12,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,596 INFO L290 TraceCheckUtils]: 0: Hoare triple {4231#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,596 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,597 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4180#false} #923#return; {4180#false} is VALID [2022-02-20 18:03:12,597 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:03:12,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,601 INFO L290 TraceCheckUtils]: 0: Hoare triple {4179#true} ~handle := #in~handle;havoc ~retValue_acc~28; {4179#true} is VALID [2022-02-20 18:03:12,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {4179#true} is VALID [2022-02-20 18:03:12,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4180#false} #881#return; {4180#false} is VALID [2022-02-20 18:03:12,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:03:12,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {4230#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,606 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,606 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,606 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4180#false} #887#return; {4180#false} is VALID [2022-02-20 18:03:12,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:03:12,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {4179#true} ~handle := #in~handle;havoc ~retValue_acc~31; {4179#true} is VALID [2022-02-20 18:03:12,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {4179#true} is VALID [2022-02-20 18:03:12,611 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,611 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4179#true} {4180#false} #889#return; {4180#false} is VALID [2022-02-20 18:03:12,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {4179#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4179#true} is VALID [2022-02-20 18:03:12,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {4179#true} is VALID [2022-02-20 18:03:12,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4179#true} is VALID [2022-02-20 18:03:12,612 INFO L290 TraceCheckUtils]: 3: Hoare triple {4179#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {4179#true} is VALID [2022-02-20 18:03:12,612 INFO L290 TraceCheckUtils]: 4: Hoare triple {4179#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {4179#true} is VALID [2022-02-20 18:03:12,613 INFO L290 TraceCheckUtils]: 5: Hoare triple {4179#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4179#true} is VALID [2022-02-20 18:03:12,616 INFO L272 TraceCheckUtils]: 6: Hoare triple {4179#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:12,618 INFO L290 TraceCheckUtils]: 7: Hoare triple {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,619 INFO L290 TraceCheckUtils]: 8: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,619 INFO L290 TraceCheckUtils]: 9: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,619 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4179#true} {4179#true} #927#return; {4179#true} is VALID [2022-02-20 18:03:12,619 INFO L290 TraceCheckUtils]: 11: Hoare triple {4179#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4179#true} is VALID [2022-02-20 18:03:12,621 INFO L272 TraceCheckUtils]: 12: Hoare triple {4179#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:12,621 INFO L290 TraceCheckUtils]: 13: Hoare triple {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,621 INFO L290 TraceCheckUtils]: 14: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,621 INFO L290 TraceCheckUtils]: 15: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,621 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4179#true} {4179#true} #929#return; {4179#true} is VALID [2022-02-20 18:03:12,622 INFO L290 TraceCheckUtils]: 17: Hoare triple {4179#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4189#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:12,623 INFO L272 TraceCheckUtils]: 18: Hoare triple {4189#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:12,623 INFO L290 TraceCheckUtils]: 19: Hoare triple {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4228#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:12,623 INFO L290 TraceCheckUtils]: 20: Hoare triple {4228#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4229#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:12,624 INFO L290 TraceCheckUtils]: 21: Hoare triple {4229#(= |setClientId_#in~handle| 1)} assume true; {4229#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:12,624 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4229#(= |setClientId_#in~handle| 1)} {4189#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #931#return; {4180#false} is VALID [2022-02-20 18:03:12,625 INFO L290 TraceCheckUtils]: 23: Hoare triple {4180#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4180#false} is VALID [2022-02-20 18:03:12,625 INFO L272 TraceCheckUtils]: 24: Hoare triple {4180#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:12,625 INFO L290 TraceCheckUtils]: 25: Hoare triple {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,625 INFO L290 TraceCheckUtils]: 26: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,626 INFO L290 TraceCheckUtils]: 27: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,626 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4179#true} {4180#false} #933#return; {4180#false} is VALID [2022-02-20 18:03:12,626 INFO L290 TraceCheckUtils]: 29: Hoare triple {4180#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4180#false} is VALID [2022-02-20 18:03:12,626 INFO L272 TraceCheckUtils]: 30: Hoare triple {4180#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:12,626 INFO L290 TraceCheckUtils]: 31: Hoare triple {4226#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,626 INFO L290 TraceCheckUtils]: 32: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,626 INFO L290 TraceCheckUtils]: 33: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,627 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4179#true} {4180#false} #935#return; {4180#false} is VALID [2022-02-20 18:03:12,628 INFO L290 TraceCheckUtils]: 35: Hoare triple {4180#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4180#false} is VALID [2022-02-20 18:03:12,628 INFO L272 TraceCheckUtils]: 36: Hoare triple {4180#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:12,628 INFO L290 TraceCheckUtils]: 37: Hoare triple {4227#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,628 INFO L290 TraceCheckUtils]: 38: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,628 INFO L290 TraceCheckUtils]: 39: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,628 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4179#true} {4180#false} #937#return; {4180#false} is VALID [2022-02-20 18:03:12,628 INFO L290 TraceCheckUtils]: 41: Hoare triple {4180#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {4180#false} is VALID [2022-02-20 18:03:12,629 INFO L290 TraceCheckUtils]: 42: Hoare triple {4180#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4180#false} is VALID [2022-02-20 18:03:12,629 INFO L290 TraceCheckUtils]: 43: Hoare triple {4180#false} assume !false; {4180#false} is VALID [2022-02-20 18:03:12,629 INFO L290 TraceCheckUtils]: 44: Hoare triple {4180#false} assume test_~splverifierCounter~0#1 < 4; {4180#false} is VALID [2022-02-20 18:03:12,629 INFO L290 TraceCheckUtils]: 45: Hoare triple {4180#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4180#false} is VALID [2022-02-20 18:03:12,629 INFO L290 TraceCheckUtils]: 46: Hoare triple {4180#false} assume !(0 == test_~op1~0#1); {4180#false} is VALID [2022-02-20 18:03:12,630 INFO L290 TraceCheckUtils]: 47: Hoare triple {4180#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {4180#false} is VALID [2022-02-20 18:03:12,630 INFO L290 TraceCheckUtils]: 48: Hoare triple {4180#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4180#false} is VALID [2022-02-20 18:03:12,630 INFO L290 TraceCheckUtils]: 49: Hoare triple {4180#false} assume !false; {4180#false} is VALID [2022-02-20 18:03:12,630 INFO L290 TraceCheckUtils]: 50: Hoare triple {4180#false} assume !(test_~splverifierCounter~0#1 < 4); {4180#false} is VALID [2022-02-20 18:03:12,630 INFO L290 TraceCheckUtils]: 51: Hoare triple {4180#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {4180#false} is VALID [2022-02-20 18:03:12,630 INFO L272 TraceCheckUtils]: 52: Hoare triple {4180#false} call sendEmail(~bob~0, ~rjh~0); {4180#false} is VALID [2022-02-20 18:03:12,630 INFO L290 TraceCheckUtils]: 53: Hoare triple {4180#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4180#false} is VALID [2022-02-20 18:03:12,631 INFO L272 TraceCheckUtils]: 54: Hoare triple {4180#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4230#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:12,631 INFO L290 TraceCheckUtils]: 55: Hoare triple {4230#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,631 INFO L290 TraceCheckUtils]: 56: Hoare triple {4179#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,631 INFO L290 TraceCheckUtils]: 57: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,631 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4179#true} {4180#false} #921#return; {4180#false} is VALID [2022-02-20 18:03:12,631 INFO L272 TraceCheckUtils]: 59: Hoare triple {4180#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4231#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:12,632 INFO L290 TraceCheckUtils]: 60: Hoare triple {4231#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,632 INFO L290 TraceCheckUtils]: 61: Hoare triple {4179#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,632 INFO L290 TraceCheckUtils]: 62: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,632 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {4179#true} {4180#false} #923#return; {4180#false} is VALID [2022-02-20 18:03:12,632 INFO L290 TraceCheckUtils]: 64: Hoare triple {4180#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {4180#false} is VALID [2022-02-20 18:03:12,632 INFO L290 TraceCheckUtils]: 65: Hoare triple {4180#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {4180#false} is VALID [2022-02-20 18:03:12,633 INFO L272 TraceCheckUtils]: 66: Hoare triple {4180#false} call outgoing(~sender#1, ~email~0#1); {4180#false} is VALID [2022-02-20 18:03:12,633 INFO L290 TraceCheckUtils]: 67: Hoare triple {4180#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {4180#false} is VALID [2022-02-20 18:03:12,633 INFO L272 TraceCheckUtils]: 68: Hoare triple {4180#false} call #t~ret85#1 := getEmailTo(~msg#1); {4179#true} is VALID [2022-02-20 18:03:12,633 INFO L290 TraceCheckUtils]: 69: Hoare triple {4179#true} ~handle := #in~handle;havoc ~retValue_acc~28; {4179#true} is VALID [2022-02-20 18:03:12,633 INFO L290 TraceCheckUtils]: 70: Hoare triple {4179#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {4179#true} is VALID [2022-02-20 18:03:12,633 INFO L290 TraceCheckUtils]: 71: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,633 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {4179#true} {4180#false} #881#return; {4180#false} is VALID [2022-02-20 18:03:12,634 INFO L290 TraceCheckUtils]: 73: Hoare triple {4180#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {4180#false} is VALID [2022-02-20 18:03:12,634 INFO L290 TraceCheckUtils]: 74: Hoare triple {4180#false} assume 1 == findPublicKey_~handle#1; {4180#false} is VALID [2022-02-20 18:03:12,634 INFO L290 TraceCheckUtils]: 75: Hoare triple {4180#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {4180#false} is VALID [2022-02-20 18:03:12,634 INFO L290 TraceCheckUtils]: 76: Hoare triple {4180#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {4180#false} is VALID [2022-02-20 18:03:12,634 INFO L290 TraceCheckUtils]: 77: Hoare triple {4180#false} assume !(0 != ~pubkey~0#1); {4180#false} is VALID [2022-02-20 18:03:12,634 INFO L290 TraceCheckUtils]: 78: Hoare triple {4180#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {4180#false} is VALID [2022-02-20 18:03:12,635 INFO L290 TraceCheckUtils]: 79: Hoare triple {4180#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {4180#false} is VALID [2022-02-20 18:03:12,635 INFO L290 TraceCheckUtils]: 80: Hoare triple {4180#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {4180#false} is VALID [2022-02-20 18:03:12,635 INFO L272 TraceCheckUtils]: 81: Hoare triple {4180#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {4230#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:12,635 INFO L290 TraceCheckUtils]: 82: Hoare triple {4230#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:12,635 INFO L290 TraceCheckUtils]: 83: Hoare triple {4179#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:12,635 INFO L290 TraceCheckUtils]: 84: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,635 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {4179#true} {4180#false} #887#return; {4180#false} is VALID [2022-02-20 18:03:12,636 INFO L290 TraceCheckUtils]: 86: Hoare triple {4180#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {4180#false} is VALID [2022-02-20 18:03:12,636 INFO L290 TraceCheckUtils]: 87: Hoare triple {4180#false} assume 0 != ~in_encrypted~0; {4180#false} is VALID [2022-02-20 18:03:12,636 INFO L272 TraceCheckUtils]: 88: Hoare triple {4180#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {4179#true} is VALID [2022-02-20 18:03:12,636 INFO L290 TraceCheckUtils]: 89: Hoare triple {4179#true} ~handle := #in~handle;havoc ~retValue_acc~31; {4179#true} is VALID [2022-02-20 18:03:12,636 INFO L290 TraceCheckUtils]: 90: Hoare triple {4179#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {4179#true} is VALID [2022-02-20 18:03:12,636 INFO L290 TraceCheckUtils]: 91: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:12,636 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4179#true} {4180#false} #889#return; {4180#false} is VALID [2022-02-20 18:03:12,637 INFO L290 TraceCheckUtils]: 93: Hoare triple {4180#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {4180#false} is VALID [2022-02-20 18:03:12,637 INFO L290 TraceCheckUtils]: 94: Hoare triple {4180#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {4180#false} is VALID [2022-02-20 18:03:12,637 INFO L290 TraceCheckUtils]: 95: Hoare triple {4180#false} assume !false; {4180#false} is VALID [2022-02-20 18:03:12,637 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:03:12,638 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:12,638 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [350566310] [2022-02-20 18:03:12,639 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [350566310] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:12,639 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1023558213] [2022-02-20 18:03:12,640 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:12,640 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:12,640 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:12,644 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:12,649 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:03:12,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,881 INFO L263 TraceCheckSpWp]: Trace formula consists of 973 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:03:12,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:12,929 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:13,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {4179#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {4179#true} is VALID [2022-02-20 18:03:13,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {4179#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {4179#true} is VALID [2022-02-20 18:03:13,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {4179#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4179#true} is VALID [2022-02-20 18:03:13,152 INFO L290 TraceCheckUtils]: 3: Hoare triple {4179#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {4179#true} is VALID [2022-02-20 18:03:13,152 INFO L290 TraceCheckUtils]: 4: Hoare triple {4179#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {4179#true} is VALID [2022-02-20 18:03:13,152 INFO L290 TraceCheckUtils]: 5: Hoare triple {4179#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4179#true} is VALID [2022-02-20 18:03:13,152 INFO L272 TraceCheckUtils]: 6: Hoare triple {4179#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4179#true} is VALID [2022-02-20 18:03:13,152 INFO L290 TraceCheckUtils]: 7: Hoare triple {4179#true} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:13,152 INFO L290 TraceCheckUtils]: 8: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:13,152 INFO L290 TraceCheckUtils]: 9: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4179#true} {4179#true} #927#return; {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L290 TraceCheckUtils]: 11: Hoare triple {4179#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L272 TraceCheckUtils]: 12: Hoare triple {4179#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L290 TraceCheckUtils]: 13: Hoare triple {4179#true} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L290 TraceCheckUtils]: 14: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L290 TraceCheckUtils]: 15: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4179#true} {4179#true} #929#return; {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L290 TraceCheckUtils]: 17: Hoare triple {4179#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4179#true} is VALID [2022-02-20 18:03:13,153 INFO L272 TraceCheckUtils]: 18: Hoare triple {4179#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4179#true} is VALID [2022-02-20 18:03:13,154 INFO L290 TraceCheckUtils]: 19: Hoare triple {4179#true} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:13,154 INFO L290 TraceCheckUtils]: 20: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:13,154 INFO L290 TraceCheckUtils]: 21: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:13,154 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4179#true} {4179#true} #931#return; {4179#true} is VALID [2022-02-20 18:03:13,154 INFO L290 TraceCheckUtils]: 23: Hoare triple {4179#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4179#true} is VALID [2022-02-20 18:03:13,154 INFO L272 TraceCheckUtils]: 24: Hoare triple {4179#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4179#true} is VALID [2022-02-20 18:03:13,154 INFO L290 TraceCheckUtils]: 25: Hoare triple {4179#true} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:13,154 INFO L290 TraceCheckUtils]: 26: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:13,155 INFO L290 TraceCheckUtils]: 27: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:13,155 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4179#true} {4179#true} #933#return; {4179#true} is VALID [2022-02-20 18:03:13,155 INFO L290 TraceCheckUtils]: 29: Hoare triple {4179#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4179#true} is VALID [2022-02-20 18:03:13,155 INFO L272 TraceCheckUtils]: 30: Hoare triple {4179#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4179#true} is VALID [2022-02-20 18:03:13,155 INFO L290 TraceCheckUtils]: 31: Hoare triple {4179#true} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:13,155 INFO L290 TraceCheckUtils]: 32: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:13,155 INFO L290 TraceCheckUtils]: 33: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:13,156 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4179#true} {4179#true} #935#return; {4179#true} is VALID [2022-02-20 18:03:13,156 INFO L290 TraceCheckUtils]: 35: Hoare triple {4179#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4179#true} is VALID [2022-02-20 18:03:13,156 INFO L272 TraceCheckUtils]: 36: Hoare triple {4179#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4179#true} is VALID [2022-02-20 18:03:13,156 INFO L290 TraceCheckUtils]: 37: Hoare triple {4179#true} ~handle := #in~handle;~value := #in~value; {4179#true} is VALID [2022-02-20 18:03:13,156 INFO L290 TraceCheckUtils]: 38: Hoare triple {4179#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4179#true} is VALID [2022-02-20 18:03:13,156 INFO L290 TraceCheckUtils]: 39: Hoare triple {4179#true} assume true; {4179#true} is VALID [2022-02-20 18:03:13,156 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4179#true} {4179#true} #937#return; {4179#true} is VALID [2022-02-20 18:03:13,157 INFO L290 TraceCheckUtils]: 41: Hoare triple {4179#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {4179#true} is VALID [2022-02-20 18:03:13,163 INFO L290 TraceCheckUtils]: 42: Hoare triple {4179#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4361#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:13,164 INFO L290 TraceCheckUtils]: 43: Hoare triple {4361#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4361#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:13,164 INFO L290 TraceCheckUtils]: 44: Hoare triple {4361#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4361#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:13,164 INFO L290 TraceCheckUtils]: 45: Hoare triple {4361#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4361#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 46: Hoare triple {4361#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 47: Hoare triple {4180#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 48: Hoare triple {4180#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 49: Hoare triple {4180#false} assume !false; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 50: Hoare triple {4180#false} assume !(test_~splverifierCounter~0#1 < 4); {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 51: Hoare triple {4180#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L272 TraceCheckUtils]: 52: Hoare triple {4180#false} call sendEmail(~bob~0, ~rjh~0); {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 53: Hoare triple {4180#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L272 TraceCheckUtils]: 54: Hoare triple {4180#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 55: Hoare triple {4180#false} ~handle := #in~handle;~value := #in~value; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 56: Hoare triple {4180#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 57: Hoare triple {4180#false} assume true; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4180#false} {4180#false} #921#return; {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L272 TraceCheckUtils]: 59: Hoare triple {4180#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4180#false} is VALID [2022-02-20 18:03:13,165 INFO L290 TraceCheckUtils]: 60: Hoare triple {4180#false} ~handle := #in~handle;~value := #in~value; {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L290 TraceCheckUtils]: 61: Hoare triple {4180#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L290 TraceCheckUtils]: 62: Hoare triple {4180#false} assume true; {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {4180#false} {4180#false} #923#return; {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L290 TraceCheckUtils]: 64: Hoare triple {4180#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L290 TraceCheckUtils]: 65: Hoare triple {4180#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L272 TraceCheckUtils]: 66: Hoare triple {4180#false} call outgoing(~sender#1, ~email~0#1); {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L290 TraceCheckUtils]: 67: Hoare triple {4180#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L272 TraceCheckUtils]: 68: Hoare triple {4180#false} call #t~ret85#1 := getEmailTo(~msg#1); {4180#false} is VALID [2022-02-20 18:03:13,166 INFO L290 TraceCheckUtils]: 69: Hoare triple {4180#false} ~handle := #in~handle;havoc ~retValue_acc~28; {4180#false} is VALID [2022-02-20 18:03:13,167 INFO L290 TraceCheckUtils]: 70: Hoare triple {4180#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {4180#false} is VALID [2022-02-20 18:03:13,167 INFO L290 TraceCheckUtils]: 71: Hoare triple {4180#false} assume true; {4180#false} is VALID [2022-02-20 18:03:13,167 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {4180#false} {4180#false} #881#return; {4180#false} is VALID [2022-02-20 18:03:13,167 INFO L290 TraceCheckUtils]: 73: Hoare triple {4180#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {4180#false} is VALID [2022-02-20 18:03:13,167 INFO L290 TraceCheckUtils]: 74: Hoare triple {4180#false} assume 1 == findPublicKey_~handle#1; {4180#false} is VALID [2022-02-20 18:03:13,167 INFO L290 TraceCheckUtils]: 75: Hoare triple {4180#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {4180#false} is VALID [2022-02-20 18:03:13,167 INFO L290 TraceCheckUtils]: 76: Hoare triple {4180#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {4180#false} is VALID [2022-02-20 18:03:13,168 INFO L290 TraceCheckUtils]: 77: Hoare triple {4180#false} assume !(0 != ~pubkey~0#1); {4180#false} is VALID [2022-02-20 18:03:13,168 INFO L290 TraceCheckUtils]: 78: Hoare triple {4180#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {4180#false} is VALID [2022-02-20 18:03:13,168 INFO L290 TraceCheckUtils]: 79: Hoare triple {4180#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {4180#false} is VALID [2022-02-20 18:03:13,168 INFO L290 TraceCheckUtils]: 80: Hoare triple {4180#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {4180#false} is VALID [2022-02-20 18:03:13,168 INFO L272 TraceCheckUtils]: 81: Hoare triple {4180#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {4180#false} is VALID [2022-02-20 18:03:13,168 INFO L290 TraceCheckUtils]: 82: Hoare triple {4180#false} ~handle := #in~handle;~value := #in~value; {4180#false} is VALID [2022-02-20 18:03:13,168 INFO L290 TraceCheckUtils]: 83: Hoare triple {4180#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4180#false} is VALID [2022-02-20 18:03:13,169 INFO L290 TraceCheckUtils]: 84: Hoare triple {4180#false} assume true; {4180#false} is VALID [2022-02-20 18:03:13,169 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {4180#false} {4180#false} #887#return; {4180#false} is VALID [2022-02-20 18:03:13,169 INFO L290 TraceCheckUtils]: 86: Hoare triple {4180#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {4180#false} is VALID [2022-02-20 18:03:13,169 INFO L290 TraceCheckUtils]: 87: Hoare triple {4180#false} assume 0 != ~in_encrypted~0; {4180#false} is VALID [2022-02-20 18:03:13,169 INFO L272 TraceCheckUtils]: 88: Hoare triple {4180#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {4180#false} is VALID [2022-02-20 18:03:13,169 INFO L290 TraceCheckUtils]: 89: Hoare triple {4180#false} ~handle := #in~handle;havoc ~retValue_acc~31; {4180#false} is VALID [2022-02-20 18:03:13,169 INFO L290 TraceCheckUtils]: 90: Hoare triple {4180#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {4180#false} is VALID [2022-02-20 18:03:13,170 INFO L290 TraceCheckUtils]: 91: Hoare triple {4180#false} assume true; {4180#false} is VALID [2022-02-20 18:03:13,170 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {4180#false} {4180#false} #889#return; {4180#false} is VALID [2022-02-20 18:03:13,170 INFO L290 TraceCheckUtils]: 93: Hoare triple {4180#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {4180#false} is VALID [2022-02-20 18:03:13,170 INFO L290 TraceCheckUtils]: 94: Hoare triple {4180#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {4180#false} is VALID [2022-02-20 18:03:13,170 INFO L290 TraceCheckUtils]: 95: Hoare triple {4180#false} assume !false; {4180#false} is VALID [2022-02-20 18:03:13,171 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:03:13,171 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:13,171 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1023558213] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:13,171 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:13,171 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:03:13,171 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [185637735] [2022-02-20 18:03:13,172 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:13,172 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) Word has length 96 [2022-02-20 18:03:13,173 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:13,173 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:13,243 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:13,244 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:03:13,244 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:13,244 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:03:13,245 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:03:13,245 INFO L87 Difference]: Start difference. First operand 294 states and 442 transitions. Second operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:13,705 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:13,705 INFO L93 Difference]: Finished difference Result 618 states and 943 transitions. [2022-02-20 18:03:13,705 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:03:13,706 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) Word has length 96 [2022-02-20 18:03:13,706 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:13,706 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:13,719 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 941 transitions. [2022-02-20 18:03:13,720 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:13,730 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 941 transitions. [2022-02-20 18:03:13,730 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 941 transitions. [2022-02-20 18:03:14,435 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 941 edges. 