./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec8_product26.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec8_product26.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 5be9e48e11f5f92f9ccb04262780ea6fa0bae40b757b81b8e52fca7547f54831 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:03:28,823 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:03:28,824 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:03:28,865 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:03:28,865 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:03:28,866 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:03:28,872 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:03:28,873 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:03:28,875 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:03:28,875 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:03:28,876 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:03:28,877 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:03:28,877 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:03:28,878 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:03:28,879 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:03:28,880 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:03:28,881 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:03:28,882 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:03:28,887 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:03:28,896 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:03:28,901 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:03:28,908 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:03:28,909 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:03:28,912 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:03:28,914 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:03:28,916 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:03:28,916 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:03:28,917 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:03:28,917 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:03:28,918 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:03:28,918 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:03:28,919 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:03:28,920 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:03:28,920 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:03:28,921 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:03:28,921 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:03:28,922 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:03:28,922 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:03:28,923 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:03:28,923 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:03:28,924 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:03:28,925 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:03:28,943 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:03:28,944 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:03:28,944 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:03:28,945 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:03:28,945 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:03:28,946 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:03:28,946 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:03:28,946 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:03:28,947 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:03:28,947 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:03:28,948 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:03:28,948 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:03:28,948 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:03:28,948 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:03:28,948 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:03:28,949 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:03:28,949 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:03:28,949 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:03:28,949 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:03:28,949 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:03:28,950 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:03:28,950 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:03:28,950 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:03:28,950 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:03:28,950 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:03:28,951 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:03:28,951 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:03:28,952 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:03:28,953 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:03:28,953 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:03:28,953 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:03:28,953 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:03:28,953 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:03:28,954 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 5be9e48e11f5f92f9ccb04262780ea6fa0bae40b757b81b8e52fca7547f54831 [2022-02-20 18:03:29,175 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:03:29,199 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:03:29,201 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:03:29,202 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:03:29,203 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:03:29,204 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec8_product26.cil.c [2022-02-20 18:03:29,256 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c231cea59/fda6464ec0f444d685cfb2f95fd87356/FLAGae91ca633 [2022-02-20 18:03:29,712 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:03:29,712 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product26.cil.c [2022-02-20 18:03:29,742 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c231cea59/fda6464ec0f444d685cfb2f95fd87356/FLAGae91ca633 [2022-02-20 18:03:29,754 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/c231cea59/fda6464ec0f444d685cfb2f95fd87356 [2022-02-20 18:03:29,756 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:03:29,759 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:03:29,760 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:03:29,761 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:03:29,769 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:03:29,776 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:03:29" (1/1) ... [2022-02-20 18:03:29,777 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@165b689 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:29, skipping insertion in model container [2022-02-20 18:03:29,777 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:03:29" (1/1) ... [2022-02-20 18:03:29,783 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:03:29,830 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:03:30,197 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product26.cil.c[14808,14821] [2022-02-20 18:03:30,422 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:03:30,434 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:03:30,486 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec8_product26.cil.c[14808,14821] [2022-02-20 18:03:30,542 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:03:30,606 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:03:30,623 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30 WrapperNode [2022-02-20 18:03:30,624 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:03:30,625 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:03:30,625 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:03:30,625 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:03:30,643 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,680 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,742 INFO L137 Inliner]: procedures = 132, calls = 230, calls flagged for inlining = 61, calls inlined = 58, statements flattened = 1109 [2022-02-20 18:03:30,743 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:03:30,743 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:03:30,744 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:03:30,744 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:03:30,751 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,751 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,758 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,758 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,785 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,795 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,799 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,807 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:03:30,808 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:03:30,808 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:03:30,808 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:03:30,809 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (1/1) ... [2022-02-20 18:03:30,818 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:03:30,841 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:30,852 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:03:30,864 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:03:30,894 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 18:03:30,894 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 18:03:30,894 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 18:03:30,894 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 18:03:30,895 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 18:03:30,895 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 18:03:30,895 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 18:03:30,895 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 18:03:30,895 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 18:03:30,896 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 18:03:30,896 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__AutoResponder [2022-02-20 18:03:30,896 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__AutoResponder [2022-02-20 18:03:30,896 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 18:03:30,897 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 18:03:30,897 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 18:03:30,897 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 18:03:30,897 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 18:03:30,897 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 18:03:30,897 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 18:03:30,898 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 18:03:30,898 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 18:03:30,898 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 18:03:30,898 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 18:03:30,898 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 18:03:30,898 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 18:03:30,899 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 18:03:30,899 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 18:03:30,899 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:03:30,899 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 18:03:30,899 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 18:03:30,899 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 18:03:30,900 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 18:03:30,900 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 18:03:30,900 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 18:03:30,900 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 18:03:30,900 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 18:03:30,900 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 18:03:30,900 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 18:03:30,901 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 18:03:30,901 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 18:03:30,901 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 18:03:30,901 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 18:03:30,901 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 18:03:30,901 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 18:03:30,902 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:03:30,902 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 18:03:30,902 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 18:03:30,902 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 18:03:30,902 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 18:03:30,902 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:03:30,903 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:03:31,147 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:03:31,149 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:03:32,091 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:03:32,110 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:03:32,111 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 18:03:32,114 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:03:32 BoogieIcfgContainer [2022-02-20 18:03:32,114 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:03:32,116 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:03:32,116 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:03:32,119 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:03:32,119 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:03:29" (1/3) ... [2022-02-20 18:03:32,120 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@75de84e2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:03:32, skipping insertion in model container [2022-02-20 18:03:32,120 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:03:30" (2/3) ... [2022-02-20 18:03:32,121 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@75de84e2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:03:32, skipping insertion in model container [2022-02-20 18:03:32,121 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:03:32" (3/3) ... [2022-02-20 18:03:32,122 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec8_product26.cil.c [2022-02-20 18:03:32,126 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:03:32,127 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:03:32,183 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:03:32,197 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:03:32,198 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:03:32,240 INFO L276 IsEmpty]: Start isEmpty. Operand has 400 states, 313 states have (on average 1.5623003194888179) internal successors, (489), 318 states have internal predecessors, (489), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (62), 61 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 18:03:32,264 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-02-20 18:03:32,265 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:32,265 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:32,267 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:32,271 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:32,271 INFO L85 PathProgramCache]: Analyzing trace with hash 1772077766, now seen corresponding path program 1 times [2022-02-20 18:03:32,281 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:32,281 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1565834351] [2022-02-20 18:03:32,281 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:32,282 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:32,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:32,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,680 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,680 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,680 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {403#true} #1250#return; {403#true} is VALID [2022-02-20 18:03:32,690 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:32,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,702 INFO L290 TraceCheckUtils]: 0: Hoare triple {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,704 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {403#true} #1252#return; {403#true} is VALID [2022-02-20 18:03:32,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:32,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,738 INFO L290 TraceCheckUtils]: 0: Hoare triple {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {456#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:32,739 INFO L290 TraceCheckUtils]: 1: Hoare triple {456#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {457#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:32,740 INFO L290 TraceCheckUtils]: 2: Hoare triple {457#(= |setClientId_#in~handle| 1)} assume true; {457#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:32,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {457#(= |setClientId_#in~handle| 1)} {413#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1254#return; {404#false} is VALID [2022-02-20 18:03:32,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:03:32,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,758 INFO L290 TraceCheckUtils]: 0: Hoare triple {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,758 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,759 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1256#return; {404#false} is VALID [2022-02-20 18:03:32,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:03:32,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,768 INFO L290 TraceCheckUtils]: 0: Hoare triple {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,778 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1258#return; {404#false} is VALID [2022-02-20 18:03:32,779 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:03:32,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,793 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,793 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1260#return; {404#false} is VALID [2022-02-20 18:03:32,804 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 18:03:32,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,817 INFO L290 TraceCheckUtils]: 0: Hoare triple {458#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,817 