941 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:14,447 INFO L225 Difference]: With dead ends: 618 [2022-02-20 18:03:14,447 INFO L226 Difference]: Without dead ends: 351 [2022-02-20 18:03:14,449 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 121 GetRequests, 113 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:03:14,449 INFO L933 BasicCegarLoop]: 455 mSDtfsCounter, 107 mSDsluCounter, 394 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 122 SdHoareTripleChecker+Valid, 849 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:14,450 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [122 Valid, 849 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:14,451 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 351 states. [2022-02-20 18:03:14,463 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 351 to 343. [2022-02-20 18:03:14,463 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:14,464 INFO L82 GeneralOperation]: Start isEquivalent. First operand 351 states. Second operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 273 states have internal predecessors, (415), 56 states have call successors, (56), 16 states have call predecessors, (56), 16 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 18:03:14,465 INFO L74 IsIncluded]: Start isIncluded. First operand 351 states. Second operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 273 states have internal predecessors, (415), 56 states have call successors, (56), 16 states have call predecessors, (56), 16 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 18:03:14,466 INFO L87 Difference]: Start difference. First operand 351 states. Second operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 273 states have internal predecessors, (415), 56 states have call successors, (56), 16 states have call predecessors, (56), 16 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 18:03:14,478 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:14,478 INFO L93 Difference]: Finished difference Result 351 states and 535 transitions. [2022-02-20 18:03:14,478 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 535 transitions. [2022-02-20 18:03:14,480 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:14,480 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:14,481 INFO L74 IsIncluded]: Start isIncluded. First operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 273 states have internal predecessors, (415), 56 states have call successors, (56), 16 states have call predecessors, (56), 16 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) Second operand 351 states. [2022-02-20 18:03:14,482 INFO L87 Difference]: Start difference. First operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 273 states have internal predecessors, (415), 56 states have call successors, (56), 16 states have call predecessors, (56), 16 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) Second operand 351 states. [2022-02-20 18:03:14,494 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:14,494 INFO L93 Difference]: Finished difference Result 351 states and 535 transitions. [2022-02-20 18:03:14,495 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 535 transitions. [2022-02-20 18:03:14,496 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:14,496 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:14,496 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:14,496 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:14,497 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 343 states, 270 states have (on average 1.537037037037037) internal successors, (415), 273 states have internal predecessors, (415), 56 states have call successors, (56), 16 states have call predecessors, (56), 16 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 18:03:14,510 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 343 states to 343 states and 526 transitions. [2022-02-20 18:03:14,510 INFO L78 Accepts]: Start accepts. Automaton has 343 states and 526 transitions. Word has length 96 [2022-02-20 18:03:14,510 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:14,511 INFO L470 AbstractCegarLoop]: Abstraction has 343 states and 526 transitions. [2022-02-20 18:03:14,511 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (13), 2 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2022-02-20 18:03:14,511 INFO L276 IsEmpty]: Start isEmpty. Operand 343 states and 526 transitions. [2022-02-20 18:03:14,513 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 98 [2022-02-20 18:03:14,513 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:14,513 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:14,535 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:14,727 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:14,728 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:14,728 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:14,728 INFO L85 PathProgramCache]: Analyzing trace with hash 1191934709, now seen corresponding path program 1 times [2022-02-20 18:03:14,728 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:14,728 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1144182078] [2022-02-20 18:03:14,728 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:14,729 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:14,765 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,792 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:14,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,796 INFO L290 TraceCheckUtils]: 0: Hoare triple {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,797 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6589#true} #927#return; {6589#true} is VALID [2022-02-20 18:03:14,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:14,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,808 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,808 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,808 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6589#true} #929#return; {6589#true} is VALID [2022-02-20 18:03:14,808 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:14,811 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,826 INFO L290 TraceCheckUtils]: 0: Hoare triple {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6638#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:14,826 INFO L290 TraceCheckUtils]: 1: Hoare triple {6638#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6639#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:14,827 INFO L290 TraceCheckUtils]: 2: Hoare triple {6639#(= |setClientId_#in~handle| 1)} assume true; {6639#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:14,827 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6639#(= |setClientId_#in~handle| 1)} {6599#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #931#return; {6590#false} is VALID [2022-02-20 18:03:14,828 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:03:14,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,833 INFO L290 TraceCheckUtils]: 0: Hoare triple {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,834 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,834 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,834 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6590#false} #933#return; {6590#false} is VALID [2022-02-20 18:03:14,834 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:03:14,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,839 INFO L290 TraceCheckUtils]: 0: Hoare triple {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,839 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,839 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,839 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6590#false} #935#return; {6590#false} is VALID [2022-02-20 18:03:14,839 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:03:14,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,844 INFO L290 TraceCheckUtils]: 0: Hoare triple {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,844 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,844 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,844 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6590#false} #937#return; {6590#false} is VALID [2022-02-20 18:03:14,865 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 18:03:14,867 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,869 INFO L290 TraceCheckUtils]: 0: Hoare triple {6640#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,869 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,869 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,869 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6590#false} #921#return; {6590#false} is VALID [2022-02-20 18:03:14,877 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:03:14,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {6641#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,880 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,881 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6590#false} #923#return; {6590#false} is VALID [2022-02-20 18:03:14,881 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 18:03:14,882 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {6589#true} ~handle := #in~handle;havoc ~retValue_acc~28; {6589#true} is VALID [2022-02-20 18:03:14,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {6589#true} is VALID [2022-02-20 18:03:14,884 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,885 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6590#false} #881#return; {6590#false} is VALID [2022-02-20 18:03:14,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:03:14,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,888 INFO L290 TraceCheckUtils]: 0: Hoare triple {6640#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,888 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,888 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,888 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6590#false} #887#return; {6590#false} is VALID [2022-02-20 18:03:14,888 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 18:03:14,889 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:14,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {6589#true} ~handle := #in~handle;havoc ~retValue_acc~31; {6589#true} is VALID [2022-02-20 18:03:14,893 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {6589#true} is VALID [2022-02-20 18:03:14,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,894 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6589#true} {6590#false} #889#return; {6590#false} is VALID [2022-02-20 18:03:14,894 INFO L290 TraceCheckUtils]: 0: Hoare triple {6589#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {6589#true} is VALID [2022-02-20 18:03:14,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {6589#true} is VALID [2022-02-20 18:03:14,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6589#true} is VALID [2022-02-20 18:03:14,894 INFO L290 TraceCheckUtils]: 3: Hoare triple {6589#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {6589#true} is VALID [2022-02-20 18:03:14,895 INFO L290 TraceCheckUtils]: 4: Hoare triple {6589#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {6589#true} is VALID [2022-02-20 18:03:14,895 INFO L290 TraceCheckUtils]: 5: Hoare triple {6589#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6589#true} is VALID [2022-02-20 18:03:14,895 INFO L272 TraceCheckUtils]: 6: Hoare triple {6589#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:14,896 INFO L290 TraceCheckUtils]: 7: Hoare triple {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,896 INFO L290 TraceCheckUtils]: 8: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,896 INFO L290 TraceCheckUtils]: 9: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,896 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6589#true} {6589#true} #927#return; {6589#true} is VALID [2022-02-20 18:03:14,896 INFO L290 TraceCheckUtils]: 11: Hoare triple {6589#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6589#true} is VALID [2022-02-20 18:03:14,897 INFO L272 TraceCheckUtils]: 12: Hoare triple {6589#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:14,897 INFO L290 TraceCheckUtils]: 13: Hoare triple {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,897 INFO L290 TraceCheckUtils]: 14: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,897 INFO L290 TraceCheckUtils]: 15: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,898 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6589#true} {6589#true} #929#return; {6589#true} is VALID [2022-02-20 18:03:14,898 INFO L290 TraceCheckUtils]: 17: Hoare triple {6589#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6599#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:14,899 INFO L272 TraceCheckUtils]: 18: Hoare triple {6599#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:14,899 INFO L290 TraceCheckUtils]: 19: Hoare triple {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6638#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:14,900 INFO L290 TraceCheckUtils]: 20: Hoare triple {6638#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6639#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:14,900 INFO L290 TraceCheckUtils]: 21: Hoare triple {6639#(= |setClientId_#in~handle| 1)} assume true; {6639#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:14,900 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6639#(= |setClientId_#in~handle| 1)} {6599#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #931#return; {6590#false} is VALID [2022-02-20 18:03:14,901 INFO L290 TraceCheckUtils]: 23: Hoare triple {6590#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6590#false} is VALID [2022-02-20 18:03:14,901 INFO L272 TraceCheckUtils]: 24: Hoare triple {6590#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:14,901 INFO L290 TraceCheckUtils]: 25: Hoare triple {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,901 INFO L290 TraceCheckUtils]: 26: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,901 INFO L290 TraceCheckUtils]: 27: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,901 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6589#true} {6590#false} #933#return; {6590#false} is VALID [2022-02-20 18:03:14,901 INFO L290 TraceCheckUtils]: 29: Hoare triple {6590#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6590#false} is VALID [2022-02-20 18:03:14,902 INFO L272 TraceCheckUtils]: 30: Hoare triple {6590#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:14,902 INFO L290 TraceCheckUtils]: 31: Hoare triple {6636#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,902 INFO L290 TraceCheckUtils]: 32: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,902 INFO L290 TraceCheckUtils]: 33: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,902 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6589#true} {6590#false} #935#return; {6590#false} is VALID [2022-02-20 18:03:14,902 INFO L290 TraceCheckUtils]: 35: Hoare triple {6590#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6590#false} is VALID [2022-02-20 18:03:14,902 INFO L272 TraceCheckUtils]: 36: Hoare triple {6590#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:14,903 INFO L290 TraceCheckUtils]: 37: Hoare triple {6637#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,903 INFO L290 TraceCheckUtils]: 38: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,903 INFO L290 TraceCheckUtils]: 39: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,903 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6589#true} {6590#false} #937#return; {6590#false} is VALID [2022-02-20 18:03:14,903 INFO L290 TraceCheckUtils]: 41: Hoare triple {6590#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {6590#false} is VALID [2022-02-20 18:03:14,904 INFO L290 TraceCheckUtils]: 42: Hoare triple {6590#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6590#false} is VALID [2022-02-20 18:03:14,904 INFO L290 TraceCheckUtils]: 43: Hoare triple {6590#false} assume !false; {6590#false} is VALID [2022-02-20 18:03:14,904 INFO L290 TraceCheckUtils]: 44: Hoare triple {6590#false} assume test_~splverifierCounter~0#1 < 4; {6590#false} is VALID [2022-02-20 18:03:14,905 INFO L290 TraceCheckUtils]: 45: Hoare triple {6590#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6590#false} is VALID [2022-02-20 18:03:14,905 INFO L290 TraceCheckUtils]: 46: Hoare triple {6590#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {6590#false} is VALID [2022-02-20 18:03:14,905 INFO L290 TraceCheckUtils]: 47: Hoare triple {6590#false} assume !(0 != test_~tmp___9~0#1); {6590#false} is VALID [2022-02-20 18:03:14,905 INFO L290 TraceCheckUtils]: 48: Hoare triple {6590#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {6590#false} is VALID [2022-02-20 18:03:14,905 INFO L290 TraceCheckUtils]: 49: Hoare triple {6590#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {6590#false} is VALID [2022-02-20 18:03:14,905 INFO L290 TraceCheckUtils]: 50: Hoare triple {6590#false} assume !false; {6590#false} is VALID [2022-02-20 18:03:14,905 INFO L290 TraceCheckUtils]: 51: Hoare triple {6590#false} assume !(test_~splverifierCounter~0#1 < 4); {6590#false} is VALID [2022-02-20 18:03:14,906 INFO L290 TraceCheckUtils]: 52: Hoare triple {6590#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {6590#false} is VALID [2022-02-20 18:03:14,906 INFO L272 TraceCheckUtils]: 53: Hoare triple {6590#false} call sendEmail(~bob~0, ~rjh~0); {6590#false} is VALID [2022-02-20 18:03:14,906 INFO L290 TraceCheckUtils]: 54: Hoare triple {6590#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6590#false} is VALID [2022-02-20 18:03:14,906 INFO L272 TraceCheckUtils]: 55: Hoare triple {6590#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6640#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:14,906 INFO L290 TraceCheckUtils]: 56: Hoare triple {6640#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,906 INFO L290 TraceCheckUtils]: 57: Hoare triple {6589#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,906 INFO L290 TraceCheckUtils]: 58: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,907 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {6589#true} {6590#false} #921#return; {6590#false} is VALID [2022-02-20 18:03:14,907 INFO L272 TraceCheckUtils]: 60: Hoare triple {6590#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6641#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:14,907 INFO L290 TraceCheckUtils]: 61: Hoare triple {6641#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,907 INFO L290 TraceCheckUtils]: 62: Hoare triple {6589#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,907 INFO L290 TraceCheckUtils]: 63: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,907 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {6589#true} {6590#false} #923#return; {6590#false} is VALID [2022-02-20 18:03:14,907 INFO L290 TraceCheckUtils]: 65: Hoare triple {6590#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {6590#false} is VALID [2022-02-20 18:03:14,908 INFO L290 TraceCheckUtils]: 66: Hoare triple {6590#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {6590#false} is VALID [2022-02-20 18:03:14,908 INFO L272 TraceCheckUtils]: 67: Hoare triple {6590#false} call outgoing(~sender#1, ~email~0#1); {6590#false} is VALID [2022-02-20 18:03:14,908 INFO L290 TraceCheckUtils]: 68: Hoare triple {6590#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {6590#false} is VALID [2022-02-20 18:03:14,908 INFO L272 TraceCheckUtils]: 69: Hoare triple {6590#false} call #t~ret85#1 := getEmailTo(~msg#1); {6589#true} is VALID [2022-02-20 18:03:14,908 INFO L290 TraceCheckUtils]: 70: Hoare triple {6589#true} ~handle := #in~handle;havoc ~retValue_acc~28; {6589#true} is VALID [2022-02-20 18:03:14,911 INFO L290 TraceCheckUtils]: 71: Hoare triple {6589#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {6589#true} is VALID [2022-02-20 18:03:14,911 INFO L290 TraceCheckUtils]: 72: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,911 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {6589#true} {6590#false} #881#return; {6590#false} is VALID [2022-02-20 18:03:14,911 INFO L290 TraceCheckUtils]: 74: Hoare triple {6590#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {6590#false} is VALID [2022-02-20 18:03:14,911 INFO L290 TraceCheckUtils]: 75: Hoare triple {6590#false} assume 1 == findPublicKey_~handle#1; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 76: Hoare triple {6590#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 77: Hoare triple {6590#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 78: Hoare triple {6590#false} assume !(0 != ~pubkey~0#1); {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 79: Hoare triple {6590#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 80: Hoare triple {6590#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 81: Hoare triple {6590#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L272 TraceCheckUtils]: 82: Hoare triple {6590#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {6640#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 83: Hoare triple {6640#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 84: Hoare triple {6589#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 85: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,912 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {6589#true} {6590#false} #887#return; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 87: Hoare triple {6590#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L290 TraceCheckUtils]: 88: Hoare triple {6590#false} assume 0 != ~in_encrypted~0; {6590#false} is VALID [2022-02-20 18:03:14,912 INFO L272 TraceCheckUtils]: 89: Hoare triple {6590#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {6589#true} is VALID [2022-02-20 18:03:14,913 INFO L290 TraceCheckUtils]: 90: Hoare triple {6589#true} ~handle := #in~handle;havoc ~retValue_acc~31; {6589#true} is VALID [2022-02-20 18:03:14,913 INFO L290 TraceCheckUtils]: 91: Hoare triple {6589#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {6589#true} is VALID [2022-02-20 18:03:14,913 INFO L290 TraceCheckUtils]: 92: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:14,913 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {6589#true} {6590#false} #889#return; {6590#false} is VALID [2022-02-20 18:03:14,913 INFO L290 TraceCheckUtils]: 94: Hoare triple {6590#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {6590#false} is VALID [2022-02-20 18:03:14,913 INFO L290 TraceCheckUtils]: 95: Hoare triple {6590#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {6590#false} is VALID [2022-02-20 18:03:14,913 INFO L290 TraceCheckUtils]: 96: Hoare triple {6590#false} assume !false; {6590#false} is VALID [2022-02-20 18:03:14,913 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:03:14,913 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:14,914 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1144182078] [2022-02-20 18:03:14,914 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1144182078] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:14,914 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [125277418] [2022-02-20 18:03:14,914 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:14,914 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:14,915 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:14,916 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:14,917 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:03:15,137 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:15,142 INFO L263 TraceCheckSpWp]: Trace formula consists of 980 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:03:15,191 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:15,196 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:15,521 INFO L290 TraceCheckUtils]: 0: Hoare triple {6589#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {6589#true} is VALID [2022-02-20 18:03:15,522 INFO L290 TraceCheckUtils]: 1: Hoare triple {6589#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {6589#true} is VALID [2022-02-20 18:03:15,522 INFO L290 TraceCheckUtils]: 2: Hoare triple {6589#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6589#true} is VALID [2022-02-20 18:03:15,522 INFO L290 TraceCheckUtils]: 3: Hoare triple {6589#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {6589#true} is VALID [2022-02-20 18:03:15,522 INFO L290 TraceCheckUtils]: 4: Hoare triple {6589#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {6589#true} is VALID [2022-02-20 18:03:15,522 INFO L290 TraceCheckUtils]: 5: Hoare triple {6589#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6589#true} is VALID [2022-02-20 18:03:15,522 INFO L272 TraceCheckUtils]: 6: Hoare triple {6589#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L290 TraceCheckUtils]: 7: Hoare triple {6589#true} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L290 TraceCheckUtils]: 8: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L290 TraceCheckUtils]: 9: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6589#true} {6589#true} #927#return; {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L290 TraceCheckUtils]: 11: Hoare triple {6589#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L272 TraceCheckUtils]: 12: Hoare triple {6589#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L290 TraceCheckUtils]: 13: Hoare triple {6589#true} ~handle := #in~handle;~value := #in~value; {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L290 TraceCheckUtils]: 14: Hoare triple {6589#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L290 TraceCheckUtils]: 15: Hoare triple {6589#true} assume true; {6589#true} is VALID [2022-02-20 18:03:15,523 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6589#true} {6589#true} #929#return; {6589#true} is VALID [2022-02-20 18:03:15,524 INFO L290 TraceCheckUtils]: 17: Hoare triple {6589#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6696#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:03:15,524 INFO L272 TraceCheckUtils]: 18: Hoare triple {6696#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6589#true} is VALID [2022-02-20 18:03:15,525 INFO L290 TraceCheckUtils]: 19: Hoare triple {6589#true} ~handle := #in~handle;~value := #in~value; {6703#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:03:15,525 INFO L290 TraceCheckUtils]: 20: Hoare triple {6703#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6707#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:15,525 INFO L290 TraceCheckUtils]: 21: Hoare triple {6707#(<= |setClientId_#in~handle| 1)} assume true; {6707#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:15,526 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6707#(<= |setClientId_#in~handle| 1)} {6696#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #931#return; {6590#false} is VALID [2022-02-20 18:03:15,526 INFO L290 TraceCheckUtils]: 23: Hoare triple {6590#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6590#false} is VALID [2022-02-20 18:03:15,526 INFO L272 TraceCheckUtils]: 24: Hoare triple {6590#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6590#false} is VALID [2022-02-20 18:03:15,526 INFO L290 TraceCheckUtils]: 25: Hoare triple {6590#false} ~handle := #in~handle;~value := #in~value; {6590#false} is VALID [2022-02-20 18:03:15,526 INFO L290 TraceCheckUtils]: 26: Hoare triple {6590#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6590#false} is VALID [2022-02-20 18:03:15,526 INFO L290 TraceCheckUtils]: 27: Hoare triple {6590#false} assume true; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6590#false} {6590#false} #933#return; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L290 TraceCheckUtils]: 29: Hoare triple {6590#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L272 TraceCheckUtils]: 30: Hoare triple {6590#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L290 TraceCheckUtils]: 31: Hoare triple {6590#false} ~handle := #in~handle;~value := #in~value; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L290 TraceCheckUtils]: 32: Hoare triple {6590#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L290 TraceCheckUtils]: 33: Hoare triple {6590#false} assume true; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6590#false} {6590#false} #935#return; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L290 TraceCheckUtils]: 35: Hoare triple {6590#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L272 TraceCheckUtils]: 36: Hoare triple {6590#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L290 TraceCheckUtils]: 37: Hoare triple {6590#false} ~handle := #in~handle;~value := #in~value; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L290 TraceCheckUtils]: 38: Hoare triple {6590#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L290 TraceCheckUtils]: 39: Hoare triple {6590#false} assume true; {6590#false} is VALID [2022-02-20 18:03:15,527 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6590#false} {6590#false} #937#return; {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 41: Hoare triple {6590#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 42: Hoare triple {6590#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 43: Hoare triple {6590#false} assume !false; {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 44: Hoare triple {6590#false} assume test_~splverifierCounter~0#1 < 4; {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 45: Hoare triple {6590#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 46: Hoare triple {6590#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 47: Hoare triple {6590#false} assume !(0 != test_~tmp___9~0#1); {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 48: Hoare triple {6590#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {6590#false} is VALID [2022-02-20 18:03:15,528 INFO L290 TraceCheckUtils]: 49: Hoare triple {6590#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {6590#false} is VALID [2022-02-20 18:03:15,529 INFO L290 TraceCheckUtils]: 50: Hoare triple {6590#false} assume !false; {6590#false} is VALID [2022-02-20 18:03:15,529 INFO L290 TraceCheckUtils]: 51: Hoare triple {6590#false} assume !(test_~splverifierCounter~0#1 < 4); {6590#false} is VALID [2022-02-20 18:03:15,529 INFO L290 TraceCheckUtils]: 52: Hoare triple {6590#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {6590#false} is VALID [2022-02-20 18:03:15,529 INFO L272 TraceCheckUtils]: 53: Hoare triple {6590#false} call sendEmail(~bob~0, ~rjh~0); {6590#false} is VALID [2022-02-20 18:03:15,529 INFO L290 TraceCheckUtils]: 54: Hoare triple {6590#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6590#false} is VALID [2022-02-20 18:03:15,529 INFO L272 TraceCheckUtils]: 55: Hoare triple {6590#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6590#false} is VALID [2022-02-20 18:03:15,529 INFO L290 TraceCheckUtils]: 56: Hoare triple {6590#false} ~handle := #in~handle;~value := #in~value; {6590#false} is VALID [2022-02-20 18:03:15,529 INFO L290 TraceCheckUtils]: 57: Hoare triple {6590#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6590#false} is VALID [2022-02-20 18:03:15,530 INFO L290 TraceCheckUtils]: 58: Hoare triple {6590#false} assume true; {6590#false} is VALID [2022-02-20 18:03:15,530 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {6590#false} {6590#false} #921#return; {6590#false} is VALID [2022-02-20 18:03:15,530 INFO L272 TraceCheckUtils]: 60: Hoare triple {6590#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6590#false} is VALID [2022-02-20 18:03:15,530 INFO L290 TraceCheckUtils]: 61: Hoare triple {6590#false} ~handle := #in~handle;~value := #in~value; {6590#false} is VALID [2022-02-20 18:03:15,530 INFO L290 TraceCheckUtils]: 62: Hoare triple {6590#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6590#false} is VALID [2022-02-20 18:03:15,530 INFO L290 TraceCheckUtils]: 63: Hoare triple {6590#false} assume true; {6590#false} is VALID [2022-02-20 18:03:15,530 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {6590#false} {6590#false} #923#return; {6590#false} is VALID [2022-02-20 18:03:15,531 INFO L290 TraceCheckUtils]: 65: Hoare triple {6590#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {6590#false} is VALID [2022-02-20 18:03:15,531 INFO L290 TraceCheckUtils]: 66: Hoare triple {6590#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {6590#false} is VALID [2022-02-20 18:03:15,531 INFO L272 TraceCheckUtils]: 67: Hoare triple {6590#false} call outgoing(~sender#1, ~email~0#1); {6590#false} is VALID [2022-02-20 18:03:15,531 INFO L290 TraceCheckUtils]: 68: Hoare triple {6590#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {6590#false} is VALID [2022-02-20 18:03:15,531 INFO L272 TraceCheckUtils]: 69: Hoare triple {6590#false} call #t~ret85#1 := getEmailTo(~msg#1); {6590#false} is VALID [2022-02-20 18:03:15,531 INFO L290 TraceCheckUtils]: 70: Hoare triple {6590#false} ~handle := #in~handle;havoc ~retValue_acc~28; {6590#false} is VALID [2022-02-20 18:03:15,531 INFO L290 TraceCheckUtils]: 71: Hoare triple {6590#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {6590#false} is VALID [2022-02-20 18:03:15,532 INFO L290 TraceCheckUtils]: 72: Hoare triple {6590#false} assume true; {6590#false} is VALID [2022-02-20 18:03:15,532 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {6590#false} {6590#false} #881#return; {6590#false} is VALID [2022-02-20 18:03:15,532 INFO L290 TraceCheckUtils]: 74: Hoare triple {6590#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {6590#false} is VALID [2022-02-20 18:03:15,532 INFO L290 TraceCheckUtils]: 75: Hoare triple {6590#false} assume 1 == findPublicKey_~handle#1; {6590#false} is VALID [2022-02-20 18:03:15,532 INFO L290 TraceCheckUtils]: 76: Hoare triple {6590#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {6590#false} is VALID [2022-02-20 18:03:15,532 INFO L290 TraceCheckUtils]: 77: Hoare triple {6590#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {6590#false} is VALID [2022-02-20 18:03:15,532 INFO L290 TraceCheckUtils]: 78: Hoare triple {6590#false} assume !(0 != ~pubkey~0#1); {6590#false} is VALID [2022-02-20 18:03:15,533 INFO L290 TraceCheckUtils]: 79: Hoare triple {6590#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {6590#false} is VALID [2022-02-20 18:03:15,533 INFO L290 TraceCheckUtils]: 80: Hoare triple {6590#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {6590#false} is VALID [2022-02-20 18:03:15,533 INFO L290 TraceCheckUtils]: 81: Hoare triple {6590#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {6590#false} is VALID [2022-02-20 18:03:15,533 INFO L272 TraceCheckUtils]: 82: Hoare triple {6590#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {6590#false} is VALID [2022-02-20 18:03:15,533 INFO L290 TraceCheckUtils]: 83: Hoare triple {6590#false} ~handle := #in~handle;~value := #in~value; {6590#false} is VALID [2022-02-20 18:03:15,533 INFO L290 TraceCheckUtils]: 84: Hoare triple {6590#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6590#false} is VALID [2022-02-20 18:03:15,534 INFO L290 TraceCheckUtils]: 85: Hoare triple {6590#false} assume true; {6590#false} is VALID [2022-02-20 18:03:15,534 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {6590#false} {6590#false} #887#return; {6590#false} is VALID [2022-02-20 18:03:15,534 INFO L290 TraceCheckUtils]: 87: Hoare triple {6590#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {6590#false} is VALID [2022-02-20 18:03:15,534 INFO L290 TraceCheckUtils]: 88: Hoare triple {6590#false} assume 0 != ~in_encrypted~0; {6590#false} is VALID [2022-02-20 18:03:15,534 INFO L272 TraceCheckUtils]: 89: Hoare triple {6590#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {6590#false} is VALID [2022-02-20 18:03:15,534 INFO L290 TraceCheckUtils]: 90: Hoare triple {6590#false} ~handle := #in~handle;havoc ~retValue_acc~31; {6590#false} is VALID [2022-02-20 18:03:15,534 INFO L290 TraceCheckUtils]: 91: Hoare triple {6590#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {6590#false} is VALID [2022-02-20 18:03:15,535 INFO L290 TraceCheckUtils]: 92: Hoare triple {6590#false} assume true; {6590#false} is VALID [2022-02-20 18:03:15,535 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {6590#false} {6590#false} #889#return; {6590#false} is VALID [2022-02-20 18:03:15,535 INFO L290 TraceCheckUtils]: 94: Hoare triple {6590#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {6590#false} is VALID [2022-02-20 18:03:15,535 INFO L290 TraceCheckUtils]: 95: Hoare triple {6590#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {6590#false} is VALID [2022-02-20 18:03:15,535 INFO L290 TraceCheckUtils]: 96: Hoare triple {6590#false} assume !false; {6590#false} is VALID [2022-02-20 18:03:15,536 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:03:15,536 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:15,536 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [125277418] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:15,536 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:15,536 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:03:15,536 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2140931679] [2022-02-20 18:03:15,537 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:15,537 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.5) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) Word has length 97 [2022-02-20 18:03:15,538 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:15,538 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 16.5) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:15,613 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:15,613 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:03:15,614 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:15,614 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:03:15,614 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:15,615 INFO L87 Difference]: Start difference. First operand 343 states and 526 transitions. Second operand has 5 states, 4 states have (on average 16.5) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:16,546 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:16,547 INFO L93 Difference]: Finished difference Result 677 states and 1042 transitions. [2022-02-20 18:03:16,547 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:03:16,551 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.5) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) Word has length 97 [2022-02-20 18:03:16,551 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:16,552 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 16.5) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:16,561 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 870 transitions. [2022-02-20 18:03:16,562 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 16.5) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:16,570 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 870 transitions. [2022-02-20 18:03:16,571 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 870 transitions. [2022-02-20 18:03:17,142 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 870 edges. 