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,817 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,818 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1194#return; {404#false} is VALID [2022-02-20 18:03:32,828 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 18:03:32,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,840 INFO L290 TraceCheckUtils]: 0: Hoare triple {459#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,841 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,841 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,842 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1196#return; {404#false} is VALID [2022-02-20 18:03:32,842 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:03:32,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {403#true} ~handle := #in~handle;havoc ~retValue_acc~30; {403#true} is VALID [2022-02-20 18:03:32,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {403#true} is VALID [2022-02-20 18:03:32,848 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,848 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1176#return; {404#false} is VALID [2022-02-20 18:03:32,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:03:32,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,853 INFO L290 TraceCheckUtils]: 0: Hoare triple {403#true} ~handle := #in~handle;havoc ~retValue_acc~15; {403#true} is VALID [2022-02-20 18:03:32,853 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {403#true} is VALID [2022-02-20 18:03:32,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,854 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1208#return; {404#false} is VALID [2022-02-20 18:03:32,854 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:03:32,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,860 INFO L290 TraceCheckUtils]: 0: Hoare triple {458#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,860 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,860 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,861 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1214#return; {404#false} is VALID [2022-02-20 18:03:32,861 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 18:03:32,862 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:32,868 INFO L290 TraceCheckUtils]: 0: Hoare triple {403#true} ~handle := #in~handle;havoc ~retValue_acc~18; {403#true} is VALID [2022-02-20 18:03:32,869 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {403#true} is VALID [2022-02-20 18:03:32,869 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,869 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {403#true} {404#false} #1216#return; {404#false} is VALID [2022-02-20 18:03:32,871 INFO L290 TraceCheckUtils]: 0: Hoare triple {403#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {403#true} is VALID [2022-02-20 18:03:32,871 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {403#true} is VALID [2022-02-20 18:03:32,871 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {403#true} is VALID [2022-02-20 18:03:32,872 INFO L290 TraceCheckUtils]: 3: Hoare triple {403#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {403#true} is VALID [2022-02-20 18:03:32,872 INFO L290 TraceCheckUtils]: 4: Hoare triple {403#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {403#true} is VALID [2022-02-20 18:03:32,872 INFO L290 TraceCheckUtils]: 5: Hoare triple {403#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {403#true} is VALID [2022-02-20 18:03:32,874 INFO L272 TraceCheckUtils]: 6: Hoare triple {403#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:32,874 INFO L290 TraceCheckUtils]: 7: Hoare triple {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,874 INFO L290 TraceCheckUtils]: 8: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,874 INFO L290 TraceCheckUtils]: 9: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,875 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {403#true} {403#true} #1250#return; {403#true} is VALID [2022-02-20 18:03:32,876 INFO L290 TraceCheckUtils]: 11: Hoare triple {403#true} assume { :end_inline_setup_bob__wrappee__Base } true; {403#true} is VALID [2022-02-20 18:03:32,880 INFO L272 TraceCheckUtils]: 12: Hoare triple {403#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:32,880 INFO L290 TraceCheckUtils]: 13: Hoare triple {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,880 INFO L290 TraceCheckUtils]: 14: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,881 INFO L290 TraceCheckUtils]: 15: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,881 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {403#true} {403#true} #1252#return; {403#true} is VALID [2022-02-20 18:03:32,882 INFO L290 TraceCheckUtils]: 17: Hoare triple {403#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {413#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:32,883 INFO L272 TraceCheckUtils]: 18: Hoare triple {413#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:32,884 INFO L290 TraceCheckUtils]: 19: Hoare triple {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {456#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:32,884 INFO L290 TraceCheckUtils]: 20: Hoare triple {456#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {457#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:32,885 INFO L290 TraceCheckUtils]: 21: Hoare triple {457#(= |setClientId_#in~handle| 1)} assume true; {457#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:32,886 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {457#(= |setClientId_#in~handle| 1)} {413#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1254#return; {404#false} is VALID [2022-02-20 18:03:32,886 INFO L290 TraceCheckUtils]: 23: Hoare triple {404#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {404#false} is VALID [2022-02-20 18:03:32,886 INFO L272 TraceCheckUtils]: 24: Hoare triple {404#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:32,887 INFO L290 TraceCheckUtils]: 25: Hoare triple {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,887 INFO L290 TraceCheckUtils]: 26: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,887 INFO L290 TraceCheckUtils]: 27: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,887 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {403#true} {404#false} #1256#return; {404#false} is VALID [2022-02-20 18:03:32,888 INFO L290 TraceCheckUtils]: 29: Hoare triple {404#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {404#false} is VALID [2022-02-20 18:03:32,888 INFO L272 TraceCheckUtils]: 30: Hoare triple {404#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:32,888 INFO L290 TraceCheckUtils]: 31: Hoare triple {454#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,889 INFO L290 TraceCheckUtils]: 32: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,889 INFO L290 TraceCheckUtils]: 33: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,889 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {403#true} {404#false} #1258#return; {404#false} is VALID [2022-02-20 18:03:32,889 INFO L290 TraceCheckUtils]: 35: Hoare triple {404#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {404#false} is VALID [2022-02-20 18:03:32,890 INFO L272 TraceCheckUtils]: 36: Hoare triple {404#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:32,890 INFO L290 TraceCheckUtils]: 37: Hoare triple {455#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,890 INFO L290 TraceCheckUtils]: 38: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,890 INFO L290 TraceCheckUtils]: 39: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,891 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {403#true} {404#false} #1260#return; {404#false} is VALID [2022-02-20 18:03:32,891 INFO L290 TraceCheckUtils]: 41: Hoare triple {404#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {404#false} is VALID [2022-02-20 18:03:32,891 INFO L290 TraceCheckUtils]: 42: Hoare triple {404#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {404#false} is VALID [2022-02-20 18:03:32,892 INFO L290 TraceCheckUtils]: 43: Hoare triple {404#false} assume !true; {404#false} is VALID [2022-02-20 18:03:32,892 INFO L290 TraceCheckUtils]: 44: Hoare triple {404#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {404#false} is VALID [2022-02-20 18:03:32,892 INFO L272 TraceCheckUtils]: 45: Hoare triple {404#false} call sendEmail(~bob~0, ~rjh~0); {404#false} is VALID [2022-02-20 18:03:32,893 INFO L290 TraceCheckUtils]: 46: Hoare triple {404#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {404#false} is VALID [2022-02-20 18:03:32,893 INFO L272 TraceCheckUtils]: 47: Hoare triple {404#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {458#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:32,893 INFO L290 TraceCheckUtils]: 48: Hoare triple {458#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,894 INFO L290 TraceCheckUtils]: 49: Hoare triple {403#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,894 INFO L290 TraceCheckUtils]: 50: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,894 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {403#true} {404#false} #1194#return; {404#false} is VALID [2022-02-20 18:03:32,894 INFO L272 TraceCheckUtils]: 52: Hoare triple {404#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {459#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:32,895 INFO L290 TraceCheckUtils]: 53: Hoare triple {459#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,895 INFO L290 TraceCheckUtils]: 54: Hoare triple {403#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,895 INFO L290 TraceCheckUtils]: 55: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,895 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {403#true} {404#false} #1196#return; {404#false} is VALID [2022-02-20 18:03:32,896 INFO L290 TraceCheckUtils]: 57: Hoare triple {404#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {404#false} is VALID [2022-02-20 18:03:32,896 INFO L290 TraceCheckUtils]: 58: Hoare triple {404#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {404#false} is VALID [2022-02-20 18:03:32,896 INFO L272 TraceCheckUtils]: 59: Hoare triple {404#false} call outgoing(~sender#1, ~email~0#1); {404#false} is VALID [2022-02-20 18:03:32,896 INFO L290 TraceCheckUtils]: 60: Hoare triple {404#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {404#false} is VALID [2022-02-20 18:03:32,897 INFO L272 TraceCheckUtils]: 61: Hoare triple {404#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {403#true} is VALID [2022-02-20 18:03:32,897 INFO L290 TraceCheckUtils]: 62: Hoare triple {403#true} ~handle := #in~handle;havoc ~retValue_acc~30; {403#true} is VALID [2022-02-20 18:03:32,897 INFO L290 TraceCheckUtils]: 63: Hoare triple {403#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {403#true} is VALID [2022-02-20 18:03:32,897 INFO L290 TraceCheckUtils]: 64: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,898 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {403#true} {404#false} #1176#return; {404#false} is VALID [2022-02-20 18:03:32,898 INFO L290 TraceCheckUtils]: 66: Hoare triple {404#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {404#false} is VALID [2022-02-20 18:03:32,898 INFO L290 TraceCheckUtils]: 67: Hoare triple {404#false} assume !(0 != ~size~0#1); {404#false} is VALID [2022-02-20 18:03:32,898 INFO L272 TraceCheckUtils]: 68: Hoare triple {404#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {404#false} is VALID [2022-02-20 18:03:32,899 INFO L290 TraceCheckUtils]: 69: Hoare triple {404#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {404#false} is VALID [2022-02-20 18:03:32,899 INFO L272 TraceCheckUtils]: 70: Hoare triple {404#false} call #t~ret33#1 := getEmailTo(~msg#1); {403#true} is VALID [2022-02-20 18:03:32,899 INFO L290 TraceCheckUtils]: 71: Hoare triple {403#true} ~handle := #in~handle;havoc ~retValue_acc~15; {403#true} is VALID [2022-02-20 18:03:32,899 INFO L290 TraceCheckUtils]: 72: Hoare triple {403#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {403#true} is VALID [2022-02-20 18:03:32,900 INFO L290 TraceCheckUtils]: 73: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,900 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {403#true} {404#false} #1208#return; {404#false} is VALID [2022-02-20 18:03:32,900 INFO L290 TraceCheckUtils]: 75: Hoare triple {404#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {404#false} is VALID [2022-02-20 18:03:32,901 INFO L290 TraceCheckUtils]: 76: Hoare triple {404#false} assume 1 == findPublicKey_~handle#1; {404#false} is VALID [2022-02-20 18:03:32,901 INFO L290 TraceCheckUtils]: 77: Hoare triple {404#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {404#false} is VALID [2022-02-20 18:03:32,901 INFO L290 TraceCheckUtils]: 78: Hoare triple {404#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {404#false} is VALID [2022-02-20 18:03:32,901 INFO L290 TraceCheckUtils]: 79: Hoare triple {404#false} assume !