870 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:17,153 INFO L225 Difference]: With dead ends: 677 [2022-02-20 18:03:17,153 INFO L226 Difference]: Without dead ends: 345 [2022-02-20 18:03:17,155 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 123 GetRequests, 112 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:03:17,155 INFO L933 BasicCegarLoop]: 431 mSDtfsCounter, 125 mSDsluCounter, 1149 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 145 SdHoareTripleChecker+Valid, 1580 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:17,156 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [145 Valid, 1580 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:17,157 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 345 states. [2022-02-20 18:03:17,213 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 345 to 345. [2022-02-20 18:03:17,213 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:17,214 INFO L82 GeneralOperation]: Start isEquivalent. First operand 345 states. Second operand has 345 states, 271 states have (on average 1.5350553505535056) internal successors, (416), 275 states have internal predecessors, (416), 56 states have call successors, (56), 16 states have call predecessors, (56), 17 states have return successors, (57), 55 states have call predecessors, (57), 55 states have call successors, (57) [2022-02-20 18:03:17,215 INFO L74 IsIncluded]: Start isIncluded. First operand 345 states. Second operand has 345 states, 271 states have (on average 1.5350553505535056) internal successors, (416), 275 states have internal predecessors, (416), 56 states have call successors, (56), 16 states have call predecessors, (56), 17 states have return successors, (57), 55 states have call predecessors, (57), 55 states have call successors, (57) [2022-02-20 18:03:17,216 INFO L87 Difference]: Start difference. First operand 345 states. Second operand has 345 states, 271 states have (on average 1.5350553505535056) internal successors, (416), 275 states have internal predecessors, (416), 56 states have call successors, (56), 16 states have call predecessors, (56), 17 states have return successors, (57), 55 states have call predecessors, (57), 55 states have call successors, (57) [2022-02-20 18:03:17,228 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:17,228 INFO L93 Difference]: Finished difference Result 345 states and 529 transitions. [2022-02-20 18:03:17,228 INFO L276 IsEmpty]: Start isEmpty. Operand 345 states and 529 transitions. [2022-02-20 18:03:17,229 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:17,230 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:17,231 INFO L74 IsIncluded]: Start isIncluded. First operand has 345 states, 271 states have (on average 1.5350553505535056) internal successors, (416), 275 states have internal predecessors, (416), 56 states have call successors, (56), 16 states have call predecessors, (56), 17 states have return successors, (57), 55 states have call predecessors, (57), 55 states have call successors, (57) Second operand 345 states. [2022-02-20 18:03:17,232 INFO L87 Difference]: Start difference. First operand has 345 states, 271 states have (on average 1.5350553505535056) internal successors, (416), 275 states have internal predecessors, (416), 56 states have call successors, (56), 16 states have call predecessors, (56), 17 states have return successors, (57), 55 states have call predecessors, (57), 55 states have call successors, (57) Second operand 345 states. [2022-02-20 18:03:17,243 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:17,243 INFO L93 Difference]: Finished difference Result 345 states and 529 transitions. [2022-02-20 18:03:17,243 INFO L276 IsEmpty]: Start isEmpty. Operand 345 states and 529 transitions. [2022-02-20 18:03:17,245 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:17,245 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:17,245 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:17,245 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:17,246 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 345 states, 271 states have (on average 1.5350553505535056) internal successors, (416), 275 states have internal predecessors, (416), 56 states have call successors, (56), 16 states have call predecessors, (56), 17 states have return successors, (57), 55 states have call predecessors, (57), 55 states have call successors, (57) [2022-02-20 18:03:17,259 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 345 states to 345 states and 529 transitions. [2022-02-20 18:03:17,259 INFO L78 Accepts]: Start accepts. Automaton has 345 states and 529 transitions. Word has length 97 [2022-02-20 18:03:17,259 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:17,260 INFO L470 AbstractCegarLoop]: Abstraction has 345 states and 529 transitions. [2022-02-20 18:03:17,260 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 16.5) internal successors, (66), 5 states have internal predecessors, (66), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:17,260 INFO L276 IsEmpty]: Start isEmpty. Operand 345 states and 529 transitions. [2022-02-20 18:03:17,262 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-02-20 18:03:17,262 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:17,262 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:17,290 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:17,476 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:17,477 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:17,477 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:17,477 INFO L85 PathProgramCache]: Analyzing trace with hash -398998019, now seen corresponding path program 1 times [2022-02-20 18:03:17,477 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:17,477 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1258134737] [2022-02-20 18:03:17,478 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:17,478 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:17,511 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:17,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,566 INFO L290 TraceCheckUtils]: 0: Hoare triple {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,566 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,567 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,567 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9088#true} #927#return; {9088#true} is VALID [2022-02-20 18:03:17,574 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:17,575 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,578 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,578 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,578 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9088#true} #929#return; {9088#true} is VALID [2022-02-20 18:03:17,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:17,581 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,596 INFO L290 TraceCheckUtils]: 0: Hoare triple {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9139#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:17,596 INFO L290 TraceCheckUtils]: 1: Hoare triple {9139#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {9139#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:17,597 INFO L290 TraceCheckUtils]: 2: Hoare triple {9139#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9140#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:17,597 INFO L290 TraceCheckUtils]: 3: Hoare triple {9140#(= 2 |setClientId_#in~handle|)} assume true; {9140#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:17,598 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9140#(= 2 |setClientId_#in~handle|)} {9098#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #931#return; {9104#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:03:17,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:17,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9141#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:17,621 INFO L290 TraceCheckUtils]: 1: Hoare triple {9141#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9142#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:17,622 INFO L290 TraceCheckUtils]: 2: Hoare triple {9142#(= |setClientPrivateKey_#in~handle| 1)} assume true; {9142#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:17,622 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9142#(= |setClientPrivateKey_#in~handle| 1)} {9104#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #933#return; {9089#false} is VALID [2022-02-20 18:03:17,622 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:03:17,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,628 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,628 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9089#false} #935#return; {9089#false} is VALID [2022-02-20 18:03:17,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:03:17,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,632 INFO L290 TraceCheckUtils]: 0: Hoare triple {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,632 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,632 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,632 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9089#false} #937#return; {9089#false} is VALID [2022-02-20 18:03:17,641 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 18:03:17,643 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,646 INFO L290 TraceCheckUtils]: 0: Hoare triple {9143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,646 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,646 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,647 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9089#false} #921#return; {9089#false} is VALID [2022-02-20 18:03:17,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:03:17,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,666 INFO L290 TraceCheckUtils]: 0: Hoare triple {9144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,666 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9089#false} #923#return; {9089#false} is VALID [2022-02-20 18:03:17,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:03:17,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,670 INFO L290 TraceCheckUtils]: 0: Hoare triple {9088#true} ~handle := #in~handle;havoc ~retValue_acc~28; {9088#true} is VALID [2022-02-20 18:03:17,670 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {9088#true} is VALID [2022-02-20 18:03:17,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,671 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9089#false} #881#return; {9089#false} is VALID [2022-02-20 18:03:17,671 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:03:17,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {9143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9089#false} #887#return; {9089#false} is VALID [2022-02-20 18:03:17,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:03:17,675 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,677 INFO L290 TraceCheckUtils]: 0: Hoare triple {9088#true} ~handle := #in~handle;havoc ~retValue_acc~31; {9088#true} is VALID [2022-02-20 18:03:17,677 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {9088#true} is VALID [2022-02-20 18:03:17,677 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,677 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9088#true} {9089#false} #889#return; {9089#false} is VALID [2022-02-20 18:03:17,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {9088#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {9088#true} is VALID [2022-02-20 18:03:17,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {9088#true} is VALID [2022-02-20 18:03:17,678 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9088#true} is VALID [2022-02-20 18:03:17,678 INFO L290 TraceCheckUtils]: 3: Hoare triple {9088#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {9088#true} is VALID [2022-02-20 18:03:17,678 INFO L290 TraceCheckUtils]: 4: Hoare triple {9088#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {9088#true} is VALID [2022-02-20 18:03:17,678 INFO L290 TraceCheckUtils]: 5: Hoare triple {9088#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9088#true} is VALID [2022-02-20 18:03:17,679 INFO L272 TraceCheckUtils]: 6: Hoare triple {9088#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,679 INFO L290 TraceCheckUtils]: 7: Hoare triple {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,680 INFO L290 TraceCheckUtils]: 8: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,680 INFO L290 TraceCheckUtils]: 9: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,680 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9088#true} {9088#true} #927#return; {9088#true} is VALID [2022-02-20 18:03:17,680 INFO L290 TraceCheckUtils]: 11: Hoare triple {9088#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9088#true} is VALID [2022-02-20 18:03:17,681 INFO L272 TraceCheckUtils]: 12: Hoare triple {9088#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:17,681 INFO L290 TraceCheckUtils]: 13: Hoare triple {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,681 INFO L290 TraceCheckUtils]: 14: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,681 INFO L290 TraceCheckUtils]: 15: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,681 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9088#true} {9088#true} #929#return; {9088#true} is VALID [2022-02-20 18:03:17,682 INFO L290 TraceCheckUtils]: 17: Hoare triple {9088#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9098#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:03:17,682 INFO L272 TraceCheckUtils]: 18: Hoare triple {9098#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,683 INFO L290 TraceCheckUtils]: 19: Hoare triple {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9139#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:17,683 INFO L290 TraceCheckUtils]: 20: Hoare triple {9139#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {9139#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:17,684 INFO L290 TraceCheckUtils]: 21: Hoare triple {9139#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9140#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:17,684 INFO L290 TraceCheckUtils]: 22: Hoare triple {9140#(= 2 |setClientId_#in~handle|)} assume true; {9140#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:17,685 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {9140#(= 2 |setClientId_#in~handle|)} {9098#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #931#return; {9104#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:03:17,685 INFO L290 TraceCheckUtils]: 24: Hoare triple {9104#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {9104#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:03:17,686 INFO L272 TraceCheckUtils]: 25: Hoare triple {9104#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:17,686 INFO L290 TraceCheckUtils]: 26: Hoare triple {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9141#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:17,686 INFO L290 TraceCheckUtils]: 27: Hoare triple {9141#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9142#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:17,687 INFO L290 TraceCheckUtils]: 28: Hoare triple {9142#(= |setClientPrivateKey_#in~handle| 1)} assume true; {9142#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:17,687 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {9142#(= |setClientPrivateKey_#in~handle| 1)} {9104#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #933#return; {9089#false} is VALID [2022-02-20 18:03:17,688 INFO L290 TraceCheckUtils]: 30: Hoare triple {9089#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9089#false} is VALID [2022-02-20 18:03:17,688 INFO L272 TraceCheckUtils]: 31: Hoare triple {9089#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:17,688 INFO L290 TraceCheckUtils]: 32: Hoare triple {9137#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,688 INFO L290 TraceCheckUtils]: 33: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,688 INFO L290 TraceCheckUtils]: 34: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,688 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {9088#true} {9089#false} #935#return; {9089#false} is VALID [2022-02-20 18:03:17,688 INFO L290 TraceCheckUtils]: 36: Hoare triple {9089#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9089#false} is VALID [2022-02-20 18:03:17,689 INFO L272 TraceCheckUtils]: 37: Hoare triple {9089#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:17,689 INFO L290 TraceCheckUtils]: 38: Hoare triple {9138#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,689 INFO L290 TraceCheckUtils]: 39: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,689 INFO L290 TraceCheckUtils]: 40: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,689 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {9088#true} {9089#false} #937#return; {9089#false} is VALID [2022-02-20 18:03:17,689 INFO L290 TraceCheckUtils]: 42: Hoare triple {9089#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {9089#false} is VALID [2022-02-20 18:03:17,689 INFO L290 TraceCheckUtils]: 43: Hoare triple {9089#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9089#false} is VALID [2022-02-20 18:03:17,690 INFO L290 TraceCheckUtils]: 44: Hoare triple {9089#false} assume !false; {9089#false} is VALID [2022-02-20 18:03:17,690 INFO L290 TraceCheckUtils]: 45: Hoare triple {9089#false} assume test_~splverifierCounter~0#1 < 4; {9089#false} is VALID [2022-02-20 18:03:17,690 INFO L290 TraceCheckUtils]: 46: Hoare triple {9089#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9089#false} is VALID [2022-02-20 18:03:17,690 INFO L290 TraceCheckUtils]: 47: Hoare triple {9089#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {9089#false} is VALID [2022-02-20 18:03:17,690 INFO L290 TraceCheckUtils]: 48: Hoare triple {9089#false} assume !(0 != test_~tmp___9~0#1); {9089#false} is VALID [2022-02-20 18:03:17,690 INFO L290 TraceCheckUtils]: 49: Hoare triple {9089#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {9089#false} is VALID [2022-02-20 18:03:17,690 INFO L290 TraceCheckUtils]: 50: Hoare triple {9089#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9089#false} is VALID [2022-02-20 18:03:17,691 INFO L290 TraceCheckUtils]: 51: Hoare triple {9089#false} assume !false; {9089#false} is VALID [2022-02-20 18:03:17,691 INFO L290 TraceCheckUtils]: 52: Hoare triple {9089#false} assume !(test_~splverifierCounter~0#1 < 4); {9089#false} is VALID [2022-02-20 18:03:17,691 INFO L290 TraceCheckUtils]: 53: Hoare triple {9089#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {9089#false} is VALID [2022-02-20 18:03:17,691 INFO L272 TraceCheckUtils]: 54: Hoare triple {9089#false} call sendEmail(~bob~0, ~rjh~0); {9089#false} is VALID [2022-02-20 18:03:17,691 INFO L290 TraceCheckUtils]: 55: Hoare triple {9089#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9089#false} is VALID [2022-02-20 18:03:17,691 INFO L272 TraceCheckUtils]: 56: Hoare triple {9089#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:17,691 INFO L290 TraceCheckUtils]: 57: Hoare triple {9143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,692 INFO L290 TraceCheckUtils]: 58: Hoare triple {9088#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,692 INFO L290 TraceCheckUtils]: 59: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,692 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {9088#true} {9089#false} #921#return; {9089#false} is VALID [2022-02-20 18:03:17,692 INFO L272 TraceCheckUtils]: 61: Hoare triple {9089#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:17,692 INFO L290 TraceCheckUtils]: 62: Hoare triple {9144#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,692 INFO L290 TraceCheckUtils]: 63: Hoare triple {9088#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,692 INFO L290 TraceCheckUtils]: 64: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,693 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {9088#true} {9089#false} #923#return; {9089#false} is VALID [2022-02-20 18:03:17,693 INFO L290 TraceCheckUtils]: 66: Hoare triple {9089#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {9089#false} is VALID [2022-02-20 18:03:17,693 INFO L290 TraceCheckUtils]: 67: Hoare triple {9089#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {9089#false} is VALID [2022-02-20 18:03:17,693 INFO L272 TraceCheckUtils]: 68: Hoare triple {9089#false} call outgoing(~sender#1, ~email~0#1); {9089#false} is VALID [2022-02-20 18:03:17,693 INFO L290 TraceCheckUtils]: 69: Hoare triple {9089#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {9089#false} is VALID [2022-02-20 18:03:17,693 INFO L272 TraceCheckUtils]: 70: Hoare triple {9089#false} call #t~ret85#1 := getEmailTo(~msg#1); {9088#true} is VALID [2022-02-20 18:03:17,693 INFO L290 TraceCheckUtils]: 71: Hoare triple {9088#true} ~handle := #in~handle;havoc ~retValue_acc~28; {9088#true} is VALID [2022-02-20 18:03:17,694 INFO L290 TraceCheckUtils]: 72: Hoare triple {9088#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {9088#true} is VALID [2022-02-20 18:03:17,694 INFO L290 TraceCheckUtils]: 73: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,694 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {9088#true} {9089#false} #881#return; {9089#false} is VALID [2022-02-20 18:03:17,694 INFO L290 TraceCheckUtils]: 75: Hoare triple {9089#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {9089#false} is VALID [2022-02-20 18:03:17,694 INFO L290 TraceCheckUtils]: 76: Hoare triple {9089#false} assume 1 == findPublicKey_~handle#1; {9089#false} is VALID [2022-02-20 18:03:17,694 INFO L290 TraceCheckUtils]: 77: Hoare triple {9089#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {9089#false} is VALID [2022-02-20 18:03:17,694 INFO L290 TraceCheckUtils]: 78: Hoare triple {9089#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {9089#false} is VALID [2022-02-20 18:03:17,695 INFO L290 TraceCheckUtils]: 79: Hoare triple {9089#false} assume !(0 != ~pubkey~0#1); {9089#false} is VALID [2022-02-20 18:03:17,695 INFO L290 TraceCheckUtils]: 80: Hoare triple {9089#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {9089#false} is VALID [2022-02-20 18:03:17,695 INFO L290 TraceCheckUtils]: 81: Hoare triple {9089#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {9089#false} is VALID [2022-02-20 18:03:17,695 INFO L290 TraceCheckUtils]: 82: Hoare triple {9089#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {9089#false} is VALID [2022-02-20 18:03:17,695 INFO L272 TraceCheckUtils]: 83: Hoare triple {9089#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {9143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:17,695 INFO L290 TraceCheckUtils]: 84: Hoare triple {9143#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:17,695 INFO L290 TraceCheckUtils]: 85: Hoare triple {9088#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:17,695 INFO L290 TraceCheckUtils]: 86: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,696 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {9088#true} {9089#false} #887#return; {9089#false} is VALID [2022-02-20 18:03:17,696 INFO L290 TraceCheckUtils]: 88: Hoare triple {9089#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {9089#false} is VALID [2022-02-20 18:03:17,696 INFO L290 TraceCheckUtils]: 89: Hoare triple {9089#false} assume 0 != ~in_encrypted~0; {9089#false} is VALID [2022-02-20 18:03:17,696 INFO L272 TraceCheckUtils]: 90: Hoare triple {9089#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {9088#true} is VALID [2022-02-20 18:03:17,696 INFO L290 TraceCheckUtils]: 91: Hoare triple {9088#true} ~handle := #in~handle;havoc ~retValue_acc~31; {9088#true} is VALID [2022-02-20 18:03:17,696 INFO L290 TraceCheckUtils]: 92: Hoare triple {9088#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {9088#true} is VALID [2022-02-20 18:03:17,696 INFO L290 TraceCheckUtils]: 93: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:17,697 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {9088#true} {9089#false} #889#return; {9089#false} is VALID [2022-02-20 18:03:17,697 INFO L290 TraceCheckUtils]: 95: Hoare triple {9089#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {9089#false} is VALID [2022-02-20 18:03:17,697 INFO L290 TraceCheckUtils]: 96: Hoare triple {9089#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {9089#false} is VALID [2022-02-20 18:03:17,697 INFO L290 TraceCheckUtils]: 97: Hoare triple {9089#false} assume !false; {9089#false} is VALID [2022-02-20 18:03:17,697 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:03:17,698 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:17,698 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1258134737] [2022-02-20 18:03:17,698 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1258134737] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:17,698 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1436045301] [2022-02-20 18:03:17,698 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:17,698 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:17,699 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:17,700 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:17,701 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:03:17,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,936 INFO L263 TraceCheckSpWp]: Trace formula consists of 981 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:03:17,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:17,992 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 0: Hoare triple {9088#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 1: Hoare triple {9088#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 2: Hoare triple {9088#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 3: Hoare triple {9088#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 4: Hoare triple {9088#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 5: Hoare triple {9088#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L272 TraceCheckUtils]: 6: Hoare triple {9088#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 7: Hoare triple {9088#true} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 8: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:18,247 INFO L290 TraceCheckUtils]: 9: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:18,248 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9088#true} {9088#true} #927#return; {9088#true} is VALID [2022-02-20 18:03:18,248 INFO L290 TraceCheckUtils]: 11: Hoare triple {9088#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9088#true} is VALID [2022-02-20 18:03:18,248 INFO L272 TraceCheckUtils]: 12: Hoare triple {9088#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9088#true} is VALID [2022-02-20 18:03:18,248 INFO L290 TraceCheckUtils]: 13: Hoare triple {9088#true} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:18,248 INFO L290 TraceCheckUtils]: 14: Hoare triple {9088#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:18,248 INFO L290 TraceCheckUtils]: 15: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:18,248 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9088#true} {9088#true} #929#return; {9088#true} is VALID [2022-02-20 18:03:18,253 INFO L290 TraceCheckUtils]: 17: Hoare triple {9088#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9199#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:03:18,253 INFO L272 TraceCheckUtils]: 18: Hoare triple {9199#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9088#true} is VALID [2022-02-20 18:03:18,253 INFO L290 TraceCheckUtils]: 19: Hoare triple {9088#true} ~handle := #in~handle;~value := #in~value; {9088#true} is VALID [2022-02-20 18:03:18,254 INFO L290 TraceCheckUtils]: 20: Hoare triple {9088#true} assume !(1 == ~handle); {9088#true} is VALID [2022-02-20 18:03:18,254 INFO L290 TraceCheckUtils]: 21: Hoare triple {9088#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {9088#true} is VALID [2022-02-20 18:03:18,254 INFO L290 TraceCheckUtils]: 22: Hoare triple {9088#true} assume true; {9088#true} is VALID [2022-02-20 18:03:18,255 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {9088#true} {9199#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #931#return; {9199#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:03:18,256 INFO L290 TraceCheckUtils]: 24: Hoare triple {9199#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {9199#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:03:18,256 INFO L272 TraceCheckUtils]: 25: Hoare triple {9199#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9088#true} is VALID [2022-02-20 18:03:18,256 INFO L290 TraceCheckUtils]: 26: Hoare triple {9088#true} ~handle := #in~handle;~value := #in~value; {9227#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:03:18,257 INFO L290 TraceCheckUtils]: 27: Hoare triple {9227#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9231#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:18,257 INFO L290 TraceCheckUtils]: 28: Hoare triple {9231#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {9231#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:18,258 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {9231#(<= |setClientPrivateKey_#in~handle| 1)} {9199#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #933#return; {9089#false} is VALID [2022-02-20 18:03:18,258 INFO L290 TraceCheckUtils]: 30: Hoare triple {9089#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9089#false} is VALID [2022-02-20 18:03:18,258 INFO L272 TraceCheckUtils]: 31: Hoare triple {9089#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9089#false} is VALID [2022-02-20 18:03:18,258 INFO L290 TraceCheckUtils]: 32: Hoare triple {9089#false} ~handle := #in~handle;~value := #in~value; {9089#false} is VALID [2022-02-20 18:03:18,259 INFO L290 TraceCheckUtils]: 33: Hoare triple {9089#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9089#false} is VALID [2022-02-20 18:03:18,259 INFO L290 TraceCheckUtils]: 34: Hoare triple {9089#false} assume true; {9089#false} is VALID [2022-02-20 18:03:18,259 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {9089#false} {9089#false} #935#return; {9089#false} is VALID [2022-02-20 18:03:18,259 INFO L290 TraceCheckUtils]: 36: Hoare triple {9089#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9089#false} is VALID [2022-02-20 18:03:18,259 INFO L272 TraceCheckUtils]: 37: Hoare triple {9089#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9089#false} is VALID [2022-02-20 18:03:18,259 INFO L290 TraceCheckUtils]: 38: Hoare triple {9089#false} ~handle := #in~handle;~value := #in~value; {9089#false} is VALID [2022-02-20 18:03:18,259 INFO L290 TraceCheckUtils]: 39: Hoare triple {9089#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9089#false} is VALID [2022-02-20 18:03:18,260 INFO L290 TraceCheckUtils]: 40: Hoare triple {9089#false} assume true; {9089#false} is VALID [2022-02-20 18:03:18,260 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {9089#false} {9089#false} #937#return; {9089#false} is VALID [2022-02-20 18:03:18,260 INFO L290 TraceCheckUtils]: 42: Hoare triple {9089#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {9089#false} is VALID [2022-02-20 18:03:18,260 INFO L290 TraceCheckUtils]: 43: Hoare triple {9089#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9089#false} is VALID [2022-02-20 18:03:18,260 INFO L290 TraceCheckUtils]: 44: Hoare triple {9089#false} assume !false; {9089#false} is VALID [2022-02-20 18:03:18,260 INFO L290 TraceCheckUtils]: 45: Hoare triple {9089#false} assume test_~splverifierCounter~0#1 < 4; {9089#false} is VALID [2022-02-20 18:03:18,260 INFO L290 TraceCheckUtils]: 46: Hoare triple {9089#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9089#false} is VALID [2022-02-20 18:03:18,261 INFO L290 TraceCheckUtils]: 47: Hoare triple {9089#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {9089#false} is VALID [2022-02-20 18:03:18,261 INFO L290 TraceCheckUtils]: 48: Hoare triple {9089#false} assume !(0 != test_~tmp___9~0#1); {9089#false} is VALID [2022-02-20 18:03:18,261 INFO L290 TraceCheckUtils]: 49: Hoare triple {9089#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {9089#false} is VALID [2022-02-20 18:03:18,261 INFO L290 TraceCheckUtils]: 50: Hoare triple {9089#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9089#false} is VALID [2022-02-20 18:03:18,261 INFO L290 TraceCheckUtils]: 51: Hoare triple {9089#false} assume !false; {9089#false} is VALID [2022-02-20 18:03:18,261 INFO L290 TraceCheckUtils]: 52: Hoare triple {9089#false} assume !(test_~splverifierCounter~0#1 < 4); {9089#false} is VALID [2022-02-20 18:03:18,261 INFO L290 TraceCheckUtils]: 53: Hoare triple {9089#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {9089#false} is VALID [2022-02-20 18:03:18,262 INFO L272 TraceCheckUtils]: 54: Hoare triple {9089#false} call sendEmail(~bob~0, ~rjh~0); {9089#false} is VALID [2022-02-20 18:03:18,262 INFO L290 TraceCheckUtils]: 55: Hoare triple {9089#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9089#false} is VALID [2022-02-20 18:03:18,262 INFO L272 TraceCheckUtils]: 56: Hoare triple {9089#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9089#false} is VALID [2022-02-20 18:03:18,262 INFO L290 TraceCheckUtils]: 57: Hoare triple {9089#false} ~handle := #in~handle;~value := #in~value; {9089#false} is VALID [2022-02-20 18:03:18,262 INFO L290 TraceCheckUtils]: 58: Hoare triple {9089#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9089#false} is VALID [2022-02-20 18:03:18,262 INFO L290 TraceCheckUtils]: 59: Hoare triple {9089#false} assume true; {9089#false} is VALID [2022-02-20 18:03:18,262 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {9089#false} {9089#false} #921#return; {9089#false} is VALID [2022-02-20 18:03:18,263 INFO L272 TraceCheckUtils]: 61: Hoare triple {9089#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9089#false} is VALID [2022-02-20 18:03:18,263 INFO L290 TraceCheckUtils]: 62: Hoare triple {9089#false} ~handle := #in~handle;~value := #in~value; {9089#false} is VALID [2022-02-20 18:03:18,263 INFO L290 TraceCheckUtils]: 63: Hoare triple {9089#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9089#false} is VALID [2022-02-20 18:03:18,263 INFO L290 TraceCheckUtils]: 64: Hoare triple {9089#false} assume true; {9089#false} is VALID [2022-02-20 18:03:18,263 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {9089#false} {9089#false} #923#return; {9089#false} is VALID [2022-02-20 18:03:18,263 INFO L290 TraceCheckUtils]: 66: Hoare triple {9089#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {9089#false} is VALID [2022-02-20 18:03:18,263 INFO L290 TraceCheckUtils]: 67: Hoare triple {9089#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {9089#false} is VALID [2022-02-20 18:03:18,264 INFO L272 TraceCheckUtils]: 68: Hoare triple {9089#false} call outgoing(~sender#1, ~email~0#1); {9089#false} is VALID [2022-02-20 18:03:18,264 INFO L290 TraceCheckUtils]: 69: Hoare triple {9089#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {9089#false} is VALID [2022-02-20 18:03:18,264 INFO L272 TraceCheckUtils]: 70: Hoare triple {9089#false} call #t~ret85#1 := getEmailTo(~msg#1); {9089#false} is VALID [2022-02-20 18:03:18,264 INFO L290 TraceCheckUtils]: 71: Hoare triple {9089#false} ~handle := #in~handle;havoc ~retValue_acc~28; {9089#false} is VALID [2022-02-20 18:03:18,264 INFO L290 TraceCheckUtils]: 72: Hoare triple {9089#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {9089#false} is VALID [2022-02-20 18:03:18,264 INFO L290 TraceCheckUtils]: 73: Hoare triple {9089#false} assume true; {9089#false} is VALID [2022-02-20 18:03:18,264 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {9089#false} {9089#false} #881#return; {9089#false} is VALID [2022-02-20 18:03:18,265 INFO L290 TraceCheckUtils]: 75: Hoare triple {9089#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {9089#false} is VALID [2022-02-20 18:03:18,265 INFO L290 TraceCheckUtils]: 76: Hoare triple {9089#false} assume 1 == findPublicKey_~handle#1; {9089#false} is VALID [2022-02-20 18:03:18,265 INFO L290 TraceCheckUtils]: 77: Hoare triple {9089#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {9089#false} is VALID [2022-02-20 18:03:18,265 INFO L290 TraceCheckUtils]: 78: Hoare triple {9089#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {9089#false} is VALID [2022-02-20 18:03:18,265 INFO L290 TraceCheckUtils]: 79: Hoare triple {9089#false} assume !(0 != ~pubkey~0#1); {9089#false} is VALID [2022-02-20 18:03:18,265 INFO L290 TraceCheckUtils]: 80: Hoare triple {9089#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {9089#false} is VALID [2022-02-20 18:03:18,265 INFO L290 TraceCheckUtils]: 81: Hoare triple {9089#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {9089#false} is VALID [2022-02-20 18:03:18,266 INFO L290 TraceCheckUtils]: 82: Hoare triple {9089#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {9089#false} is VALID [2022-02-20 18:03:18,266 INFO L272 TraceCheckUtils]: 83: Hoare triple {9089#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {9089#false} is VALID [2022-02-20 18:03:18,266 INFO L290 TraceCheckUtils]: 84: Hoare triple {9089#false} ~handle := #in~handle;~value := #in~value; {9089#false} is VALID [2022-02-20 18:03:18,266 INFO L290 TraceCheckUtils]: 85: Hoare triple {9089#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9089#false} is VALID [2022-02-20 18:03:18,266 INFO L290 TraceCheckUtils]: 86: Hoare triple {9089#false} assume true; {9089#false} is VALID [2022-02-20 18:03:18,266 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {9089#false} {9089#false} #887#return; {9089#false} is VALID [2022-02-20 18:03:18,266 INFO L290 TraceCheckUtils]: 88: Hoare triple {9089#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {9089#false} is VALID [2022-02-20 18:03:18,267 INFO L290 TraceCheckUtils]: 89: Hoare triple {9089#false} assume 0 != ~in_encrypted~0; {9089#false} is VALID [2022-02-20 18:03:18,267 INFO L272 TraceCheckUtils]: 90: Hoare triple {9089#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {9089#false} is VALID [2022-02-20 18:03:18,267 INFO L290 TraceCheckUtils]: 91: Hoare triple {9089#false} ~handle := #in~handle;havoc ~retValue_acc~31; {9089#false} is VALID [2022-02-20 18:03:18,267 INFO L290 TraceCheckUtils]: 92: Hoare triple {9089#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {9089#false} is VALID [2022-02-20 18:03:18,267 INFO L290 TraceCheckUtils]: 93: Hoare triple {9089#false} assume true; {9089#false} is VALID [2022-02-20 18:03:18,267 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {9089#false} {9089#false} #889#return; {9089#false} is VALID [2022-02-20 18:03:18,267 INFO L290 TraceCheckUtils]: 95: Hoare triple {9089#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {9089#false} is VALID [2022-02-20 18:03:18,268 INFO L290 TraceCheckUtils]: 96: Hoare triple {9089#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {9089#false} is VALID [2022-02-20 18:03:18,268 INFO L290 TraceCheckUtils]: 97: Hoare triple {9089#false} assume !false; {9089#false} is VALID [2022-02-20 18:03:18,268 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:03:18,268 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:18,268 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1436045301] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:18,269 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:18,269 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:03:18,269 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1289854948] [2022-02-20 18:03:18,269 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:18,270 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.6) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) Word has length 98 [2022-02-20 18:03:18,270 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:18,270 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 13.6) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:18,350 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 92 edges. 92 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:18,351 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:03:18,351 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:18,351 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:03:18,352 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:03:18,352 INFO L87 Difference]: Start difference. First operand 345 states and 529 transitions. Second operand has 5 states, 5 states have (on average 13.6) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:19,309 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:19,310 INFO L93 Difference]: Finished difference Result 679 states and 1047 transitions. [2022-02-20 18:03:19,310 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:03:19,310 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.6) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) Word has length 98 [2022-02-20 18:03:19,311 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:19,311 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.6) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:19,319 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 869 transitions. [2022-02-20 18:03:19,320 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.6) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:19,328 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 869 transitions. [2022-02-20 18:03:19,328 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 869 transitions. [2022-02-20 18:03:19,897 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 869 edges. 869 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:19,908 INFO L225 Difference]: With dead ends: 679 [2022-02-20 18:03:19,908 INFO L226 Difference]: Without dead ends: 347 [2022-02-20 18:03:19,909 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 126 GetRequests, 112 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:03:19,910 INFO L933 BasicCegarLoop]: 429 mSDtfsCounter, 124 mSDsluCounter, 1140 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1569 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:19,910 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1569 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:19,911 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 347 states. [2022-02-20 18:03:20,010 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 347 to 347. [2022-02-20 18:03:20,010 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:20,011 INFO L82 GeneralOperation]: Start isEquivalent. First operand 347 states. Second operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) [2022-02-20 18:03:20,012 INFO L74 IsIncluded]: Start isIncluded. First operand 347 states. Second operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) [2022-02-20 18:03:20,013 INFO L87 Difference]: Start difference. First operand 347 states. Second operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) [2022-02-20 18:03:20,024 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:20,025 INFO L93 Difference]: Finished difference Result 347 states and 535 transitions. [2022-02-20 18:03:20,035 INFO L276 IsEmpty]: Start isEmpty. Operand 347 states and 535 transitions. [2022-02-20 18:03:20,036 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:20,036 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:20,038 INFO L74 IsIncluded]: Start isIncluded. First operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) Second operand 347 states. [2022-02-20 18:03:20,038 INFO L87 Difference]: Start difference. First operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) Second operand 347 states. [2022-02-20 18:03:20,051 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:20,051 INFO L93 Difference]: Finished difference Result 347 states and 535 transitions. [2022-02-20 18:03:20,051 INFO L276 IsEmpty]: Start isEmpty. Operand 347 states and 535 transitions. [2022-02-20 18:03:20,052 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:20,053 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:20,053 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:20,053 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:20,055 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) [2022-02-20 18:03:20,066 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 347 states to 347 states and 535 transitions. [2022-02-20 18:03:20,067 INFO L78 Accepts]: Start accepts. Automaton has 347 states and 535 transitions. Word has length 98 [2022-02-20 18:03:20,067 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:20,068 INFO L470 AbstractCegarLoop]: Abstraction has 347 states and 535 transitions. [2022-02-20 18:03:20,069 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 13.6) internal successors, (68), 5 states have internal predecessors, (68), 3 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:20,069 INFO L276 IsEmpty]: Start isEmpty. Operand 347 states and 535 transitions. [2022-02-20 18:03:20,070 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2022-02-20 18:03:20,070 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:20,070 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:20,098 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:20,295 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:20,296 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:20,296 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:20,296 INFO L85 PathProgramCache]: Analyzing trace with hash 262721501, now seen corresponding path program 1 times [2022-02-20 18:03:20,296 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:20,297 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1339145873] [2022-02-20 18:03:20,297 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:20,297 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:20,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,361 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:20,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,365 INFO L290 TraceCheckUtils]: 0: Hoare triple {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,365 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,365 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,365 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11600#true} {11600#true} #927#return; {11600#true} is VALID [2022-02-20 18:03:20,371 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:20,372 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,375 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,375 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,375 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11600#true} {11600#true} #929#return; {11600#true} is VALID [2022-02-20 18:03:20,375 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:20,376 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,378 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume !(1 == ~handle); {11600#true} is VALID [2022-02-20 18:03:20,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,379 INFO L290 TraceCheckUtils]: 3: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,379 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11600#true} {11600#true} #931#return; {11600#true} is VALID [2022-02-20 18:03:20,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:20,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,382 INFO L290 TraceCheckUtils]: 0: Hoare triple {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,382 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume !(1 == ~handle); {11600#true} is VALID [2022-02-20 18:03:20,382 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,382 INFO L290 TraceCheckUtils]: 3: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,383 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11600#true} {11600#true} #933#return; {11600#true} is VALID [2022-02-20 18:03:20,383 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:20,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11651#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:20,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {11651#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11652#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:20,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {11652#(= |setClientId_#in~handle| 1)} assume true; {11652#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:20,400 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11652#(= |setClientId_#in~handle| 1)} {11620#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #935#return; {11601#false} is VALID [2022-02-20 18:03:20,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:20,402 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,404 INFO L290 TraceCheckUtils]: 0: Hoare triple {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,405 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,405 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,405 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11600#true} {11601#false} #937#return; {11601#false} is VALID [2022-02-20 18:03:20,412 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:03:20,413 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {11653#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,417 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11600#true} {11601#false} #921#return; {11601#false} is VALID [2022-02-20 18:03:20,424 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:03:20,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,428 INFO L290 TraceCheckUtils]: 0: Hoare triple {11654#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,428 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,428 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,428 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11600#true} {11601#false} #923#return; {11601#false} is VALID [2022-02-20 18:03:20,428 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:03:20,430 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,433 INFO L290 TraceCheckUtils]: 0: Hoare triple {11600#true} ~handle := #in~handle;havoc ~retValue_acc~28; {11600#true} is VALID [2022-02-20 18:03:20,433 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {11600#true} is VALID [2022-02-20 18:03:20,433 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,433 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11600#true} {11601#false} #881#return; {11601#false} is VALID [2022-02-20 18:03:20,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:03:20,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {11653#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,437 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11600#true} {11601#false} #887#return; {11601#false} is VALID [2022-02-20 18:03:20,438 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:03:20,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:20,440 INFO L290 TraceCheckUtils]: 0: Hoare triple {11600#true} ~handle := #in~handle;havoc ~retValue_acc~31; {11600#true} is VALID [2022-02-20 18:03:20,441 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {11600#true} is VALID [2022-02-20 18:03:20,441 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,441 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11600#true} {11601#false} #889#return; {11601#false} is VALID [2022-02-20 18:03:20,441 INFO L290 TraceCheckUtils]: 0: Hoare triple {11600#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {11600#true} is VALID [2022-02-20 18:03:20,441 INFO L290 TraceCheckUtils]: 1: Hoare triple {11600#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {11600#true} is VALID [2022-02-20 18:03:20,441 INFO L290 TraceCheckUtils]: 2: Hoare triple {11600#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11600#true} is VALID [2022-02-20 18:03:20,441 INFO L290 TraceCheckUtils]: 3: Hoare triple {11600#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {11600#true} is VALID [2022-02-20 18:03:20,442 INFO L290 TraceCheckUtils]: 4: Hoare triple {11600#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {11600#true} is VALID [2022-02-20 18:03:20,442 INFO L290 TraceCheckUtils]: 5: Hoare triple {11600#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11600#true} is VALID [2022-02-20 18:03:20,442 INFO L272 TraceCheckUtils]: 6: Hoare triple {11600#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:20,443 INFO L290 TraceCheckUtils]: 7: Hoare triple {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,443 INFO L290 TraceCheckUtils]: 8: Hoare triple {11600#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,443 INFO L290 TraceCheckUtils]: 9: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,443 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11600#true} {11600#true} #927#return; {11600#true} is VALID [2022-02-20 18:03:20,443 INFO L290 TraceCheckUtils]: 11: Hoare triple {11600#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11600#true} is VALID [2022-02-20 18:03:20,444 INFO L272 TraceCheckUtils]: 12: Hoare triple {11600#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:20,444 INFO L290 TraceCheckUtils]: 13: Hoare triple {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,444 INFO L290 TraceCheckUtils]: 14: Hoare triple {11600#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,444 INFO L290 TraceCheckUtils]: 15: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,444 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11600#true} {11600#true} #929#return; {11600#true} is VALID [2022-02-20 18:03:20,444 INFO L290 TraceCheckUtils]: 17: Hoare triple {11600#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11600#true} is VALID [2022-02-20 18:03:20,445 INFO L272 TraceCheckUtils]: 18: Hoare triple {11600#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:20,445 INFO L290 TraceCheckUtils]: 19: Hoare triple {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,445 INFO L290 TraceCheckUtils]: 20: Hoare triple {11600#true} assume !(1 == ~handle); {11600#true} is VALID [2022-02-20 18:03:20,446 INFO L290 TraceCheckUtils]: 21: Hoare triple {11600#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,446 INFO L290 TraceCheckUtils]: 22: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,446 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11600#true} {11600#true} #931#return; {11600#true} is VALID [2022-02-20 18:03:20,446 INFO L290 TraceCheckUtils]: 24: Hoare triple {11600#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {11600#true} is VALID [2022-02-20 18:03:20,447 INFO L272 TraceCheckUtils]: 25: Hoare triple {11600#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:20,447 INFO L290 TraceCheckUtils]: 26: Hoare triple {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,447 INFO L290 TraceCheckUtils]: 27: Hoare triple {11600#true} assume !(1 == ~handle); {11600#true} is VALID [2022-02-20 18:03:20,447 INFO L290 TraceCheckUtils]: 28: Hoare triple {11600#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,447 INFO L290 TraceCheckUtils]: 29: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,447 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {11600#true} {11600#true} #933#return; {11600#true} is VALID [2022-02-20 18:03:20,448 INFO L290 TraceCheckUtils]: 31: Hoare triple {11600#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11620#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:20,449 INFO L272 TraceCheckUtils]: 32: Hoare triple {11620#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:20,449 INFO L290 TraceCheckUtils]: 33: Hoare triple {11649#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11651#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:20,449 INFO L290 TraceCheckUtils]: 34: Hoare triple {11651#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11652#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:20,450 INFO L290 TraceCheckUtils]: 35: Hoare triple {11652#(= |setClientId_#in~handle| 1)} assume true; {11652#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:20,450 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {11652#(= |setClientId_#in~handle| 1)} {11620#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #935#return; {11601#false} is VALID [2022-02-20 18:03:20,450 INFO L290 TraceCheckUtils]: 37: Hoare triple {11601#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11601#false} is VALID [2022-02-20 18:03:20,450 INFO L272 TraceCheckUtils]: 38: Hoare triple {11601#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:20,451 INFO L290 TraceCheckUtils]: 39: Hoare triple {11650#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,451 INFO L290 TraceCheckUtils]: 40: Hoare triple {11600#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,451 INFO L290 TraceCheckUtils]: 41: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,451 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {11600#true} {11601#false} #937#return; {11601#false} is VALID [2022-02-20 18:03:20,451 INFO L290 TraceCheckUtils]: 43: Hoare triple {11601#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {11601#false} is VALID [2022-02-20 18:03:20,451 INFO L290 TraceCheckUtils]: 44: Hoare triple {11601#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11601#false} is VALID [2022-02-20 18:03:20,451 INFO L290 TraceCheckUtils]: 45: Hoare triple {11601#false} assume !false; {11601#false} is VALID [2022-02-20 18:03:20,452 INFO L290 TraceCheckUtils]: 46: Hoare triple {11601#false} assume test_~splverifierCounter~0#1 < 4; {11601#false} is VALID [2022-02-20 18:03:20,452 INFO L290 TraceCheckUtils]: 47: Hoare triple {11601#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11601#false} is VALID [2022-02-20 18:03:20,452 INFO L290 TraceCheckUtils]: 48: Hoare triple {11601#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {11601#false} is VALID [2022-02-20 18:03:20,452 INFO L290 TraceCheckUtils]: 49: Hoare triple {11601#false} assume !(0 != test_~tmp___9~0#1); {11601#false} is VALID [2022-02-20 18:03:20,452 INFO L290 TraceCheckUtils]: 50: Hoare triple {11601#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {11601#false} is VALID [2022-02-20 18:03:20,452 INFO L290 TraceCheckUtils]: 51: Hoare triple {11601#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11601#false} is VALID [2022-02-20 18:03:20,453 INFO L290 TraceCheckUtils]: 52: Hoare triple {11601#false} assume !false; {11601#false} is VALID [2022-02-20 18:03:20,453 INFO L290 TraceCheckUtils]: 53: Hoare triple {11601#false} assume !(test_~splverifierCounter~0#1 < 4); {11601#false} is VALID [2022-02-20 18:03:20,453 INFO L290 TraceCheckUtils]: 54: Hoare triple {11601#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {11601#false} is VALID [2022-02-20 18:03:20,453 INFO L272 TraceCheckUtils]: 55: Hoare triple {11601#false} call sendEmail(~bob~0, ~rjh~0); {11601#false} is VALID [2022-02-20 18:03:20,453 INFO L290 TraceCheckUtils]: 56: Hoare triple {11601#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11601#false} is VALID [2022-02-20 18:03:20,453 INFO L272 TraceCheckUtils]: 57: Hoare triple {11601#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11653#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:20,453 INFO L290 TraceCheckUtils]: 58: Hoare triple {11653#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,454 INFO L290 TraceCheckUtils]: 59: Hoare triple {11600#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,454 INFO L290 TraceCheckUtils]: 60: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,454 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {11600#true} {11601#false} #921#return; {11601#false} is VALID [2022-02-20 18:03:20,454 INFO L272 TraceCheckUtils]: 62: Hoare triple {11601#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11654#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:20,454 INFO L290 TraceCheckUtils]: 63: Hoare triple {11654#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,454 INFO L290 TraceCheckUtils]: 64: Hoare triple {11600#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,454 INFO L290 TraceCheckUtils]: 65: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,455 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {11600#true} {11601#false} #923#return; {11601#false} is VALID [2022-02-20 18:03:20,455 INFO L290 TraceCheckUtils]: 67: Hoare triple {11601#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {11601#false} is VALID [2022-02-20 18:03:20,455 INFO L290 TraceCheckUtils]: 68: Hoare triple {11601#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {11601#false} is VALID [2022-02-20 18:03:20,455 INFO L272 TraceCheckUtils]: 69: Hoare triple {11601#false} call outgoing(~sender#1, ~email~0#1); {11601#false} is VALID [2022-02-20 18:03:20,456 INFO L290 TraceCheckUtils]: 70: Hoare triple {11601#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {11601#false} is VALID [2022-02-20 18:03:20,456 INFO L272 TraceCheckUtils]: 71: Hoare triple {11601#false} call #t~ret85#1 := getEmailTo(~msg#1); {11600#true} is VALID [2022-02-20 18:03:20,456 INFO L290 TraceCheckUtils]: 72: Hoare triple {11600#true} ~handle := #in~handle;havoc ~retValue_acc~28; {11600#true} is VALID [2022-02-20 18:03:20,456 INFO L290 TraceCheckUtils]: 73: Hoare triple {11600#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {11600#true} is VALID [2022-02-20 18:03:20,457 INFO L290 TraceCheckUtils]: 74: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,457 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {11600#true} {11601#false} #881#return; {11601#false} is VALID [2022-02-20 18:03:20,457 INFO L290 TraceCheckUtils]: 76: Hoare triple {11601#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {11601#false} is VALID [2022-02-20 18:03:20,457 INFO L290 TraceCheckUtils]: 77: Hoare triple {11601#false} assume 1 == findPublicKey_~handle#1; {11601#false} is VALID [2022-02-20 18:03:20,457 INFO L290 TraceCheckUtils]: 78: Hoare triple {11601#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {11601#false} is VALID [2022-02-20 18:03:20,457 INFO L290 TraceCheckUtils]: 79: Hoare triple {11601#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {11601#false} is VALID [2022-02-20 18:03:20,457 INFO L290 TraceCheckUtils]: 80: Hoare triple {11601#false} assume !(0 != ~pubkey~0#1); {11601#false} is VALID [2022-02-20 18:03:20,458 INFO L290 TraceCheckUtils]: 81: Hoare triple {11601#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {11601#false} is VALID [2022-02-20 18:03:20,458 INFO L290 TraceCheckUtils]: 82: Hoare triple {11601#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {11601#false} is VALID [2022-02-20 18:03:20,458 INFO L290 TraceCheckUtils]: 83: Hoare triple {11601#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {11601#false} is VALID [2022-02-20 18:03:20,458 INFO L272 TraceCheckUtils]: 84: Hoare triple {11601#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {11653#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:20,458 INFO L290 TraceCheckUtils]: 85: Hoare triple {11653#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11600#true} is VALID [2022-02-20 18:03:20,458 INFO L290 TraceCheckUtils]: 86: Hoare triple {11600#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11600#true} is VALID [2022-02-20 18:03:20,458 INFO L290 TraceCheckUtils]: 87: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,459 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {11600#true} {11601#false} #887#return; {11601#false} is VALID [2022-02-20 18:03:20,459 INFO L290 TraceCheckUtils]: 89: Hoare triple {11601#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {11601#false} is VALID [2022-02-20 18:03:20,459 INFO L290 TraceCheckUtils]: 90: Hoare triple {11601#false} assume 0 != ~in_encrypted~0; {11601#false} is VALID [2022-02-20 18:03:20,459 INFO L272 TraceCheckUtils]: 91: Hoare triple {11601#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {11600#true} is VALID [2022-02-20 18:03:20,459 INFO L290 TraceCheckUtils]: 92: Hoare triple {11600#true} ~handle := #in~handle;havoc ~retValue_acc~31; {11600#true} is VALID [2022-02-20 18:03:20,459 INFO L290 TraceCheckUtils]: 93: Hoare triple {11600#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {11600#true} is VALID [2022-02-20 18:03:20,459 INFO L290 TraceCheckUtils]: 94: Hoare triple {11600#true} assume true; {11600#true} is VALID [2022-02-20 18:03:20,460 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {11600#true} {11601#false} #889#return; {11601#false} is VALID [2022-02-20 18:03:20,460 INFO L290 TraceCheckUtils]: 96: Hoare triple {11601#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {11601#false} is VALID [2022-02-20 18:03:20,460 INFO L290 TraceCheckUtils]: 97: Hoare triple {11601#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {11601#false} is VALID [2022-02-20 18:03:20,460 INFO L290 TraceCheckUtils]: 98: Hoare triple {11601#false} assume !false; {11601#false} is VALID [2022-02-20 18:03:20,460 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:03:20,461 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:20,461 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1339145873] [2022-02-20 18:03:20,461 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1339145873] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:20,461 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:20,461 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:03:20,461 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1920427826] [2022-02-20 18:03:20,461 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:20,462 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) Word has length 99 [2022-02-20 18:03:20,462 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:20,463 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:20,537 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 88 edges. 88 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:20,537 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:03:20,538 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:20,539 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:03:20,539 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:03:20,539 INFO L87 Difference]: Start difference. First operand 347 states and 535 transitions. Second operand has 9 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:26,737 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:26,737 INFO L93 Difference]: Finished difference Result 819 states and 1261 transitions. [2022-02-20 18:03:26,738 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:03:26,738 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) Word has length 99 [2022-02-20 18:03:26,739 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:26,739 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:26,751 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1075 transitions. [2022-02-20 18:03:26,751 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:26,763 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1075 transitions. [2022-02-20 18:03:26,763 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1075 transitions. [2022-02-20 18:03:27,847 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1075 edges. 