(0 != ~pubkey~0#1); {404#false} is VALID [2022-02-20 18:03:32,902 INFO L290 TraceCheckUtils]: 80: Hoare triple {404#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {404#false} is VALID [2022-02-20 18:03:32,902 INFO L290 TraceCheckUtils]: 81: Hoare triple {404#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {404#false} is VALID [2022-02-20 18:03:32,902 INFO L290 TraceCheckUtils]: 82: Hoare triple {404#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {404#false} is VALID [2022-02-20 18:03:32,902 INFO L272 TraceCheckUtils]: 83: Hoare triple {404#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {458#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:32,903 INFO L290 TraceCheckUtils]: 84: Hoare triple {458#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:32,903 INFO L290 TraceCheckUtils]: 85: Hoare triple {403#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:32,903 INFO L290 TraceCheckUtils]: 86: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,904 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {403#true} {404#false} #1214#return; {404#false} is VALID [2022-02-20 18:03:32,904 INFO L290 TraceCheckUtils]: 88: Hoare triple {404#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {404#false} is VALID [2022-02-20 18:03:32,904 INFO L290 TraceCheckUtils]: 89: Hoare triple {404#false} assume 0 != ~in_encrypted~0; {404#false} is VALID [2022-02-20 18:03:32,904 INFO L272 TraceCheckUtils]: 90: Hoare triple {404#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {403#true} is VALID [2022-02-20 18:03:32,905 INFO L290 TraceCheckUtils]: 91: Hoare triple {403#true} ~handle := #in~handle;havoc ~retValue_acc~18; {403#true} is VALID [2022-02-20 18:03:32,905 INFO L290 TraceCheckUtils]: 92: Hoare triple {403#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {403#true} is VALID [2022-02-20 18:03:32,905 INFO L290 TraceCheckUtils]: 93: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:32,905 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {403#true} {404#false} #1216#return; {404#false} is VALID [2022-02-20 18:03:32,906 INFO L290 TraceCheckUtils]: 95: Hoare triple {404#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {404#false} is VALID [2022-02-20 18:03:32,906 INFO L290 TraceCheckUtils]: 96: Hoare triple {404#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {404#false} is VALID [2022-02-20 18:03:32,906 INFO L290 TraceCheckUtils]: 97: Hoare triple {404#false} assume !false; {404#false} is VALID [2022-02-20 18:03:32,907 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:03:32,911 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:32,911 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1565834351] [2022-02-20 18:03:32,912 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1565834351] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:32,912 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1041484217] [2022-02-20 18:03:32,912 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:32,913 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:32,913 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:32,915 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:32,918 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:03:33,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:33,231 INFO L263 TraceCheckSpWp]: Trace formula consists of 1049 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:03:33,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:33,302 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:33,528 INFO L290 TraceCheckUtils]: 0: Hoare triple {403#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {403#true} is VALID [2022-02-20 18:03:33,528 INFO L290 TraceCheckUtils]: 1: Hoare triple {403#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {403#true} is VALID [2022-02-20 18:03:33,529 INFO L290 TraceCheckUtils]: 2: Hoare triple {403#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {403#true} is VALID [2022-02-20 18:03:33,529 INFO L290 TraceCheckUtils]: 3: Hoare triple {403#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {403#true} is VALID [2022-02-20 18:03:33,529 INFO L290 TraceCheckUtils]: 4: Hoare triple {403#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {403#true} is VALID [2022-02-20 18:03:33,529 INFO L290 TraceCheckUtils]: 5: Hoare triple {403#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {403#true} is VALID [2022-02-20 18:03:33,529 INFO L272 TraceCheckUtils]: 6: Hoare triple {403#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {403#true} is VALID [2022-02-20 18:03:33,530 INFO L290 TraceCheckUtils]: 7: Hoare triple {403#true} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:33,530 INFO L290 TraceCheckUtils]: 8: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:33,530 INFO L290 TraceCheckUtils]: 9: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:33,530 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {403#true} {403#true} #1250#return; {403#true} is VALID [2022-02-20 18:03:33,531 INFO L290 TraceCheckUtils]: 11: Hoare triple {403#true} assume { :end_inline_setup_bob__wrappee__Base } true; {403#true} is VALID [2022-02-20 18:03:33,531 INFO L272 TraceCheckUtils]: 12: Hoare triple {403#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {403#true} is VALID [2022-02-20 18:03:33,531 INFO L290 TraceCheckUtils]: 13: Hoare triple {403#true} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:33,531 