1075 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:27,867 INFO L225 Difference]: With dead ends: 819 [2022-02-20 18:03:27,867 INFO L226 Difference]: Without dead ends: 495 [2022-02-20 18:03:27,868 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 40 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:03:27,871 INFO L933 BasicCegarLoop]: 557 mSDtfsCounter, 1023 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1902 mSolverCounterSat, 356 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1040 SdHoareTripleChecker+Valid, 1372 SdHoareTripleChecker+Invalid, 2258 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 356 IncrementalHoareTripleChecker+Valid, 1902 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.7s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:27,871 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1040 Valid, 1372 Invalid, 2258 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [356 Valid, 1902 Invalid, 0 Unknown, 0 Unchecked, 2.7s Time] [2022-02-20 18:03:27,873 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 495 states. [2022-02-20 18:03:27,975 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 495 to 347. [2022-02-20 18:03:27,975 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:27,977 INFO L82 GeneralOperation]: Start isEquivalent. First operand 495 states. Second operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (61), 55 states have call predecessors, (61), 55 states have call successors, (61) [2022-02-20 18:03:27,977 INFO L74 IsIncluded]: Start isIncluded. First operand 495 states. Second operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (61), 55 states have call predecessors, (61), 55 states have call successors, (61) [2022-02-20 18:03:27,978 INFO L87 Difference]: Start difference. First operand 495 states. Second operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (61), 55 states have call predecessors, (61), 55 states have call successors, (61) [2022-02-20 18:03:28,000 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:28,000 INFO L93 Difference]: Finished difference Result 495 states and 757 transitions. [2022-02-20 18:03:28,000 INFO L276 IsEmpty]: Start isEmpty. Operand 495 states and 757 transitions. [2022-02-20 18:03:28,003 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:28,003 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:28,004 INFO L74 IsIncluded]: Start isIncluded. First operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (61), 55 states have call predecessors, (61), 55 states have call successors, (61) Second operand 495 states. [2022-02-20 18:03:28,005 INFO L87 Difference]: Start difference. First operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (61), 55 states have call predecessors, (61), 55 states have call successors, (61) Second operand 495 states. [2022-02-20 18:03:28,025 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:28,025 INFO L93 Difference]: Finished difference Result 495 states and 757 transitions. [2022-02-20 18:03:28,025 INFO L276 IsEmpty]: Start isEmpty. Operand 495 states and 757 transitions. [2022-02-20 18:03:28,029 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:28,029 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:28,029 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:28,029 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:28,030 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 347 states, 272 states have (on average 1.5330882352941178) internal successors, (417), 277 states have internal predecessors, (417), 56 states have call successors, (56), 16 states have call predecessors, (56), 18 states have return successors, (61), 55 states have call predecessors, (61), 55 states have call successors, (61) [2022-02-20 18:03:28,041 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 347 states to 347 states and 534 transitions. [2022-02-20 18:03:28,042 INFO L78 Accepts]: Start accepts. Automaton has 347 states and 534 transitions. Word has length 99 [2022-02-20 18:03:28,042 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:28,042 INFO L470 AbstractCegarLoop]: Abstraction has 347 states and 534 transitions. [2022-02-20 18:03:28,042 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.0) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:28,044 INFO L276 IsEmpty]: Start isEmpty. Operand 347 states and 534 transitions. [2022-02-20 18:03:28,047 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 101 [2022-02-20 18:03:28,047 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:28,047 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:28,047 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:03:28,047 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:28,048 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:28,048 INFO L85 PathProgramCache]: Analyzing trace with hash 963094467, now seen corresponding path program 2 times [2022-02-20 18:03:28,048 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:28,048 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1135680445] [2022-02-20 18:03:28,048 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:28,049 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:28,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:28,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,116 INFO L290 TraceCheckUtils]: 0: Hoare triple {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,117 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,117 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14339#true} {14339#true} #927#return; {14339#true} is VALID [2022-02-20 18:03:28,122 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:28,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,127 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14339#true} {14339#true} #929#return; {14339#true} is VALID [2022-02-20 18:03:28,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:28,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,131 INFO L290 TraceCheckUtils]: 0: Hoare triple {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,131 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume !(1 == ~handle); {14339#true} is VALID [2022-02-20 18:03:28,132 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,132 INFO L290 TraceCheckUtils]: 3: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,132 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14339#true} {14339#true} #931#return; {14339#true} is VALID [2022-02-20 18:03:28,132 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:28,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,135 INFO L290 TraceCheckUtils]: 0: Hoare triple {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,135 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume !(1 == ~handle); {14339#true} is VALID [2022-02-20 18:03:28,135 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,135 INFO L290 TraceCheckUtils]: 3: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,136 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14339#true} {14339#true} #933#return; {14339#true} is VALID [2022-02-20 18:03:28,136 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:28,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,152 INFO L290 TraceCheckUtils]: 0: Hoare triple {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14391#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:28,153 INFO L290 TraceCheckUtils]: 1: Hoare triple {14391#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {14391#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:28,153 INFO L290 TraceCheckUtils]: 2: Hoare triple {14391#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14392#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:28,154 INFO L290 TraceCheckUtils]: 3: Hoare triple {14392#(= 2 |setClientId_#in~handle|)} assume true; {14392#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:28,154 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14392#(= 2 |setClientId_#in~handle|)} {14359#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #935#return; {14340#false} is VALID [2022-02-20 18:03:28,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:03:28,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,159 INFO L290 TraceCheckUtils]: 0: Hoare triple {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,159 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,159 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14339#true} {14340#false} #937#return; {14340#false} is VALID [2022-02-20 18:03:28,165 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:03:28,166 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {14393#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,168 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14339#true} {14340#false} #921#return; {14340#false} is VALID [2022-02-20 18:03:28,175 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:03:28,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,179 INFO L290 TraceCheckUtils]: 0: Hoare triple {14394#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,179 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,180 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,180 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14339#true} {14340#false} #923#return; {14340#false} is VALID [2022-02-20 18:03:28,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:03:28,181 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,182 INFO L290 TraceCheckUtils]: 0: Hoare triple {14339#true} ~handle := #in~handle;havoc ~retValue_acc~28; {14339#true} is VALID [2022-02-20 18:03:28,182 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {14339#true} is VALID [2022-02-20 18:03:28,182 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,183 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14339#true} {14340#false} #881#return; {14340#false} is VALID [2022-02-20 18:03:28,183 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:03:28,183 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {14393#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,185 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14339#true} {14340#false} #887#return; {14340#false} is VALID [2022-02-20 18:03:28,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 18:03:28,186 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:28,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {14339#true} ~handle := #in~handle;havoc ~retValue_acc~31; {14339#true} is VALID [2022-02-20 18:03:28,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {14339#true} is VALID [2022-02-20 18:03:28,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,188 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14339#true} {14340#false} #889#return; {14340#false} is VALID [2022-02-20 18:03:28,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {14339#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {14339#true} is VALID [2022-02-20 18:03:28,189 INFO L290 TraceCheckUtils]: 1: Hoare triple {14339#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {14339#true} is VALID [2022-02-20 18:03:28,189 INFO L290 TraceCheckUtils]: 2: Hoare triple {14339#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14339#true} is VALID [2022-02-20 18:03:28,189 INFO L290 TraceCheckUtils]: 3: Hoare triple {14339#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {14339#true} is VALID [2022-02-20 18:03:28,189 INFO L290 TraceCheckUtils]: 4: Hoare triple {14339#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {14339#true} is VALID [2022-02-20 18:03:28,189 INFO L290 TraceCheckUtils]: 5: Hoare triple {14339#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14339#true} is VALID [2022-02-20 18:03:28,190 INFO L272 TraceCheckUtils]: 6: Hoare triple {14339#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:28,190 INFO L290 TraceCheckUtils]: 7: Hoare triple {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,190 INFO L290 TraceCheckUtils]: 8: Hoare triple {14339#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,190 INFO L290 TraceCheckUtils]: 9: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,190 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14339#true} {14339#true} #927#return; {14339#true} is VALID [2022-02-20 18:03:28,190 INFO L290 TraceCheckUtils]: 11: Hoare triple {14339#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14339#true} is VALID [2022-02-20 18:03:28,191 INFO L272 TraceCheckUtils]: 12: Hoare triple {14339#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:28,191 INFO L290 TraceCheckUtils]: 13: Hoare triple {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,191 INFO L290 TraceCheckUtils]: 14: Hoare triple {14339#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,191 INFO L290 TraceCheckUtils]: 15: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,192 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14339#true} {14339#true} #929#return; {14339#true} is VALID [2022-02-20 18:03:28,192 INFO L290 TraceCheckUtils]: 17: Hoare triple {14339#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14339#true} is VALID [2022-02-20 18:03:28,192 INFO L272 TraceCheckUtils]: 18: Hoare triple {14339#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:28,193 INFO L290 TraceCheckUtils]: 19: Hoare triple {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,193 INFO L290 TraceCheckUtils]: 20: Hoare triple {14339#true} assume !(1 == ~handle); {14339#true} is VALID [2022-02-20 18:03:28,193 INFO L290 TraceCheckUtils]: 21: Hoare triple {14339#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,193 INFO L290 TraceCheckUtils]: 22: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,193 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14339#true} {14339#true} #931#return; {14339#true} is VALID [2022-02-20 18:03:28,193 INFO L290 TraceCheckUtils]: 24: Hoare triple {14339#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14339#true} is VALID [2022-02-20 18:03:28,194 INFO L272 TraceCheckUtils]: 25: Hoare triple {14339#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:28,194 INFO L290 TraceCheckUtils]: 26: Hoare triple {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,194 INFO L290 TraceCheckUtils]: 27: Hoare triple {14339#true} assume !(1 == ~handle); {14339#true} is VALID [2022-02-20 18:03:28,194 INFO L290 TraceCheckUtils]: 28: Hoare triple {14339#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,194 INFO L290 TraceCheckUtils]: 29: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,195 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14339#true} {14339#true} #933#return; {14339#true} is VALID [2022-02-20 18:03:28,195 INFO L290 TraceCheckUtils]: 31: Hoare triple {14339#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14359#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:28,196 INFO L272 TraceCheckUtils]: 32: Hoare triple {14359#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:28,196 INFO L290 TraceCheckUtils]: 33: Hoare triple {14389#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14391#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:28,196 INFO L290 TraceCheckUtils]: 34: Hoare triple {14391#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {14391#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:28,197 INFO L290 TraceCheckUtils]: 35: Hoare triple {14391#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14392#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:28,197 INFO L290 TraceCheckUtils]: 36: Hoare triple {14392#(= 2 |setClientId_#in~handle|)} assume true; {14392#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:28,198 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {14392#(= 2 |setClientId_#in~handle|)} {14359#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #935#return; {14340#false} is VALID [2022-02-20 18:03:28,198 INFO L290 TraceCheckUtils]: 38: Hoare triple {14340#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {14340#false} is VALID [2022-02-20 18:03:28,198 INFO L272 TraceCheckUtils]: 39: Hoare triple {14340#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:28,198 INFO L290 TraceCheckUtils]: 40: Hoare triple {14390#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,198 INFO L290 TraceCheckUtils]: 41: Hoare triple {14339#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,198 INFO L290 TraceCheckUtils]: 42: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,198 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {14339#true} {14340#false} #937#return; {14340#false} is VALID [2022-02-20 18:03:28,198 INFO L290 TraceCheckUtils]: 44: Hoare triple {14340#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {14340#false} is VALID [2022-02-20 18:03:28,199 INFO L290 TraceCheckUtils]: 45: Hoare triple {14340#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14340#false} is VALID [2022-02-20 18:03:28,199 INFO L290 TraceCheckUtils]: 46: Hoare triple {14340#false} assume !false; {14340#false} is VALID [2022-02-20 18:03:28,199 INFO L290 TraceCheckUtils]: 47: Hoare triple {14340#false} assume test_~splverifierCounter~0#1 < 4; {14340#false} is VALID [2022-02-20 18:03:28,199 INFO L290 TraceCheckUtils]: 48: Hoare triple {14340#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14340#false} is VALID [2022-02-20 18:03:28,199 INFO L290 TraceCheckUtils]: 49: Hoare triple {14340#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {14340#false} is VALID [2022-02-20 18:03:28,199 INFO L290 TraceCheckUtils]: 50: Hoare triple {14340#false} assume !(0 != test_~tmp___9~0#1); {14340#false} is VALID [2022-02-20 18:03:28,199 INFO L290 TraceCheckUtils]: 51: Hoare triple {14340#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {14340#false} is VALID [2022-02-20 18:03:28,200 INFO L290 TraceCheckUtils]: 52: Hoare triple {14340#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {14340#false} is VALID [2022-02-20 18:03:28,200 INFO L290 TraceCheckUtils]: 53: Hoare triple {14340#false} assume !false; {14340#false} is VALID [2022-02-20 18:03:28,200 INFO L290 TraceCheckUtils]: 54: Hoare triple {14340#false} assume !(test_~splverifierCounter~0#1 < 4); {14340#false} is VALID [2022-02-20 18:03:28,200 INFO L290 TraceCheckUtils]: 55: Hoare triple {14340#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {14340#false} is VALID [2022-02-20 18:03:28,200 INFO L272 TraceCheckUtils]: 56: Hoare triple {14340#false} call sendEmail(~bob~0, ~rjh~0); {14340#false} is VALID [2022-02-20 18:03:28,212 INFO L290 TraceCheckUtils]: 57: Hoare triple {14340#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14340#false} is VALID [2022-02-20 18:03:28,212 INFO L272 TraceCheckUtils]: 58: Hoare triple {14340#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14393#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:28,213 INFO L290 TraceCheckUtils]: 59: Hoare triple {14393#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,213 INFO L290 TraceCheckUtils]: 60: Hoare triple {14339#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,213 INFO L290 TraceCheckUtils]: 61: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,213 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {14339#true} {14340#false} #921#return; {14340#false} is VALID [2022-02-20 18:03:28,213 INFO L272 TraceCheckUtils]: 63: Hoare triple {14340#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14394#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:28,213 INFO L290 TraceCheckUtils]: 64: Hoare triple {14394#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,213 INFO L290 TraceCheckUtils]: 65: Hoare triple {14339#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,214 INFO L290 TraceCheckUtils]: 66: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,214 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {14339#true} {14340#false} #923#return; {14340#false} is VALID [2022-02-20 18:03:28,214 INFO L290 TraceCheckUtils]: 68: Hoare triple {14340#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {14340#false} is VALID [2022-02-20 18:03:28,214 INFO L290 TraceCheckUtils]: 69: Hoare triple {14340#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {14340#false} is VALID [2022-02-20 18:03:28,214 INFO L272 TraceCheckUtils]: 70: Hoare triple {14340#false} call outgoing(~sender#1, ~email~0#1); {14340#false} is VALID [2022-02-20 18:03:28,214 INFO L290 TraceCheckUtils]: 71: Hoare triple {14340#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {14340#false} is VALID [2022-02-20 18:03:28,214 INFO L272 TraceCheckUtils]: 72: Hoare triple {14340#false} call #t~ret85#1 := getEmailTo(~msg#1); {14339#true} is VALID [2022-02-20 18:03:28,215 INFO L290 TraceCheckUtils]: 73: Hoare triple {14339#true} ~handle := #in~handle;havoc ~retValue_acc~28; {14339#true} is VALID [2022-02-20 18:03:28,215 INFO L290 TraceCheckUtils]: 74: Hoare triple {14339#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {14339#true} is VALID [2022-02-20 18:03:28,215 INFO L290 TraceCheckUtils]: 75: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,215 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {14339#true} {14340#false} #881#return; {14340#false} is VALID [2022-02-20 18:03:28,215 INFO L290 TraceCheckUtils]: 77: Hoare triple {14340#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {14340#false} is VALID [2022-02-20 18:03:28,215 INFO L290 TraceCheckUtils]: 78: Hoare triple {14340#false} assume 1 == findPublicKey_~handle#1; {14340#false} is VALID [2022-02-20 18:03:28,215 INFO L290 TraceCheckUtils]: 79: Hoare triple {14340#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {14340#false} is VALID [2022-02-20 18:03:28,215 INFO L290 TraceCheckUtils]: 80: Hoare triple {14340#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {14340#false} is VALID [2022-02-20 18:03:28,216 INFO L290 TraceCheckUtils]: 81: Hoare triple {14340#false} assume !(0 != ~pubkey~0#1); {14340#false} is VALID [2022-02-20 18:03:28,216 INFO L290 TraceCheckUtils]: 82: Hoare triple {14340#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {14340#false} is VALID [2022-02-20 18:03:28,216 INFO L290 TraceCheckUtils]: 83: Hoare triple {14340#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {14340#false} is VALID [2022-02-20 18:03:28,216 INFO L290 TraceCheckUtils]: 84: Hoare triple {14340#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {14340#false} is VALID [2022-02-20 18:03:28,216 INFO L272 TraceCheckUtils]: 85: Hoare triple {14340#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {14393#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:28,216 INFO L290 TraceCheckUtils]: 86: Hoare triple {14393#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14339#true} is VALID [2022-02-20 18:03:28,216 INFO L290 TraceCheckUtils]: 87: Hoare triple {14339#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14339#true} is VALID [2022-02-20 18:03:28,217 INFO L290 TraceCheckUtils]: 88: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,217 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {14339#true} {14340#false} #887#return; {14340#false} is VALID [2022-02-20 18:03:28,217 INFO L290 TraceCheckUtils]: 90: Hoare triple {14340#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {14340#false} is VALID [2022-02-20 18:03:28,217 INFO L290 TraceCheckUtils]: 91: Hoare triple {14340#false} assume 0 != ~in_encrypted~0; {14340#false} is VALID [2022-02-20 18:03:28,217 INFO L272 TraceCheckUtils]: 92: Hoare triple {14340#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {14339#true} is VALID [2022-02-20 18:03:28,217 INFO L290 TraceCheckUtils]: 93: Hoare triple {14339#true} ~handle := #in~handle;havoc ~retValue_acc~31; {14339#true} is VALID [2022-02-20 18:03:28,217 INFO L290 TraceCheckUtils]: 94: Hoare triple {14339#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {14339#true} is VALID [2022-02-20 18:03:28,217 INFO L290 TraceCheckUtils]: 95: Hoare triple {14339#true} assume true; {14339#true} is VALID [2022-02-20 18:03:28,218 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {14339#true} {14340#false} #889#return; {14340#false} is VALID [2022-02-20 18:03:28,218 INFO L290 TraceCheckUtils]: 97: Hoare triple {14340#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {14340#false} is VALID [2022-02-20 18:03:28,218 INFO L290 TraceCheckUtils]: 98: Hoare triple {14340#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {14340#false} is VALID [2022-02-20 18:03:28,218 INFO L290 TraceCheckUtils]: 99: Hoare triple {14340#false} assume !false; {14340#false} is VALID [2022-02-20 18:03:28,218 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:03:28,219 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:28,219 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1135680445] [2022-02-20 18:03:28,219 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1135680445] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:28,219 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:28,219 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:03:28,219 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [170981671] [2022-02-20 18:03:28,219 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:28,220 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) Word has length 100 [2022-02-20 18:03:28,221 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:28,221 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:28,283 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 89 edges. 89 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:28,284 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:03:28,284 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:28,284 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:03:28,285 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:03:28,285 INFO L87 Difference]: Start difference. First operand 347 states and 534 transitions. Second operand has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:34,067 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:34,068 INFO L93 Difference]: Finished difference Result 821 states and 1264 transitions. [2022-02-20 18:03:34,068 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:03:34,068 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) Word has length 100 [2022-02-20 18:03:34,068 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:34,069 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:34,079 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1076 transitions. [2022-02-20 18:03:34,080 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:34,090 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1076 transitions. [2022-02-20 18:03:34,091 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1076 transitions. [2022-02-20 18:03:35,050 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1076 edges. 1076 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:35,071 INFO L225 Difference]: With dead ends: 821 [2022-02-20 18:03:35,071 INFO L226 Difference]: Without dead ends: 497 [2022-02-20 18:03:35,072 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 40 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:03:35,073 INFO L933 BasicCegarLoop]: 558 mSDtfsCounter, 1018 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1902 mSolverCounterSat, 365 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1035 SdHoareTripleChecker+Valid, 1373 SdHoareTripleChecker+Invalid, 2267 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 365 IncrementalHoareTripleChecker+Valid, 1902 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:35,073 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1035 Valid, 1373 Invalid, 2267 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [365 Valid, 1902 Invalid, 0 Unknown, 0 Unchecked, 2.6s Time] [2022-02-20 18:03:35,074 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 497 states. [2022-02-20 18:03:35,162 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 497 to 349. [2022-02-20 18:03:35,162 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:35,163 INFO L82 GeneralOperation]: Start isEquivalent. First operand 497 states. Second operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (63), 55 states have call predecessors, (63), 55 states have call successors, (63) [2022-02-20 18:03:35,164 INFO L74 IsIncluded]: Start isIncluded. First operand 497 states. Second operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (63), 55 states have call predecessors, (63), 55 states have call successors, (63) [2022-02-20 18:03:35,165 INFO L87 Difference]: Start difference. First operand 497 states. Second operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (63), 55 states have call predecessors, (63), 55 states have call successors, (63) [2022-02-20 18:03:35,183 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:35,184 INFO L93 Difference]: Finished difference Result 497 states and 760 transitions. [2022-02-20 18:03:35,184 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 760 transitions. [2022-02-20 18:03:35,186 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:35,187 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:35,188 INFO L74 IsIncluded]: Start isIncluded. First operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (63), 55 states have call predecessors, (63), 55 states have call successors, (63) Second operand 497 states. [2022-02-20 18:03:35,189 INFO L87 Difference]: Start difference. First operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (63), 55 states have call predecessors, (63), 55 states have call successors, (63) Second operand 497 states. [2022-02-20 18:03:35,208 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:35,208 INFO L93 Difference]: Finished difference Result 497 states and 760 transitions. [2022-02-20 18:03:35,208 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 760 transitions. [2022-02-20 18:03:35,211 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:35,211 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:35,211 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:35,211 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:35,213 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (63), 55 states have call predecessors, (63), 55 states have call successors, (63) [2022-02-20 18:03:35,224 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 349 states to 349 states and 537 transitions. [2022-02-20 18:03:35,224 INFO L78 Accepts]: Start accepts. Automaton has 349 states and 537 transitions. Word has length 100 [2022-02-20 18:03:35,224 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:35,224 INFO L470 AbstractCegarLoop]: Abstraction has 349 states and 537 transitions. [2022-02-20 18:03:35,225 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.125) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (13), 6 states have call predecessors, (13), 2 states have return successors, (11), 2 states have call predecessors, (11), 3 states have call successors, (11) [2022-02-20 18:03:35,225 INFO L276 IsEmpty]: Start isEmpty. Operand 349 states and 537 transitions. [2022-02-20 18:03:35,226 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2022-02-20 18:03:35,226 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:35,227 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:35,227 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:03:35,227 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:35,227 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:35,227 INFO L85 PathProgramCache]: Analyzing trace with hash -868146014, now seen corresponding path program 1 times [2022-02-20 18:03:35,228 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:35,228 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1414068140] [2022-02-20 18:03:35,228 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:35,228 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:35,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:35,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,294 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17087#true} {17087#true} #927#return; {17087#true} is VALID [2022-02-20 18:03:35,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:35,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,304 INFO L290 TraceCheckUtils]: 0: Hoare triple {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,304 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,304 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,304 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17087#true} {17087#true} #929#return; {17087#true} is VALID [2022-02-20 18:03:35,304 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:35,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume !(1 == ~handle); {17087#true} is VALID [2022-02-20 18:03:35,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,308 INFO L290 TraceCheckUtils]: 3: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,308 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17087#true} {17087#true} #931#return; {17087#true} is VALID [2022-02-20 18:03:35,308 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:35,309 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,311 INFO L290 TraceCheckUtils]: 0: Hoare triple {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume !(1 == ~handle); {17087#true} is VALID [2022-02-20 18:03:35,311 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,311 INFO L290 TraceCheckUtils]: 3: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,312 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17087#true} {17087#true} #933#return; {17087#true} is VALID [2022-02-20 18:03:35,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:35,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,333 INFO L290 TraceCheckUtils]: 0: Hoare triple {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17141#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,334 INFO L290 TraceCheckUtils]: 1: Hoare triple {17141#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17141#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,334 INFO L290 TraceCheckUtils]: 2: Hoare triple {17141#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {17141#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,335 INFO L290 TraceCheckUtils]: 3: Hoare triple {17141#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17142#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,335 INFO L290 TraceCheckUtils]: 4: Hoare triple {17142#(= 3 |setClientId_#in~handle|)} assume true; {17142#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,336 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {17142#(= 3 |setClientId_#in~handle|)} {17107#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #935#return; {17114#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:03:35,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:03:35,339 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17143#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:35,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {17143#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17144#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:35,357 INFO L290 TraceCheckUtils]: 2: Hoare triple {17144#(= |setClientPrivateKey_#in~handle| 1)} assume true; {17144#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:35,357 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17144#(= |setClientPrivateKey_#in~handle| 1)} {17114#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #937#return; {17088#false} is VALID [2022-02-20 18:03:35,365 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:03:35,367 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,369 INFO L290 TraceCheckUtils]: 0: Hoare triple {17145#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,369 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,369 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,369 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17087#true} {17088#false} #921#return; {17088#false} is VALID [2022-02-20 18:03:35,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:03:35,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,381 INFO L290 TraceCheckUtils]: 0: Hoare triple {17146#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,381 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,381 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,382 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17087#true} {17088#false} #923#return; {17088#false} is VALID [2022-02-20 18:03:35,382 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:03:35,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {17087#true} ~handle := #in~handle;havoc ~retValue_acc~28; {17087#true} is VALID [2022-02-20 18:03:35,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {17087#true} is VALID [2022-02-20 18:03:35,385 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,385 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17087#true} {17088#false} #881#return; {17088#false} is VALID [2022-02-20 18:03:35,385 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:03:35,386 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,390 INFO L290 TraceCheckUtils]: 0: Hoare triple {17145#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,390 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17087#true} {17088#false} #887#return; {17088#false} is VALID [2022-02-20 18:03:35,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:03:35,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,398 INFO L290 TraceCheckUtils]: 0: Hoare triple {17087#true} ~handle := #in~handle;havoc ~retValue_acc~31; {17087#true} is VALID [2022-02-20 18:03:35,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {17087#true} is VALID [2022-02-20 18:03:35,398 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,399 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17087#true} {17088#false} #889#return; {17088#false} is VALID [2022-02-20 18:03:35,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {17087#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {17087#true} is VALID [2022-02-20 18:03:35,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {17087#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {17087#true} is VALID [2022-02-20 18:03:35,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {17087#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17087#true} is VALID [2022-02-20 18:03:35,399 INFO L290 TraceCheckUtils]: 3: Hoare triple {17087#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {17087#true} is VALID [2022-02-20 18:03:35,399 INFO L290 TraceCheckUtils]: 4: Hoare triple {17087#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {17087#true} is VALID [2022-02-20 18:03:35,400 INFO L290 TraceCheckUtils]: 5: Hoare triple {17087#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17087#true} is VALID [2022-02-20 18:03:35,400 INFO L272 TraceCheckUtils]: 6: Hoare triple {17087#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:35,400 INFO L290 TraceCheckUtils]: 7: Hoare triple {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,401 INFO L290 TraceCheckUtils]: 8: Hoare triple {17087#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,401 INFO L290 TraceCheckUtils]: 9: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,401 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17087#true} {17087#true} #927#return; {17087#true} is VALID [2022-02-20 18:03:35,401 INFO L290 TraceCheckUtils]: 11: Hoare triple {17087#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17087#true} is VALID [2022-02-20 18:03:35,402 INFO L272 TraceCheckUtils]: 12: Hoare triple {17087#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:35,402 INFO L290 TraceCheckUtils]: 13: Hoare triple {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,402 INFO L290 TraceCheckUtils]: 14: Hoare triple {17087#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,402 INFO L290 TraceCheckUtils]: 15: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,402 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17087#true} {17087#true} #929#return; {17087#true} is VALID [2022-02-20 18:03:35,402 INFO L290 TraceCheckUtils]: 17: Hoare triple {17087#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17087#true} is VALID [2022-02-20 18:03:35,403 INFO L272 TraceCheckUtils]: 18: Hoare triple {17087#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:35,403 INFO L290 TraceCheckUtils]: 19: Hoare triple {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,403 INFO L290 TraceCheckUtils]: 20: Hoare triple {17087#true} assume !(1 == ~handle); {17087#true} is VALID [2022-02-20 18:03:35,403 INFO L290 TraceCheckUtils]: 21: Hoare triple {17087#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,404 INFO L290 TraceCheckUtils]: 22: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,404 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17087#true} {17087#true} #931#return; {17087#true} is VALID [2022-02-20 18:03:35,404 INFO L290 TraceCheckUtils]: 24: Hoare triple {17087#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17087#true} is VALID [2022-02-20 18:03:35,404 INFO L272 TraceCheckUtils]: 25: Hoare triple {17087#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:35,405 INFO L290 TraceCheckUtils]: 26: Hoare triple {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,405 INFO L290 TraceCheckUtils]: 27: Hoare triple {17087#true} assume !(1 == ~handle); {17087#true} is VALID [2022-02-20 18:03:35,405 INFO L290 TraceCheckUtils]: 28: Hoare triple {17087#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,405 INFO L290 TraceCheckUtils]: 29: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,405 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17087#true} {17087#true} #933#return; {17087#true} is VALID [2022-02-20 18:03:35,406 INFO L290 TraceCheckUtils]: 31: Hoare triple {17087#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17107#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:35,406 INFO L272 TraceCheckUtils]: 32: Hoare triple {17107#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:35,407 INFO L290 TraceCheckUtils]: 33: Hoare triple {17139#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17141#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,407 INFO L290 TraceCheckUtils]: 34: Hoare triple {17141#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17141#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,407 INFO L290 TraceCheckUtils]: 35: Hoare triple {17141#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {17141#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,408 INFO L290 TraceCheckUtils]: 36: Hoare triple {17141#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {17142#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,408 INFO L290 TraceCheckUtils]: 37: Hoare triple {17142#(= 3 |setClientId_#in~handle|)} assume true; {17142#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,409 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {17142#(= 3 |setClientId_#in~handle|)} {17107#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #935#return; {17114#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:03:35,409 INFO L290 TraceCheckUtils]: 39: Hoare triple {17114#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {17114#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:03:35,410 INFO L272 TraceCheckUtils]: 40: Hoare triple {17114#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:35,410 INFO L290 TraceCheckUtils]: 41: Hoare triple {17140#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17143#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:35,410 INFO L290 TraceCheckUtils]: 42: Hoare triple {17143#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17144#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:35,411 INFO L290 TraceCheckUtils]: 43: Hoare triple {17144#(= |setClientPrivateKey_#in~handle| 1)} assume true; {17144#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:35,411 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {17144#(= |setClientPrivateKey_#in~handle| 1)} {17114#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #937#return; {17088#false} is VALID [2022-02-20 18:03:35,411 INFO L290 TraceCheckUtils]: 45: Hoare triple {17088#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {17088#false} is VALID [2022-02-20 18:03:35,411 INFO L290 TraceCheckUtils]: 46: Hoare triple {17088#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17088#false} is VALID [2022-02-20 18:03:35,412 INFO L290 TraceCheckUtils]: 47: Hoare triple {17088#false} assume !false; {17088#false} is VALID [2022-02-20 18:03:35,412 INFO L290 TraceCheckUtils]: 48: Hoare triple {17088#false} assume test_~splverifierCounter~0#1 < 4; {17088#false} is VALID [2022-02-20 18:03:35,412 INFO L290 TraceCheckUtils]: 49: Hoare triple {17088#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17088#false} is VALID [2022-02-20 18:03:35,412 INFO L290 TraceCheckUtils]: 50: Hoare triple {17088#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {17088#false} is VALID [2022-02-20 18:03:35,412 INFO L290 TraceCheckUtils]: 51: Hoare triple {17088#false} assume !(0 != test_~tmp___9~0#1); {17088#false} is VALID [2022-02-20 18:03:35,412 INFO L290 TraceCheckUtils]: 52: Hoare triple {17088#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {17088#false} is VALID [2022-02-20 18:03:35,412 INFO L290 TraceCheckUtils]: 53: Hoare triple {17088#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {17088#false} is VALID [2022-02-20 18:03:35,413 INFO L290 TraceCheckUtils]: 54: Hoare triple {17088#false} assume !false; {17088#false} is VALID [2022-02-20 18:03:35,413 INFO L290 TraceCheckUtils]: 55: Hoare triple {17088#false} assume !(test_~splverifierCounter~0#1 < 4); {17088#false} is VALID [2022-02-20 18:03:35,413 INFO L290 TraceCheckUtils]: 56: Hoare triple {17088#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {17088#false} is VALID [2022-02-20 18:03:35,413 INFO L272 TraceCheckUtils]: 57: Hoare triple {17088#false} call sendEmail(~bob~0, ~rjh~0); {17088#false} is VALID [2022-02-20 18:03:35,413 INFO L290 TraceCheckUtils]: 58: Hoare triple {17088#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17088#false} is VALID [2022-02-20 18:03:35,413 INFO L272 TraceCheckUtils]: 59: Hoare triple {17088#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17145#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:35,413 INFO L290 TraceCheckUtils]: 60: Hoare triple {17145#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,414 INFO L290 TraceCheckUtils]: 61: Hoare triple {17087#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,414 INFO L290 TraceCheckUtils]: 62: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,414 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {17087#true} {17088#false} #921#return; {17088#false} is VALID [2022-02-20 18:03:35,414 INFO L272 TraceCheckUtils]: 64: Hoare triple {17088#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17146#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:35,414 INFO L290 TraceCheckUtils]: 65: Hoare triple {17146#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,414 INFO L290 TraceCheckUtils]: 66: Hoare triple {17087#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,414 INFO L290 TraceCheckUtils]: 67: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,415 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {17087#true} {17088#false} #923#return; {17088#false} is VALID [2022-02-20 18:03:35,415 INFO L290 TraceCheckUtils]: 69: Hoare triple {17088#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {17088#false} is VALID [2022-02-20 18:03:35,415 INFO L290 TraceCheckUtils]: 70: Hoare triple {17088#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {17088#false} is VALID [2022-02-20 18:03:35,415 INFO L272 TraceCheckUtils]: 71: Hoare triple {17088#false} call outgoing(~sender#1, ~email~0#1); {17088#false} is VALID [2022-02-20 18:03:35,415 INFO L290 TraceCheckUtils]: 72: Hoare triple {17088#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {17088#false} is VALID [2022-02-20 18:03:35,415 INFO L272 TraceCheckUtils]: 73: Hoare triple {17088#false} call #t~ret85#1 := getEmailTo(~msg#1); {17087#true} is VALID [2022-02-20 18:03:35,415 INFO L290 TraceCheckUtils]: 74: Hoare triple {17087#true} ~handle := #in~handle;havoc ~retValue_acc~28; {17087#true} is VALID [2022-02-20 18:03:35,416 INFO L290 TraceCheckUtils]: 75: Hoare triple {17087#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {17087#true} is VALID [2022-02-20 18:03:35,416 INFO L290 TraceCheckUtils]: 76: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,416 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {17087#true} {17088#false} #881#return; {17088#false} is VALID [2022-02-20 18:03:35,416 INFO L290 TraceCheckUtils]: 78: Hoare triple {17088#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {17088#false} is VALID [2022-02-20 18:03:35,416 INFO L290 TraceCheckUtils]: 79: Hoare triple {17088#false} assume 1 == findPublicKey_~handle#1; {17088#false} is VALID [2022-02-20 18:03:35,416 INFO L290 TraceCheckUtils]: 80: Hoare triple {17088#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {17088#false} is VALID [2022-02-20 18:03:35,416 INFO L290 TraceCheckUtils]: 81: Hoare triple {17088#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {17088#false} is VALID [2022-02-20 18:03:35,417 INFO L290 TraceCheckUtils]: 82: Hoare triple {17088#false} assume !(0 != ~pubkey~0#1); {17088#false} is VALID [2022-02-20 18:03:35,417 INFO L290 TraceCheckUtils]: 83: Hoare triple {17088#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {17088#false} is VALID [2022-02-20 18:03:35,417 INFO L290 TraceCheckUtils]: 84: Hoare triple {17088#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {17088#false} is VALID [2022-02-20 18:03:35,417 INFO L290 TraceCheckUtils]: 85: Hoare triple {17088#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {17088#false} is VALID [2022-02-20 18:03:35,417 INFO L272 TraceCheckUtils]: 86: Hoare triple {17088#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {17145#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:35,417 INFO L290 TraceCheckUtils]: 87: Hoare triple {17145#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17087#true} is VALID [2022-02-20 18:03:35,417 INFO L290 TraceCheckUtils]: 88: Hoare triple {17087#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17087#true} is VALID [2022-02-20 18:03:35,417 INFO L290 TraceCheckUtils]: 89: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,418 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {17087#true} {17088#false} #887#return; {17088#false} is VALID [2022-02-20 18:03:35,418 INFO L290 TraceCheckUtils]: 91: Hoare triple {17088#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {17088#false} is VALID [2022-02-20 18:03:35,418 INFO L290 TraceCheckUtils]: 92: Hoare triple {17088#false} assume 0 != ~in_encrypted~0; {17088#false} is VALID [2022-02-20 18:03:35,418 INFO L272 TraceCheckUtils]: 93: Hoare triple {17088#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {17087#true} is VALID [2022-02-20 18:03:35,418 INFO L290 TraceCheckUtils]: 94: Hoare triple {17087#true} ~handle := #in~handle;havoc ~retValue_acc~31; {17087#true} is VALID [2022-02-20 18:03:35,418 INFO L290 TraceCheckUtils]: 95: Hoare triple {17087#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {17087#true} is VALID [2022-02-20 18:03:35,418 INFO L290 TraceCheckUtils]: 96: Hoare triple {17087#true} assume true; {17087#true} is VALID [2022-02-20 18:03:35,419 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {17087#true} {17088#false} #889#return; {17088#false} is VALID [2022-02-20 18:03:35,419 INFO L290 TraceCheckUtils]: 98: Hoare triple {17088#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {17088#false} is VALID [2022-02-20 18:03:35,419 INFO L290 TraceCheckUtils]: 99: Hoare triple {17088#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {17088#false} is VALID [2022-02-20 18:03:35,419 INFO L290 TraceCheckUtils]: 100: Hoare triple {17088#false} assume !false; {17088#false} is VALID [2022-02-20 18:03:35,419 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:03:35,420 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:35,420 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1414068140] [2022-02-20 18:03:35,420 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1414068140] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:35,420 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:35,420 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:03:35,420 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [252029510] [2022-02-20 18:03:35,421 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:35,421 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.2727272727272725) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) Word has length 101 [2022-02-20 18:03:35,421 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:35,422 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.2727272727272725) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:35,486 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:35,486 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:03:35,486 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:35,488 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:03:35,488 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:35,488 INFO L87 Difference]: Start difference. First operand 349 states and 537 transitions. Second operand has 12 states, 11 states have (on average 6.2727272727272725) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:43,735 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:43,735 INFO L93 Difference]: Finished difference Result 819 states and 1259 transitions. [2022-02-20 18:03:43,735 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:03:43,735 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.2727272727272725) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) Word has length 101 [2022-02-20 18:03:43,736 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:43,736 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.2727272727272725) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:43,745 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1077 transitions. [2022-02-20 18:03:43,746 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.2727272727272725) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:43,755 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1077 transitions. [2022-02-20 18:03:43,755 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1077 transitions. [2022-02-20 18:03:44,661 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1077 edges. 1077 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:44,678 INFO L225 Difference]: With dead ends: 819 [2022-02-20 18:03:44,678 INFO L226 Difference]: Without dead ends: 497 [2022-02-20 18:03:44,680 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 47 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:03:44,680 INFO L933 BasicCegarLoop]: 544 mSDtfsCounter, 1130 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 3384 mSolverCounterSat, 418 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1130 SdHoareTripleChecker+Valid, 1676 SdHoareTripleChecker+Invalid, 3802 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 418 IncrementalHoareTripleChecker+Valid, 3384 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:44,680 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1130 Valid, 1676 Invalid, 3802 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [418 Valid, 3384 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 18:03:44,681 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 497 states. [2022-02-20 18:03:44,769 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 497 to 349. [2022-02-20 18:03:44,769 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:44,770 INFO L82 GeneralOperation]: Start isEquivalent. First operand 497 states. Second operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) [2022-02-20 18:03:44,771 INFO L74 IsIncluded]: Start isIncluded. First operand 497 states. Second operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) [2022-02-20 18:03:44,772 INFO L87 Difference]: Start difference. First operand 497 states. Second operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) [2022-02-20 18:03:44,788 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:44,788 INFO L93 Difference]: Finished difference Result 497 states and 759 transitions. [2022-02-20 18:03:44,788 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 759 transitions. [2022-02-20 18:03:44,791 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:44,791 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:44,793 INFO L74 IsIncluded]: Start isIncluded. First operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) Second operand 497 states. [2022-02-20 18:03:44,794 INFO L87 Difference]: Start difference. First operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) Second operand 497 states. [2022-02-20 18:03:44,812 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:44,812 INFO L93 Difference]: Finished difference Result 497 states and 759 transitions. [2022-02-20 18:03:44,812 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 759 transitions. [2022-02-20 18:03:44,815 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:44,815 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:44,815 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:44,815 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:44,816 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 349 states, 273 states have (on average 1.531135531135531) internal successors, (418), 279 states have internal predecessors, (418), 56 states have call successors, (56), 16 states have call predecessors, (56), 19 states have return successors, (62), 55 states have call predecessors, (62), 55 states have call successors, (62) [2022-02-20 18:03:44,827 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 349 states to 349 states and 536 transitions. [2022-02-20 18:03:44,827 INFO L78 Accepts]: Start accepts. Automaton has 349 states and 536 transitions. Word has length 101 [2022-02-20 18:03:44,827 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:44,827 INFO L470 AbstractCegarLoop]: Abstraction has 349 states and 536 transitions. [2022-02-20 18:03:44,828 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.2727272727272725) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:44,828 INFO L276 IsEmpty]: Start isEmpty. Operand 349 states and 536 transitions. [2022-02-20 18:03:44,829 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 18:03:44,829 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:44,830 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:44,830 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:03:44,830 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:44,830 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:44,830 INFO L85 PathProgramCache]: Analyzing trace with hash 400437826, now seen corresponding path program 2 times [2022-02-20 18:03:44,831 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:44,831 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [450762702] [2022-02-20 18:03:44,831 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:44,831 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:44,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,901 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:44,902 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,905 INFO L290 TraceCheckUtils]: 0: Hoare triple {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:44,905 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:44,905 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:44,905 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19844#true} {19844#true} #927#return; {19844#true} is VALID [2022-02-20 18:03:44,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:44,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:44,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:44,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:44,915 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19844#true} {19844#true} #929#return; {19844#true} is VALID [2022-02-20 18:03:44,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:44,916 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,918 INFO L290 TraceCheckUtils]: 0: Hoare triple {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:44,918 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume !(1 == ~handle); {19844#true} is VALID [2022-02-20 18:03:44,918 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:44,918 INFO L290 TraceCheckUtils]: 3: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:44,918 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19844#true} {19844#true} #931#return; {19844#true} is VALID [2022-02-20 18:03:44,918 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:44,919 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:44,921 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume !(1 == ~handle); {19844#true} is VALID [2022-02-20 18:03:44,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:44,921 INFO L290 TraceCheckUtils]: 3: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:44,922 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19844#true} {19844#true} #933#return; {19844#true} is VALID [2022-02-20 18:03:44,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:44,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19899#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {19899#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19899#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,947 INFO L290 TraceCheckUtils]: 2: Hoare triple {19899#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19899#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,947 INFO L290 TraceCheckUtils]: 3: Hoare triple {19899#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19900#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,947 INFO L290 TraceCheckUtils]: 4: Hoare triple {19900#(= 3 |setClientId_#in~handle|)} assume true; {19900#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,948 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19900#(= 3 |setClientId_#in~handle|)} {19864#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #935#return; {19871#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:44,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:03:44,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19901#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:44,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {19901#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {19901#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:44,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {19901#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19902#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:44,967 INFO L290 TraceCheckUtils]: 3: Hoare triple {19902#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {19902#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:44,968 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19902#(= 2 |setClientPrivateKey_#in~handle|)} {19871#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #937#return; {19845#false} is VALID [2022-02-20 18:03:44,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:03:44,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {19903#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:44,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:44,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:44,979 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19844#true} {19845#false} #921#return; {19845#false} is VALID [2022-02-20 18:03:44,988 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:03:44,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {19904#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:44,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:44,991 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:44,991 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19844#true} {19845#false} #923#return; {19845#false} is VALID [2022-02-20 18:03:44,992 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:03:44,992 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {19844#true} ~handle := #in~handle;havoc ~retValue_acc~28; {19844#true} is VALID [2022-02-20 18:03:44,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {19844#true} is VALID [2022-02-20 18:03:44,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:44,994 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19844#true} {19845#false} #881#return; {19845#false} is VALID [2022-02-20 18:03:44,994 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:03:44,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,996 INFO L290 TraceCheckUtils]: 0: Hoare triple {19903#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:44,996 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:44,997 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:44,997 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19844#true} {19845#false} #887#return; {19845#false} is VALID [2022-02-20 18:03:44,997 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:03:44,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:45,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {19844#true} ~handle := #in~handle;havoc ~retValue_acc~31; {19844#true} is VALID [2022-02-20 18:03:45,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {19844#true} is VALID [2022-02-20 18:03:45,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,001 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19844#true} {19845#false} #889#return; {19845#false} is VALID [2022-02-20 18:03:45,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {19844#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {19844#true} is VALID [2022-02-20 18:03:45,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {19844#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {19844#true} is VALID [2022-02-20 18:03:45,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {19844#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19844#true} is VALID [2022-02-20 18:03:45,002 INFO L290 TraceCheckUtils]: 3: Hoare triple {19844#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {19844#true} is VALID [2022-02-20 18:03:45,002 INFO L290 TraceCheckUtils]: 4: Hoare triple {19844#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {19844#true} is VALID [2022-02-20 18:03:45,002 INFO L290 TraceCheckUtils]: 5: Hoare triple {19844#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19844#true} is VALID [2022-02-20 18:03:45,003 INFO L272 TraceCheckUtils]: 6: Hoare triple {19844#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,003 INFO L290 TraceCheckUtils]: 7: Hoare triple {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:45,003 INFO L290 TraceCheckUtils]: 8: Hoare triple {19844#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:45,003 INFO L290 TraceCheckUtils]: 9: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,003 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19844#true} {19844#true} #927#return; {19844#true} is VALID [2022-02-20 18:03:45,004 INFO L290 TraceCheckUtils]: 11: Hoare triple {19844#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19844#true} is VALID [2022-02-20 18:03:45,004 INFO L272 TraceCheckUtils]: 12: Hoare triple {19844#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:45,004 INFO L290 TraceCheckUtils]: 13: Hoare triple {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:45,004 INFO L290 TraceCheckUtils]: 14: Hoare triple {19844#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:45,005 INFO L290 TraceCheckUtils]: 15: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,005 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19844#true} {19844#true} #929#return; {19844#true} is VALID [2022-02-20 18:03:45,005 INFO L290 TraceCheckUtils]: 17: Hoare triple {19844#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19844#true} is VALID [2022-02-20 18:03:45,005 INFO L272 TraceCheckUtils]: 18: Hoare triple {19844#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,006 INFO L290 TraceCheckUtils]: 19: Hoare triple {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:45,006 INFO L290 TraceCheckUtils]: 20: Hoare triple {19844#true} assume !(1 == ~handle); {19844#true} is VALID [2022-02-20 18:03:45,006 INFO L290 TraceCheckUtils]: 21: Hoare triple {19844#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:45,006 INFO L290 TraceCheckUtils]: 22: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,006 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19844#true} {19844#true} #931#return; {19844#true} is VALID [2022-02-20 18:03:45,006 INFO L290 TraceCheckUtils]: 24: Hoare triple {19844#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19844#true} is VALID [2022-02-20 18:03:45,007 INFO L272 TraceCheckUtils]: 25: Hoare triple {19844#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:45,007 INFO L290 TraceCheckUtils]: 26: Hoare triple {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:45,007 INFO L290 TraceCheckUtils]: 27: Hoare triple {19844#true} assume !(1 == ~handle); {19844#true} is VALID [2022-02-20 18:03:45,007 INFO L290 TraceCheckUtils]: 28: Hoare triple {19844#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:45,007 INFO L290 TraceCheckUtils]: 29: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,008 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19844#true} {19844#true} #933#return; {19844#true} is VALID [2022-02-20 18:03:45,008 INFO L290 TraceCheckUtils]: 31: Hoare triple {19844#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19864#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:45,009 INFO L272 TraceCheckUtils]: 32: Hoare triple {19864#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:45,009 INFO L290 TraceCheckUtils]: 33: Hoare triple {19897#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19899#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:45,009 INFO L290 TraceCheckUtils]: 34: Hoare triple {19899#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19899#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:45,010 INFO L290 TraceCheckUtils]: 35: Hoare triple {19899#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19899#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:45,010 INFO L290 TraceCheckUtils]: 36: Hoare triple {19899#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19900#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:45,010 INFO L290 TraceCheckUtils]: 37: Hoare triple {19900#(= 3 |setClientId_#in~handle|)} assume true; {19900#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:45,011 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {19900#(= 3 |setClientId_#in~handle|)} {19864#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #935#return; {19871#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:45,011 INFO L290 TraceCheckUtils]: 39: Hoare triple {19871#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {19871#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:03:45,012 INFO L272 TraceCheckUtils]: 40: Hoare triple {19871#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:45,012 INFO L290 TraceCheckUtils]: 41: Hoare triple {19898#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19901#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:45,013 INFO L290 TraceCheckUtils]: 42: Hoare triple {19901#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {19901#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:45,013 INFO L290 TraceCheckUtils]: 43: Hoare triple {19901#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19902#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:45,013 INFO L290 TraceCheckUtils]: 44: Hoare triple {19902#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {19902#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:45,014 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {19902#(= 2 |setClientPrivateKey_#in~handle|)} {19871#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #937#return; {19845#false} is VALID [2022-02-20 18:03:45,014 INFO L290 TraceCheckUtils]: 46: Hoare triple {19845#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {19845#false} is VALID [2022-02-20 18:03:45,014 INFO L290 TraceCheckUtils]: 47: Hoare triple {19845#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19845#false} is VALID [2022-02-20 18:03:45,014 INFO L290 TraceCheckUtils]: 48: Hoare triple {19845#false} assume !false; {19845#false} is VALID [2022-02-20 18:03:45,014 INFO L290 TraceCheckUtils]: 49: Hoare triple {19845#false} assume test_~splverifierCounter~0#1 < 4; {19845#false} is VALID [2022-02-20 18:03:45,015 INFO L290 TraceCheckUtils]: 50: Hoare triple {19845#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19845#false} is VALID [2022-02-20 18:03:45,015 INFO L290 TraceCheckUtils]: 51: Hoare triple {19845#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {19845#false} is VALID [2022-02-20 18:03:45,015 INFO L290 TraceCheckUtils]: 52: Hoare triple {19845#false} assume !(0 != test_~tmp___9~0#1); {19845#false} is VALID [2022-02-20 18:03:45,015 INFO L290 TraceCheckUtils]: 53: Hoare triple {19845#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {19845#false} is VALID [2022-02-20 18:03:45,015 INFO L290 TraceCheckUtils]: 54: Hoare triple {19845#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {19845#false} is VALID [2022-02-20 18:03:45,015 INFO L290 TraceCheckUtils]: 55: Hoare triple {19845#false} assume !false; {19845#false} is VALID [2022-02-20 18:03:45,015 INFO L290 TraceCheckUtils]: 56: Hoare triple {19845#false} assume !(test_~splverifierCounter~0#1 < 4); {19845#false} is VALID [2022-02-20 18:03:45,016 INFO L290 TraceCheckUtils]: 57: Hoare triple {19845#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {19845#false} is VALID [2022-02-20 18:03:45,016 INFO L272 TraceCheckUtils]: 58: Hoare triple {19845#false} call sendEmail(~bob~0, ~rjh~0); {19845#false} is VALID [2022-02-20 18:03:45,016 INFO L290 TraceCheckUtils]: 59: Hoare triple {19845#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19845#false} is VALID [2022-02-20 18:03:45,016 INFO L272 TraceCheckUtils]: 60: Hoare triple {19845#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19903#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:45,016 INFO L290 TraceCheckUtils]: 61: Hoare triple {19903#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:45,016 INFO L290 TraceCheckUtils]: 62: Hoare triple {19844#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:45,016 INFO L290 TraceCheckUtils]: 63: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,017 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {19844#true} {19845#false} #921#return; {19845#false} is VALID [2022-02-20 18:03:45,017 INFO L272 TraceCheckUtils]: 65: Hoare triple {19845#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19904#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:45,017 INFO L290 TraceCheckUtils]: 66: Hoare triple {19904#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:45,017 INFO L290 TraceCheckUtils]: 67: Hoare triple {19844#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:45,017 INFO L290 TraceCheckUtils]: 68: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,017 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {19844#true} {19845#false} #923#return; {19845#false} is VALID [2022-02-20 18:03:45,017 INFO L290 TraceCheckUtils]: 70: Hoare triple {19845#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {19845#false} is VALID [2022-02-20 18:03:45,018 INFO L290 TraceCheckUtils]: 71: Hoare triple {19845#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {19845#false} is VALID [2022-02-20 18:03:45,018 INFO L272 TraceCheckUtils]: 72: Hoare triple {19845#false} call outgoing(~sender#1, ~email~0#1); {19845#false} is VALID [2022-02-20 18:03:45,018 INFO L290 TraceCheckUtils]: 73: Hoare triple {19845#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {19845#false} is VALID [2022-02-20 18:03:45,018 INFO L272 TraceCheckUtils]: 74: Hoare triple {19845#false} call #t~ret85#1 := getEmailTo(~msg#1); {19844#true} is VALID [2022-02-20 18:03:45,018 INFO L290 TraceCheckUtils]: 75: Hoare triple {19844#true} ~handle := #in~handle;havoc ~retValue_acc~28; {19844#true} is VALID [2022-02-20 18:03:45,018 INFO L290 TraceCheckUtils]: 76: Hoare triple {19844#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {19844#true} is VALID [2022-02-20 18:03:45,018 INFO L290 TraceCheckUtils]: 77: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,018 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {19844#true} {19845#false} #881#return; {19845#false} is VALID [2022-02-20 18:03:45,019 INFO L290 TraceCheckUtils]: 79: Hoare triple {19845#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {19845#false} is VALID [2022-02-20 18:03:45,019 INFO L290 TraceCheckUtils]: 80: Hoare triple {19845#false} assume 1 == findPublicKey_~handle#1; {19845#false} is VALID [2022-02-20 18:03:45,019 INFO L290 TraceCheckUtils]: 81: Hoare triple {19845#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {19845#false} is VALID [2022-02-20 18:03:45,019 INFO L290 TraceCheckUtils]: 82: Hoare triple {19845#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {19845#false} is VALID [2022-02-20 18:03:45,019 INFO L290 TraceCheckUtils]: 83: Hoare triple {19845#false} assume !(0 != ~pubkey~0#1); {19845#false} is VALID [2022-02-20 18:03:45,019 INFO L290 TraceCheckUtils]: 84: Hoare triple {19845#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {19845#false} is VALID [2022-02-20 18:03:45,019 INFO L290 TraceCheckUtils]: 85: Hoare triple {19845#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {19845#false} is VALID [2022-02-20 18:03:45,020 INFO L290 TraceCheckUtils]: 86: Hoare triple {19845#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {19845#false} is VALID [2022-02-20 18:03:45,020 INFO L272 TraceCheckUtils]: 87: Hoare triple {19845#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {19903#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:45,020 INFO L290 TraceCheckUtils]: 88: Hoare triple {19903#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19844#true} is VALID [2022-02-20 18:03:45,020 INFO L290 TraceCheckUtils]: 89: Hoare triple {19844#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19844#true} is VALID [2022-02-20 18:03:45,020 INFO L290 TraceCheckUtils]: 90: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,020 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {19844#true} {19845#false} #887#return; {19845#false} is VALID [2022-02-20 18:03:45,020 INFO L290 TraceCheckUtils]: 92: Hoare triple {19845#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {19845#false} is VALID [2022-02-20 18:03:45,020 INFO L290 TraceCheckUtils]: 93: Hoare triple {19845#false} assume 0 != ~in_encrypted~0; {19845#false} is VALID [2022-02-20 18:03:45,021 INFO L272 TraceCheckUtils]: 94: Hoare triple {19845#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {19844#true} is VALID [2022-02-20 18:03:45,021 INFO L290 TraceCheckUtils]: 95: Hoare triple {19844#true} ~handle := #in~handle;havoc ~retValue_acc~31; {19844#true} is VALID [2022-02-20 18:03:45,021 INFO L290 TraceCheckUtils]: 96: Hoare triple {19844#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {19844#true} is VALID [2022-02-20 18:03:45,021 INFO L290 TraceCheckUtils]: 97: Hoare triple {19844#true} assume true; {19844#true} is VALID [2022-02-20 18:03:45,021 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {19844#true} {19845#false} #889#return; {19845#false} is VALID [2022-02-20 18:03:45,021 INFO L290 TraceCheckUtils]: 99: Hoare triple {19845#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {19845#false} is VALID [2022-02-20 18:03:45,021 INFO L290 TraceCheckUtils]: 100: Hoare triple {19845#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {19845#false} is VALID [2022-02-20 18:03:45,022 INFO L290 TraceCheckUtils]: 101: Hoare triple {19845#false} assume !false; {19845#false} is VALID [2022-02-20 18:03:45,022 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:03:45,022 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:45,022 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [450762702] [2022-02-20 18:03:45,022 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [450762702] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:45,023 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:45,023 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:03:45,023 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1761723978] [2022-02-20 18:03:45,023 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:45,024 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) Word has length 102 [2022-02-20 18:03:45,024 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:45,024 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:45,090 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 94 edges. 94 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:45,091 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:03:45,091 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:45,091 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:03:45,092 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:45,092 INFO L87 Difference]: Start difference. First operand 349 states and 536 transitions. Second operand has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:53,492 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:53,492 INFO L93 Difference]: Finished difference Result 821 states and 1265 transitions. [2022-02-20 18:03:53,493 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:03:53,493 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) Word has length 102 [2022-02-20 18:03:53,493 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:53,493 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:53,501 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1078 transitions. [2022-02-20 18:03:53,501 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:53,510 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1078 transitions. [2022-02-20 18:03:53,510 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1078 transitions. [2022-02-20 18:03:54,408 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1078 edges. 1078 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:54,422 INFO L225 Difference]: With dead ends: 821 [2022-02-20 18:03:54,423 INFO L226 Difference]: Without dead ends: 499 [2022-02-20 18:03:54,424 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 47 GetRequests, 25 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:03:54,424 INFO L933 BasicCegarLoop]: 545 mSDtfsCounter, 1125 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 3426 mSolverCounterSat, 408 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1125 SdHoareTripleChecker+Valid, 1677 SdHoareTripleChecker+Invalid, 3834 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 408 IncrementalHoareTripleChecker+Valid, 3426 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:54,425 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1125 Valid, 1677 Invalid, 3834 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [408 Valid, 3426 Invalid, 0 Unknown, 0 Unchecked, 3.9s Time] [2022-02-20 18:03:54,425 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 499 states. [2022-02-20 18:03:54,524 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 499 to 351. [2022-02-20 18:03:54,524 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:54,525 INFO L82 GeneralOperation]: Start isEquivalent. First operand 499 states. Second operand has 351 states, 274 states have (on average 1.5291970802919708) internal successors, (419), 281 states have internal predecessors, (419), 56 states have call successors, (56), 16 states have call predecessors, (56), 20 states have return successors, (67), 55 states have call predecessors, (67), 55 states have call successors, (67) [2022-02-20 18:03:54,526 INFO L74 IsIncluded]: Start isIncluded. First operand 499 states. Second operand has 351 states, 274 states have (on average 1.5291970802919708) internal successors, (419), 281 states have internal predecessors, (419), 56 states have call successors, (56), 16 states have call predecessors, (56), 20 states have return successors, (67), 55 states have call predecessors, (67), 55 states have call successors, (67) [2022-02-20 18:03:54,526 INFO L87 Difference]: Start difference. First operand 499 states. Second operand has 351 states, 274 states have (on average 1.5291970802919708) internal successors, (419), 281 states have internal predecessors, (419), 56 states have call successors, (56), 16 states have call predecessors, (56), 20 states have return successors, (67), 55 states have call predecessors, (67), 55 states have call successors, (67) [2022-02-20 18:03:54,544 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:54,544 INFO L93 Difference]: Finished difference Result 499 states and 765 transitions. [2022-02-20 18:03:54,544 INFO L276 IsEmpty]: Start isEmpty. Operand 499 states and 765 transitions. [2022-02-20 18:03:54,547 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:54,547 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:54,548 INFO L74 IsIncluded]: Start isIncluded. First operand has 351 states, 274 states have (on average 1.5291970802919708) internal successors, (419), 281 states have internal predecessors, (419), 56 states have call successors, (56), 16 states have call predecessors, (56), 20 states have return successors, (67), 55 states have call predecessors, (67), 55 states have call successors, (67) Second operand 499 states. [2022-02-20 18:03:54,548 INFO L87 Difference]: Start difference. First operand has 351 states, 274 states have (on average 1.5291970802919708) internal successors, (419), 281 states have internal predecessors, (419), 56 states have call successors, (56), 16 states have call predecessors, (56), 20 states have return successors, (67), 55 states have call predecessors, (67), 55 states have call successors, (67) Second operand 499 states. [2022-02-20 18:03:54,566 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:54,567 INFO L93 Difference]: Finished difference Result 499 states and 765 transitions. [2022-02-20 18:03:54,567 INFO L276 IsEmpty]: Start isEmpty. Operand 499 states and 765 transitions. [2022-02-20 18:03:54,569 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:54,569 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:54,569 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:54,569 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:54,570 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 351 states, 274 states have (on average 1.5291970802919708) internal successors, (419), 281 states have internal predecessors, (419), 56 states have call successors, (56), 16 states have call predecessors, (56), 20 states have return successors, (67), 55 states have call predecessors, (67), 55 states have call successors, (67) [2022-02-20 18:03:54,581 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 351 states to 351 states and 542 transitions. [2022-02-20 18:03:54,581 INFO L78 Accepts]: Start accepts. Automaton has 351 states and 542 transitions. Word has length 102 [2022-02-20 18:03:54,582 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:54,582 INFO L470 AbstractCegarLoop]: Abstraction has 351 states and 542 transitions. [2022-02-20 18:03:54,582 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.363636363636363) internal successors, (70), 8 states have internal predecessors, (70), 4 states have call successors, (13), 6 states have call predecessors, (13), 3 states have return successors, (11), 3 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 18:03:54,582 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 542 transitions. [2022-02-20 18:03:54,584 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 104 [2022-02-20 18:03:54,584 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:54,584 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:54,584 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:03:54,584 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:54,585 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:54,585 INFO L85 PathProgramCache]: Analyzing trace with hash -1821386649, now seen corresponding path program 1 times [2022-02-20 18:03:54,585 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:54,585 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1695143762] [2022-02-20 18:03:54,585 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:54,585 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:54,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,660 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:54,661 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,663 INFO L290 TraceCheckUtils]: 0: Hoare triple {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,664 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,664 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,664 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22610#true} {22610#true} #927#return; {22610#true} is VALID [2022-02-20 18:03:54,670 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:54,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,675 INFO L290 TraceCheckUtils]: 0: Hoare triple {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,676 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,676 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,676 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22610#true} {22610#true} #929#return; {22610#true} is VALID [2022-02-20 18:03:54,676 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:54,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,680 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,680 INFO L290 TraceCheckUtils]: 3: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,680 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22610#true} {22610#true} #931#return; {22610#true} is VALID [2022-02-20 18:03:54,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:54,683 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,685 INFO L290 TraceCheckUtils]: 0: Hoare triple {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,685 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,685 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,686 INFO L290 TraceCheckUtils]: 3: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,686 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22610#true} {22610#true} #933#return; {22610#true} is VALID [2022-02-20 18:03:54,686 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:54,687 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,689 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume !(2 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,690 INFO L290 TraceCheckUtils]: 3: Hoare triple {22610#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,690 INFO L290 TraceCheckUtils]: 4: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,690 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22610#true} {22610#true} #935#return; {22610#true} is VALID [2022-02-20 18:03:54,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:03:54,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,693 INFO L290 TraceCheckUtils]: 0: Hoare triple {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,693 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,694 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume !(2 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,694 INFO L290 TraceCheckUtils]: 3: Hoare triple {22610#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,694 INFO L290 TraceCheckUtils]: 4: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,694 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22610#true} {22610#true} #937#return; {22610#true} is VALID [2022-02-20 18:03:54,700 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:03:54,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {22666#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,704 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22610#true} {22611#false} #921#return; {22611#false} is VALID [2022-02-20 18:03:54,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:03:54,710 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,712 INFO L290 TraceCheckUtils]: 0: Hoare triple {22667#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,712 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,712 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,712 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22610#true} {22611#false} #923#return; {22611#false} is VALID [2022-02-20 18:03:54,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:03:54,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,730 INFO L290 TraceCheckUtils]: 0: Hoare triple {22610#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22610#true} is VALID [2022-02-20 18:03:54,730 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {22610#true} is VALID [2022-02-20 18:03:54,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,730 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22610#true} {22611#false} #881#return; {22611#false} is VALID [2022-02-20 18:03:54,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 18:03:54,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {22666#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,734 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,734 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,734 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22610#true} {22611#false} #887#return; {22611#false} is VALID [2022-02-20 18:03:54,734 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:03:54,735 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {22610#true} ~handle := #in~handle;havoc ~retValue_acc~31; {22610#true} is VALID [2022-02-20 18:03:54,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {22610#true} is VALID [2022-02-20 18:03:54,736 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,737 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22610#true} {22611#false} #889#return; {22611#false} is VALID [2022-02-20 18:03:54,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {22610#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {22610#true} is VALID [2022-02-20 18:03:54,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {22610#true} is VALID [2022-02-20 18:03:54,737 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22610#true} is VALID [2022-02-20 18:03:54,737 INFO L290 TraceCheckUtils]: 3: Hoare triple {22610#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {22610#true} is VALID [2022-02-20 18:03:54,737 INFO L290 TraceCheckUtils]: 4: Hoare triple {22610#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {22610#true} is VALID [2022-02-20 18:03:54,737 INFO L290 TraceCheckUtils]: 5: Hoare triple {22610#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22610#true} is VALID [2022-02-20 18:03:54,738 INFO L272 TraceCheckUtils]: 6: Hoare triple {22610#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,738 INFO L290 TraceCheckUtils]: 7: Hoare triple {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,738 INFO L290 TraceCheckUtils]: 8: Hoare triple {22610#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,738 INFO L290 TraceCheckUtils]: 9: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,738 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22610#true} {22610#true} #927#return; {22610#true} is VALID [2022-02-20 18:03:54,738 INFO L290 TraceCheckUtils]: 11: Hoare triple {22610#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:54,739 INFO L272 TraceCheckUtils]: 12: Hoare triple {22610#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:54,739 INFO L290 TraceCheckUtils]: 13: Hoare triple {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,739 INFO L290 TraceCheckUtils]: 14: Hoare triple {22610#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,739 INFO L290 TraceCheckUtils]: 15: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,739 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22610#true} {22610#true} #929#return; {22610#true} is VALID [2022-02-20 18:03:54,739 INFO L290 TraceCheckUtils]: 17: Hoare triple {22610#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22610#true} is VALID [2022-02-20 18:03:54,740 INFO L272 TraceCheckUtils]: 18: Hoare triple {22610#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,740 INFO L290 TraceCheckUtils]: 19: Hoare triple {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,740 INFO L290 TraceCheckUtils]: 20: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,740 INFO L290 TraceCheckUtils]: 21: Hoare triple {22610#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,740 INFO L290 TraceCheckUtils]: 22: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,740 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22610#true} {22610#true} #931#return; {22610#true} is VALID [2022-02-20 18:03:54,740 INFO L290 TraceCheckUtils]: 24: Hoare triple {22610#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:54,741 INFO L272 TraceCheckUtils]: 25: Hoare triple {22610#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:54,741 INFO L290 TraceCheckUtils]: 26: Hoare triple {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,741 INFO L290 TraceCheckUtils]: 27: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,741 INFO L290 TraceCheckUtils]: 28: Hoare triple {22610#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,741 INFO L290 TraceCheckUtils]: 29: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,741 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22610#true} {22610#true} #933#return; {22610#true} is VALID [2022-02-20 18:03:54,741 INFO L290 TraceCheckUtils]: 31: Hoare triple {22610#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22610#true} is VALID [2022-02-20 18:03:54,742 INFO L272 TraceCheckUtils]: 32: Hoare triple {22610#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:54,742 INFO L290 TraceCheckUtils]: 33: Hoare triple {22664#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,742 INFO L290 TraceCheckUtils]: 34: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,742 INFO L290 TraceCheckUtils]: 35: Hoare triple {22610#true} assume !(2 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,742 INFO L290 TraceCheckUtils]: 36: Hoare triple {22610#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,743 INFO L290 TraceCheckUtils]: 37: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,743 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22610#true} {22610#true} #935#return; {22610#true} is VALID [2022-02-20 18:03:54,743 INFO L290 TraceCheckUtils]: 39: Hoare triple {22610#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:54,743 INFO L272 TraceCheckUtils]: 40: Hoare triple {22610#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:54,743 INFO L290 TraceCheckUtils]: 41: Hoare triple {22665#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,743 INFO L290 TraceCheckUtils]: 42: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,744 INFO L290 TraceCheckUtils]: 43: Hoare triple {22610#true} assume !(2 == ~handle); {22610#true} is VALID [2022-02-20 18:03:54,744 INFO L290 TraceCheckUtils]: 44: Hoare triple {22610#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,744 INFO L290 TraceCheckUtils]: 45: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,744 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22610#true} {22610#true} #937#return; {22610#true} is VALID [2022-02-20 18:03:54,744 INFO L290 TraceCheckUtils]: 47: Hoare triple {22610#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {22610#true} is VALID [2022-02-20 18:03:54,744 INFO L290 TraceCheckUtils]: 48: Hoare triple {22610#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22642#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:54,745 INFO L290 TraceCheckUtils]: 49: Hoare triple {22642#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {22642#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:54,745 INFO L290 TraceCheckUtils]: 50: Hoare triple {22642#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {22642#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:54,745 INFO L290 TraceCheckUtils]: 51: Hoare triple {22642#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:54,745 INFO L290 TraceCheckUtils]: 52: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:54,746 INFO L290 TraceCheckUtils]: 53: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:54,746 INFO L290 TraceCheckUtils]: 54: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:54,746 INFO L290 TraceCheckUtils]: 55: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:54,747 INFO L290 TraceCheckUtils]: 56: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:54,747 INFO L290 TraceCheckUtils]: 57: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {22611#false} is VALID [2022-02-20 18:03:54,747 INFO L290 TraceCheckUtils]: 58: Hoare triple {22611#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {22611#false} is VALID [2022-02-20 18:03:54,747 INFO L272 TraceCheckUtils]: 59: Hoare triple {22611#false} call sendEmail(~bob~0, ~rjh~0); {22611#false} is VALID [2022-02-20 18:03:54,747 INFO L290 TraceCheckUtils]: 60: Hoare triple {22611#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22611#false} is VALID [2022-02-20 18:03:54,747 INFO L272 TraceCheckUtils]: 61: Hoare triple {22611#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22666#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:54,747 INFO L290 TraceCheckUtils]: 62: Hoare triple {22666#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,747 INFO L290 TraceCheckUtils]: 63: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,748 INFO L290 TraceCheckUtils]: 64: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,748 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22610#true} {22611#false} #921#return; {22611#false} is VALID [2022-02-20 18:03:54,748 INFO L272 TraceCheckUtils]: 66: Hoare triple {22611#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22667#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:54,748 INFO L290 TraceCheckUtils]: 67: Hoare triple {22667#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,748 INFO L290 TraceCheckUtils]: 68: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,748 INFO L290 TraceCheckUtils]: 69: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,748 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {22610#true} {22611#false} #923#return; {22611#false} is VALID [2022-02-20 18:03:54,748 INFO L290 TraceCheckUtils]: 71: Hoare triple {22611#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {22611#false} is VALID [2022-02-20 18:03:54,748 INFO L290 TraceCheckUtils]: 72: Hoare triple {22611#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {22611#false} is VALID [2022-02-20 18:03:54,748 INFO L272 TraceCheckUtils]: 73: Hoare triple {22611#false} call outgoing(~sender#1, ~email~0#1); {22611#false} is VALID [2022-02-20 18:03:54,748 INFO L290 TraceCheckUtils]: 74: Hoare triple {22611#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {22611#false} is VALID [2022-02-20 18:03:54,749 INFO L272 TraceCheckUtils]: 75: Hoare triple {22611#false} call #t~ret85#1 := getEmailTo(~msg#1); {22610#true} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 76: Hoare triple {22610#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22610#true} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 77: Hoare triple {22610#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {22610#true} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 78: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,749 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {22610#true} {22611#false} #881#return; {22611#false} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 80: Hoare triple {22611#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {22611#false} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 81: Hoare triple {22611#false} assume 1 == findPublicKey_~handle#1; {22611#false} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 82: Hoare triple {22611#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {22611#false} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 83: Hoare triple {22611#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {22611#false} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 84: Hoare triple {22611#false} assume !(0 != ~pubkey~0#1); {22611#false} is VALID [2022-02-20 18:03:54,749 INFO L290 TraceCheckUtils]: 85: Hoare triple {22611#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {22611#false} is VALID [2022-02-20 18:03:54,750 INFO L290 TraceCheckUtils]: 86: Hoare triple {22611#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {22611#false} is VALID [2022-02-20 18:03:54,750 INFO L290 TraceCheckUtils]: 87: Hoare triple {22611#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {22611#false} is VALID [2022-02-20 18:03:54,750 INFO L272 TraceCheckUtils]: 88: Hoare triple {22611#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {22666#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:54,750 INFO L290 TraceCheckUtils]: 89: Hoare triple {22666#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:54,750 INFO L290 TraceCheckUtils]: 90: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:54,750 INFO L290 TraceCheckUtils]: 91: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,750 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {22610#true} {22611#false} #887#return; {22611#false} is VALID [2022-02-20 18:03:54,750 INFO L290 TraceCheckUtils]: 93: Hoare triple {22611#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {22611#false} is VALID [2022-02-20 18:03:54,750 INFO L290 TraceCheckUtils]: 94: Hoare triple {22611#false} assume 0 != ~in_encrypted~0; {22611#false} is VALID [2022-02-20 18:03:54,750 INFO L272 TraceCheckUtils]: 95: Hoare triple {22611#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {22610#true} is VALID [2022-02-20 18:03:54,750 INFO L290 TraceCheckUtils]: 96: Hoare triple {22610#true} ~handle := #in~handle;havoc ~retValue_acc~31; {22610#true} is VALID [2022-02-20 18:03:54,751 INFO L290 TraceCheckUtils]: 97: Hoare triple {22610#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {22610#true} is VALID [2022-02-20 18:03:54,751 INFO L290 TraceCheckUtils]: 98: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:54,751 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {22610#true} {22611#false} #889#return; {22611#false} is VALID [2022-02-20 18:03:54,751 INFO L290 TraceCheckUtils]: 100: Hoare triple {22611#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {22611#false} is VALID [2022-02-20 18:03:54,751 INFO L290 TraceCheckUtils]: 101: Hoare triple {22611#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {22611#false} is VALID [2022-02-20 18:03:54,751 INFO L290 TraceCheckUtils]: 102: Hoare triple {22611#false} assume !false; {22611#false} is VALID [2022-02-20 18:03:54,751 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:03:54,751 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:54,752 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1695143762] [2022-02-20 18:03:54,752 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1695143762] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:54,752 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [890865342] [2022-02-20 18:03:54,752 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:54,752 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:54,752 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:54,756 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:54,759 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 18:03:54,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:54,961 INFO L263 TraceCheckSpWp]: Trace formula consists of 986 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:03:55,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:55,002 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:55,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {22610#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {22610#true} is VALID [2022-02-20 18:03:55,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 3: Hoare triple {22610#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 4: Hoare triple {22610#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 5: Hoare triple {22610#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L272 TraceCheckUtils]: 6: Hoare triple {22610#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 7: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 8: Hoare triple {22610#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 9: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22610#true} {22610#true} #927#return; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 11: Hoare triple {22610#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L272 TraceCheckUtils]: 12: Hoare triple {22610#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 13: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,233 INFO L290 TraceCheckUtils]: 14: Hoare triple {22610#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 15: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22610#true} {22610#true} #929#return; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 17: Hoare triple {22610#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L272 TraceCheckUtils]: 18: Hoare triple {22610#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 19: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 20: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 21: Hoare triple {22610#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 22: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22610#true} {22610#true} #931#return; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 24: Hoare triple {22610#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L272 TraceCheckUtils]: 25: Hoare triple {22610#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 26: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 27: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 28: Hoare triple {22610#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 29: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22610#true} {22610#true} #933#return; {22610#true} is VALID [2022-02-20 18:03:55,234 INFO L290 TraceCheckUtils]: 31: Hoare triple {22610#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L272 TraceCheckUtils]: 32: Hoare triple {22610#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 33: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 34: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 35: Hoare triple {22610#true} assume !(2 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 36: Hoare triple {22610#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 37: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22610#true} {22610#true} #935#return; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 39: Hoare triple {22610#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L272 TraceCheckUtils]: 40: Hoare triple {22610#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 41: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 42: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 43: Hoare triple {22610#true} assume !(2 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 44: Hoare triple {22610#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 45: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22610#true} {22610#true} #937#return; {22610#true} is VALID [2022-02-20 18:03:55,235 INFO L290 TraceCheckUtils]: 47: Hoare triple {22610#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {22610#true} is VALID [2022-02-20 18:03:55,236 INFO L290 TraceCheckUtils]: 48: Hoare triple {22610#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22815#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:55,236 INFO L290 TraceCheckUtils]: 49: Hoare triple {22815#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {22815#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:55,236 INFO L290 TraceCheckUtils]: 50: Hoare triple {22815#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {22815#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:55,237 INFO L290 TraceCheckUtils]: 51: Hoare triple {22815#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:55,237 INFO L290 TraceCheckUtils]: 52: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:55,237 INFO L290 TraceCheckUtils]: 53: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:55,238 INFO L290 TraceCheckUtils]: 54: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:55,238 INFO L290 TraceCheckUtils]: 55: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:55,238 INFO L290 TraceCheckUtils]: 56: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 57: Hoare triple {22643#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 58: Hoare triple {22611#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L272 TraceCheckUtils]: 59: Hoare triple {22611#false} call sendEmail(~bob~0, ~rjh~0); {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 60: Hoare triple {22611#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L272 TraceCheckUtils]: 61: Hoare triple {22611#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 62: Hoare triple {22611#false} ~handle := #in~handle;~value := #in~value; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 63: Hoare triple {22611#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 64: Hoare triple {22611#false} assume true; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22611#false} {22611#false} #921#return; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L272 TraceCheckUtils]: 66: Hoare triple {22611#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 67: Hoare triple {22611#false} ~handle := #in~handle;~value := #in~value; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 68: Hoare triple {22611#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L290 TraceCheckUtils]: 69: Hoare triple {22611#false} assume true; {22611#false} is VALID [2022-02-20 18:03:55,239 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {22611#false} {22611#false} #923#return; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 71: Hoare triple {22611#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 72: Hoare triple {22611#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L272 TraceCheckUtils]: 73: Hoare triple {22611#false} call outgoing(~sender#1, ~email~0#1); {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 74: Hoare triple {22611#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L272 TraceCheckUtils]: 75: Hoare triple {22611#false} call #t~ret85#1 := getEmailTo(~msg#1); {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 76: Hoare triple {22611#false} ~handle := #in~handle;havoc ~retValue_acc~28; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 77: Hoare triple {22611#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 78: Hoare triple {22611#false} assume true; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {22611#false} {22611#false} #881#return; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 80: Hoare triple {22611#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 81: Hoare triple {22611#false} assume 1 == findPublicKey_~handle#1; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 82: Hoare triple {22611#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 83: Hoare triple {22611#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {22611#false} is VALID [2022-02-20 18:03:55,240 INFO L290 TraceCheckUtils]: 84: Hoare triple {22611#false} assume !(0 != ~pubkey~0#1); {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 85: Hoare triple {22611#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 86: Hoare triple {22611#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 87: Hoare triple {22611#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L272 TraceCheckUtils]: 88: Hoare triple {22611#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 89: Hoare triple {22611#false} ~handle := #in~handle;~value := #in~value; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 90: Hoare triple {22611#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 91: Hoare triple {22611#false} assume true; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {22611#false} {22611#false} #887#return; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 93: Hoare triple {22611#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 94: Hoare triple {22611#false} assume 0 != ~in_encrypted~0; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L272 TraceCheckUtils]: 95: Hoare triple {22611#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 96: Hoare triple {22611#false} ~handle := #in~handle;havoc ~retValue_acc~31; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 97: Hoare triple {22611#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 98: Hoare triple {22611#false} assume true; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {22611#false} {22611#false} #889#return; {22611#false} is VALID [2022-02-20 18:03:55,241 INFO L290 TraceCheckUtils]: 100: Hoare triple {22611#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {22611#false} is VALID [2022-02-20 18:03:55,242 INFO L290 TraceCheckUtils]: 101: Hoare triple {22611#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {22611#false} is VALID [2022-02-20 18:03:55,242 INFO L290 TraceCheckUtils]: 102: Hoare triple {22611#false} assume !false; {22611#false} is VALID [2022-02-20 18:03:55,242 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:03:55,242 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:03:55,521 INFO L290 TraceCheckUtils]: 102: Hoare triple {22611#false} assume !false; {22611#false} is VALID [2022-02-20 18:03:55,521 INFO L290 TraceCheckUtils]: 101: Hoare triple {22611#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1);assume { :begin_inline___automaton_fail } true; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 100: Hoare triple {22611#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {22610#true} {22611#false} #889#return; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 98: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 97: Hoare triple {22610#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {22610#true} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 96: Hoare triple {22610#true} ~handle := #in~handle;havoc ~retValue_acc~31; {22610#true} is VALID [2022-02-20 18:03:55,522 INFO L272 TraceCheckUtils]: 95: Hoare triple {22611#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {22610#true} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 94: Hoare triple {22611#false} assume 0 != ~in_encrypted~0; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 93: Hoare triple {22611#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~13#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~13#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret68#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~11#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 := puts(32, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret66#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~5#1.offset := 33, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet67#1; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {22610#true} {22611#false} #887#return; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 91: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 90: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 89: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,522 INFO L272 TraceCheckUtils]: 88: Hoare triple {22611#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1); {22610#true} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 87: Hoare triple {22611#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~14#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 86: Hoare triple {22611#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 85: Hoare triple {22611#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~14#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~14#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {22611#false} is VALID [2022-02-20 18:03:55,522 INFO L290 TraceCheckUtils]: 84: Hoare triple {22611#false} assume !(0 != ~pubkey~0#1); {22611#false} is VALID [2022-02-20 18:03:55,523 INFO L290 TraceCheckUtils]: 83: Hoare triple {22611#false} #t~ret86#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~5#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~5#1; {22611#false} is VALID [2022-02-20 18:03:55,523 INFO L290 TraceCheckUtils]: 82: Hoare triple {22611#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {22611#false} is VALID [2022-02-20 18:03:55,523 INFO L290 TraceCheckUtils]: 81: Hoare triple {22611#false} assume 1 == findPublicKey_~handle#1; {22611#false} is VALID [2022-02-20 18:03:55,523 INFO L290 TraceCheckUtils]: 80: Hoare triple {22611#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~15#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~15#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {22611#false} is VALID [2022-02-20 18:03:55,523 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {22610#true} {22611#false} #881#return; {22611#false} is VALID [2022-02-20 18:03:55,523 INFO L290 TraceCheckUtils]: 78: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,523 INFO L290 TraceCheckUtils]: 77: Hoare triple {22610#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {22610#true} is VALID [2022-02-20 18:03:55,523 INFO L290 TraceCheckUtils]: 76: Hoare triple {22610#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22610#true} is VALID [2022-02-20 18:03:55,523 INFO L272 TraceCheckUtils]: 75: Hoare triple {22611#false} call #t~ret85#1 := getEmailTo(~msg#1); {22610#true} is VALID [2022-02-20 18:03:55,524 INFO L290 TraceCheckUtils]: 74: Hoare triple {22611#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~15#1;havoc ~pubkey~0#1;havoc ~tmp___0~5#1; {22611#false} is VALID [2022-02-20 18:03:55,524 INFO L272 TraceCheckUtils]: 73: Hoare triple {22611#false} call outgoing(~sender#1, ~email~0#1); {22611#false} is VALID [2022-02-20 18:03:55,524 INFO L290 TraceCheckUtils]: 72: Hoare triple {22611#false} #t~ret94#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret94#1 && #t~ret94#1 <= 2147483647;~tmp~19#1 := #t~ret94#1;havoc #t~ret94#1;~email~0#1 := ~tmp~19#1; {22611#false} is VALID [2022-02-20 18:03:55,524 INFO L290 TraceCheckUtils]: 71: Hoare triple {22611#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {22611#false} is VALID [2022-02-20 18:03:55,524 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {22610#true} {22611#false} #923#return; {22611#false} is VALID [2022-02-20 18:03:55,524 INFO L290 TraceCheckUtils]: 69: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,524 INFO L290 TraceCheckUtils]: 68: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,524 INFO L290 TraceCheckUtils]: 67: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,524 INFO L272 TraceCheckUtils]: 66: Hoare triple {22611#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22610#true} is VALID [2022-02-20 18:03:55,524 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {22610#true} {22611#false} #921#return; {22611#false} is VALID [2022-02-20 18:03:55,524 INFO L290 TraceCheckUtils]: 64: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,527 INFO L290 TraceCheckUtils]: 63: Hoare triple {22610#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,527 INFO L290 TraceCheckUtils]: 62: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,528 INFO L272 TraceCheckUtils]: 61: Hoare triple {22611#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22610#true} is VALID [2022-02-20 18:03:55,528 INFO L290 TraceCheckUtils]: 60: Hoare triple {22611#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~19#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22611#false} is VALID [2022-02-20 18:03:55,528 INFO L272 TraceCheckUtils]: 59: Hoare triple {22611#false} call sendEmail(~bob~0, ~rjh~0); {22611#false} is VALID [2022-02-20 18:03:55,528 INFO L290 TraceCheckUtils]: 58: Hoare triple {22611#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret43#1, bobToRjh_#t~ret44#1, bobToRjh_#t~ret45#1, bobToRjh_#t~ret46#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~2#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~2#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret43#1 := puts(22, 0);assume -2147483648 <= bobToRjh_#t~ret43#1 && bobToRjh_#t~ret43#1 <= 2147483647;havoc bobToRjh_#t~ret43#1; {22611#false} is VALID [2022-02-20 18:03:55,531 INFO L290 TraceCheckUtils]: 57: Hoare triple {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {22611#false} is VALID [2022-02-20 18:03:55,532 INFO L290 TraceCheckUtils]: 56: Hoare triple {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:03:55,532 INFO L290 TraceCheckUtils]: 55: Hoare triple {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:03:55,532 INFO L290 TraceCheckUtils]: 54: Hoare triple {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet70#1 && test_#t~nondet70#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet70#1;havoc test_#t~nondet70#1; {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:03:55,533 INFO L290 TraceCheckUtils]: 53: Hoare triple {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:03:55,533 INFO L290 TraceCheckUtils]: 52: Hoare triple {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet69#1 && test_#t~nondet69#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet69#1;havoc test_#t~nondet69#1; {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:03:55,534 INFO L290 TraceCheckUtils]: 51: Hoare triple {23132#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23113#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 18:03:55,534 INFO L290 TraceCheckUtils]: 50: Hoare triple {23132#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {23132#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:03:55,535 INFO L290 TraceCheckUtils]: 49: Hoare triple {23132#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {23132#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:03:55,535 INFO L290 TraceCheckUtils]: 48: Hoare triple {22610#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~12#1, test_~tmp___0~4#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~12#1;havoc test_~tmp___0~4#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23132#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 18:03:55,535 INFO L290 TraceCheckUtils]: 47: Hoare triple {22610#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 26, 0;havoc setup_#t~nondet50#1; {22610#true} is VALID [2022-02-20 18:03:55,535 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22610#true} {22610#true} #937#return; {22610#true} is VALID [2022-02-20 18:03:55,536 INFO L290 TraceCheckUtils]: 45: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,536 INFO L290 TraceCheckUtils]: 44: Hoare triple {22610#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,536 INFO L290 TraceCheckUtils]: 43: Hoare triple {22610#true} assume !(2 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,536 INFO L290 TraceCheckUtils]: 42: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,536 INFO L290 TraceCheckUtils]: 41: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,536 INFO L272 TraceCheckUtils]: 40: Hoare triple {22610#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22610#true} is VALID [2022-02-20 18:03:55,536 INFO L290 TraceCheckUtils]: 39: Hoare triple {22610#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:55,536 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22610#true} {22610#true} #935#return; {22610#true} is VALID [2022-02-20 18:03:55,537 INFO L290 TraceCheckUtils]: 37: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,537 INFO L290 TraceCheckUtils]: 36: Hoare triple {22610#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,537 INFO L290 TraceCheckUtils]: 35: Hoare triple {22610#true} assume !(2 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,537 INFO L290 TraceCheckUtils]: 34: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,537 INFO L290 TraceCheckUtils]: 33: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,537 INFO L272 TraceCheckUtils]: 32: Hoare triple {22610#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22610#true} is VALID [2022-02-20 18:03:55,537 INFO L290 TraceCheckUtils]: 31: Hoare triple {22610#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 25, 0;havoc setup_#t~nondet49#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22610#true} is VALID [2022-02-20 18:03:55,538 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22610#true} {22610#true} #933#return; {22610#true} is VALID [2022-02-20 18:03:55,538 INFO L290 TraceCheckUtils]: 29: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,538 INFO L290 TraceCheckUtils]: 28: Hoare triple {22610#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,538 INFO L290 TraceCheckUtils]: 27: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,538 INFO L290 TraceCheckUtils]: 26: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,538 INFO L272 TraceCheckUtils]: 25: Hoare triple {22610#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22610#true} is VALID [2022-02-20 18:03:55,538 INFO L290 TraceCheckUtils]: 24: Hoare triple {22610#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:55,539 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22610#true} {22610#true} #931#return; {22610#true} is VALID [2022-02-20 18:03:55,539 INFO L290 TraceCheckUtils]: 22: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,539 INFO L290 TraceCheckUtils]: 21: Hoare triple {22610#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,539 INFO L290 TraceCheckUtils]: 20: Hoare triple {22610#true} assume !(1 == ~handle); {22610#true} is VALID [2022-02-20 18:03:55,539 INFO L290 TraceCheckUtils]: 19: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,539 INFO L272 TraceCheckUtils]: 18: Hoare triple {22610#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22610#true} is VALID [2022-02-20 18:03:55,539 INFO L290 TraceCheckUtils]: 17: Hoare triple {22610#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 24, 0;havoc setup_#t~nondet48#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22610#true} is VALID [2022-02-20 18:03:55,539 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22610#true} {22610#true} #929#return; {22610#true} is VALID [2022-02-20 18:03:55,540 INFO L290 TraceCheckUtils]: 15: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,540 INFO L290 TraceCheckUtils]: 14: Hoare triple {22610#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,540 INFO L290 TraceCheckUtils]: 13: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,540 INFO L272 TraceCheckUtils]: 12: Hoare triple {22610#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22610#true} is VALID [2022-02-20 18:03:55,540 INFO L290 TraceCheckUtils]: 11: Hoare triple {22610#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22610#true} is VALID [2022-02-20 18:03:55,540 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22610#true} {22610#true} #927#return; {22610#true} is VALID [2022-02-20 18:03:55,540 INFO L290 TraceCheckUtils]: 9: Hoare triple {22610#true} assume true; {22610#true} is VALID [2022-02-20 18:03:55,541 INFO L290 TraceCheckUtils]: 8: Hoare triple {22610#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22610#true} is VALID [2022-02-20 18:03:55,541 INFO L290 TraceCheckUtils]: 7: Hoare triple {22610#true} ~handle := #in~handle;~value := #in~value; {22610#true} is VALID [2022-02-20 18:03:55,541 INFO L272 TraceCheckUtils]: 6: Hoare triple {22610#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22610#true} is VALID [2022-02-20 18:03:55,541 INFO L290 TraceCheckUtils]: 5: Hoare triple {22610#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet48#1, setup_#t~nondet49#1, setup_#t~nondet50#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22610#true} is VALID [2022-02-20 18:03:55,541 INFO L290 TraceCheckUtils]: 4: Hoare triple {22610#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {22610#true} is VALID [2022-02-20 18:03:55,541 INFO L290 TraceCheckUtils]: 3: Hoare triple {22610#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~37#1;havoc valid_product_~retValue_acc~37#1;valid_product_~retValue_acc~37#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~37#1; {22610#true} is VALID [2022-02-20 18:03:55,541 INFO L290 TraceCheckUtils]: 2: Hoare triple {22610#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22610#true} is VALID [2022-02-20 18:03:55,542 INFO L290 TraceCheckUtils]: 1: Hoare triple {22610#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~24#1, main_~tmp~9#1;havoc main_~retValue_acc~24#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {22610#true} is VALID [2022-02-20 18:03:55,542 INFO L290 TraceCheckUtils]: 0: Hoare triple {22610#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(21, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(25, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(44, 22);call #Ultimate.allocInit(44, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(9, 25);call #Ultimate.allocInit(11, 26);call #Ultimate.allocInit(19, 27);call #Ultimate.allocInit(4, 28);call write~init~int(37, 28, 0, 1);call write~init~int(100, 28, 1, 1);call write~init~int(10, 28, 2, 1);call write~init~int(0, 28, 3, 1);call #Ultimate.allocInit(4, 29);call write~init~int(37, 29, 0, 1);call write~init~int(100, 29, 1, 1);call write~init~int(10, 29, 2, 1);call write~init~int(0, 29, 3, 1);call #Ultimate.allocInit(17, 30);call #Ultimate.allocInit(17, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(17, 33);call #Ultimate.allocInit(4, 34);call write~init~int(37, 34, 0, 1);call write~init~int(115, 34, 1, 1);call write~init~int(10, 34, 2, 1);call write~init~int(0, 34, 3, 1);call #Ultimate.allocInit(10, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(20, 37);call #Ultimate.allocInit(21, 38);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0; {22610#true} is VALID [2022-02-20 18:03:55,542 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 18:03:55,542 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [890865342] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:03:55,542 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:03:55,543 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 4, 4] total 11 [2022-02-20 18:03:55,543 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1299664464] [2022-02-20 18:03:55,543 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:03:55,544 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 11 states have (on average 8.727272727272727) internal successors, (96), 7 states have internal predecessors, (96), 2 states have call successors, (27), 6 states have call predecessors, (27), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) Word has length 103 [2022-02-20 18:03:55,758 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:55,759 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 11 states have (on average 8.727272727272727) internal successors, (96), 7 states have internal predecessors, (96), 2 states have call successors, (27), 6 states have call predecessors, (27), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16) [2022-02-20 18:03:55,850 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 139 edges. 139 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:55,851 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 18:03:55,851 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:55,852 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 18:03:55,852 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=29, Invalid=81, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:03:55,852 INFO L87 Difference]: Start difference. First operand 351 states and 542 transitions. Second operand has 11 states, 11 states have (on average 8.727272727272727) internal successors, (96), 7 states have internal predecessors, (96), 2 states have call successors, (27), 6 states have call predecessors, (27), 2 states have return successors, (16), 2 states have call predecessors, (16), 2 states have call successors, (16)