INFO L290 TraceCheckUtils]: 14: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:33,531 INFO L290 TraceCheckUtils]: 15: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:33,532 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {403#true} {403#true} #1252#return; {403#true} is VALID [2022-02-20 18:03:33,532 INFO L290 TraceCheckUtils]: 17: Hoare triple {403#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {403#true} is VALID [2022-02-20 18:03:33,532 INFO L272 TraceCheckUtils]: 18: Hoare triple {403#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {403#true} is VALID [2022-02-20 18:03:33,532 INFO L290 TraceCheckUtils]: 19: Hoare triple {403#true} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:33,533 INFO L290 TraceCheckUtils]: 20: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:33,533 INFO L290 TraceCheckUtils]: 21: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:33,533 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {403#true} {403#true} #1254#return; {403#true} is VALID [2022-02-20 18:03:33,533 INFO L290 TraceCheckUtils]: 23: Hoare triple {403#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {403#true} is VALID [2022-02-20 18:03:33,533 INFO L272 TraceCheckUtils]: 24: Hoare triple {403#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {403#true} is VALID [2022-02-20 18:03:33,534 INFO L290 TraceCheckUtils]: 25: Hoare triple {403#true} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:33,534 INFO L290 TraceCheckUtils]: 26: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:33,534 INFO L290 TraceCheckUtils]: 27: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:33,534 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {403#true} {403#true} #1256#return; {403#true} is VALID [2022-02-20 18:03:33,535 INFO L290 TraceCheckUtils]: 29: Hoare triple {403#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {403#true} is VALID [2022-02-20 18:03:33,535 INFO L272 TraceCheckUtils]: 30: Hoare triple {403#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {403#true} is VALID [2022-02-20 18:03:33,535 INFO L290 TraceCheckUtils]: 31: Hoare triple {403#true} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:33,535 INFO L290 TraceCheckUtils]: 32: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:33,536 INFO L290 TraceCheckUtils]: 33: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:33,536 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {403#true} {403#true} #1258#return; {403#true} is VALID [2022-02-20 18:03:33,536 INFO L290 TraceCheckUtils]: 35: Hoare triple {403#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {403#true} is VALID [2022-02-20 18:03:33,536 INFO L272 TraceCheckUtils]: 36: Hoare triple {403#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {403#true} is VALID [2022-02-20 18:03:33,536 INFO L290 TraceCheckUtils]: 37: Hoare triple {403#true} ~handle := #in~handle;~value := #in~value; {403#true} is VALID [2022-02-20 18:03:33,537 INFO L290 TraceCheckUtils]: 38: Hoare triple {403#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {403#true} is VALID [2022-02-20 18:03:33,537 INFO L290 TraceCheckUtils]: 39: Hoare triple {403#true} assume true; {403#true} is VALID [2022-02-20 18:03:33,537 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {403#true} {403#true} #1260#return; {403#true} is VALID [2022-02-20 18:03:33,537 INFO L290 TraceCheckUtils]: 41: Hoare triple {403#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {403#true} is VALID [2022-02-20 18:03:33,537 INFO L290 TraceCheckUtils]: 42: Hoare triple {403#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {403#true} is VALID [2022-02-20 18:03:33,538 INFO L290 TraceCheckUtils]: 43: Hoare triple {403#true} assume !true; {404#false} is VALID [2022-02-20 18:03:33,538 INFO L290 TraceCheckUtils]: 44: Hoare triple {404#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {404#false} is VALID [2022-02-20 18:03:33,539 INFO L272 TraceCheckUtils]: 45: Hoare triple {404#false} call sendEmail(~bob~0, ~rjh~0); {404#false} is VALID [2022-02-20 18:03:33,539 INFO L290 TraceCheckUtils]: 46: Hoare triple {404#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {404#false} is VALID [2022-02-20 18:03:33,539 INFO L272 TraceCheckUtils]: 47: Hoare triple {404#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {404#false} is VALID [2022-02-20 18:03:33,539 INFO L290 TraceCheckUtils]: 48: Hoare triple {404#false} ~handle := #in~handle;~value := #in~value; {404#false} is VALID [2022-02-20 18:03:33,539 INFO L290 TraceCheckUtils]: 49: Hoare triple {404#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {404#false} is VALID [2022-02-20 18:03:33,540 INFO L290 TraceCheckUtils]: 50: Hoare triple {404#false} assume true; {404#false} is VALID [2022-02-20 18:03:33,540 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {404#false} {404#false} #1194#return; {404#false} is VALID [2022-02-20 18:03:33,540 INFO L272 TraceCheckUtils]: 52: Hoare triple {404#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {404#false} is VALID [2022-02-20 18:03:33,540 INFO L290 TraceCheckUtils]: 53: Hoare triple {404#false} ~handle := #in~handle;~value := #in~value; {404#false} is VALID [2022-02-20 18:03:33,540 INFO L290 TraceCheckUtils]: 54: Hoare triple {404#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {404#false} is VALID [2022-02-20 18:03:33,541 INFO L290 TraceCheckUtils]: 55: Hoare triple {404#false} assume true; {404#false} is VALID [2022-02-20 18:03:33,541 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {404#false} {404#false} #1196#return; {404#false} is VALID [2022-02-20 18:03:33,541 INFO L290 TraceCheckUtils]: 57: Hoare triple {404#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {404#false} is VALID [2022-02-20 18:03:33,541 INFO L290 TraceCheckUtils]: 58: Hoare triple {404#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {404#false} is VALID [2022-02-20 18:03:33,542 INFO L272 TraceCheckUtils]: 59: Hoare triple {404#false} call outgoing(~sender#1, ~email~0#1); {404#false} is VALID [2022-02-20 18:03:33,542 INFO L290 TraceCheckUtils]: 60: Hoare triple {404#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {404#false} is VALID [2022-02-20 18:03:33,542 INFO L272 TraceCheckUtils]: 61: Hoare triple {404#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {404#false} is VALID [2022-02-20 18:03:33,542 INFO L290 TraceCheckUtils]: 62: Hoare triple {404#false} ~handle := #in~handle;havoc ~retValue_acc~30; {404#false} is VALID [2022-02-20 18:03:33,542 INFO L290 TraceCheckUtils]: 63: Hoare triple {404#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {404#false} is VALID [2022-02-20 18:03:33,543 INFO L290 TraceCheckUtils]: 64: Hoare triple {404#false} assume true; {404#false} is VALID [2022-02-20 18:03:33,543 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {404#false} {404#false} #1176#return; {404#false} is VALID [2022-02-20 18:03:33,543 INFO L290 TraceCheckUtils]: 66: Hoare triple {404#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {404#false} is VALID [2022-02-20 18:03:33,543 INFO L290 TraceCheckUtils]: 67: Hoare triple {404#false} assume !(0 != ~size~0#1); {404#false} is VALID [2022-02-20 18:03:33,543 INFO L272 TraceCheckUtils]: 68: Hoare triple {404#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {404#false} is VALID [2022-02-20 18:03:33,544 INFO L290 TraceCheckUtils]: 69: Hoare triple {404#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {404#false} is VALID [2022-02-20 18:03:33,544 INFO L272 TraceCheckUtils]: 70: Hoare triple {404#false} call #t~ret33#1 := getEmailTo(~msg#1); {404#false} is VALID [2022-02-20 18:03:33,544 INFO L290 TraceCheckUtils]: 71: Hoare triple {404#false} ~handle := #in~handle;havoc ~retValue_acc~15; {404#false} is VALID [2022-02-20 18:03:33,544 INFO L290 TraceCheckUtils]: 72: Hoare triple {404#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {404#false} is VALID [2022-02-20 18:03:33,545 INFO L290 TraceCheckUtils]: 73: Hoare triple {404#false} assume true; {404#false} is VALID [2022-02-20 18:03:33,545 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {404#false} {404#false} #1208#return; {404#false} is VALID [2022-02-20 18:03:33,545 INFO L290 TraceCheckUtils]: 75: Hoare triple {404#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {404#false} is VALID [2022-02-20 18:03:33,545 INFO L290 TraceCheckUtils]: 76: Hoare triple {404#false} assume 1 == findPublicKey_~handle#1; {404#false} is VALID [2022-02-20 18:03:33,545 INFO L290 TraceCheckUtils]: 77: Hoare triple {404#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {404#false} is VALID [2022-02-20 18:03:33,546 INFO L290 TraceCheckUtils]: 78: Hoare triple {404#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {404#false} is VALID [2022-02-20 18:03:33,546 INFO L290 TraceCheckUtils]: 79: Hoare triple {404#false} assume !(0 != ~pubkey~0#1); {404#false} is VALID [2022-02-20 18:03:33,546 INFO L290 TraceCheckUtils]: 80: Hoare triple {404#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {404#false} is VALID [2022-02-20 18:03:33,546 INFO L290 TraceCheckUtils]: 81: Hoare triple {404#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {404#false} is VALID [2022-02-20 18:03:33,547 INFO L290 TraceCheckUtils]: 82: Hoare triple {404#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {404#false} is VALID [2022-02-20 18:03:33,547 INFO L272 TraceCheckUtils]: 83: Hoare triple {404#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {404#false} is VALID [2022-02-20 18:03:33,547 INFO L290 TraceCheckUtils]: 84: Hoare triple {404#false} ~handle := #in~handle;~value := #in~value; {404#false} is VALID [2022-02-20 18:03:33,547 INFO L290 TraceCheckUtils]: 85: Hoare triple {404#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {404#false} is VALID [2022-02-20 18:03:33,548 INFO L290 TraceCheckUtils]: 86: Hoare triple {404#false} assume true; {404#false} is VALID [2022-02-20 18:03:33,548 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {404#false} {404#false} #1214#return; {404#false} is VALID [2022-02-20 18:03:33,548 INFO L290 TraceCheckUtils]: 88: Hoare triple {404#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {404#false} is VALID [2022-02-20 18:03:33,548 INFO L290 TraceCheckUtils]: 89: Hoare triple {404#false} assume 0 != ~in_encrypted~0; {404#false} is VALID [2022-02-20 18:03:33,548 INFO L272 TraceCheckUtils]: 90: Hoare triple {404#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {404#false} is VALID [2022-02-20 18:03:33,549 INFO L290 TraceCheckUtils]: 91: Hoare triple {404#false} ~handle := #in~handle;havoc ~retValue_acc~18; {404#false} is VALID [2022-02-20 18:03:33,549 INFO L290 TraceCheckUtils]: 92: Hoare triple {404#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {404#false} is VALID [2022-02-20 18:03:33,549 INFO L290 TraceCheckUtils]: 93: Hoare triple {404#false} assume true; {404#false} is VALID [2022-02-20 18:03:33,549 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {404#false} {404#false} #1216#return; {404#false} is VALID [2022-02-20 18:03:33,549 INFO L290 TraceCheckUtils]: 95: Hoare triple {404#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {404#false} is VALID [2022-02-20 18:03:33,550 INFO L290 TraceCheckUtils]: 96: Hoare triple {404#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {404#false} is VALID [2022-02-20 18:03:33,550 INFO L290 TraceCheckUtils]: 97: Hoare triple {404#false} assume !false; {404#false} is VALID [2022-02-20 18:03:33,550 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:03:33,551 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:33,551 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1041484217] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:33,551 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:33,551 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 18:03:33,553 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1999599054] [2022-02-20 18:03:33,554 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:33,559 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2022-02-20 18:03:33,560 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:33,563 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:33,633 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:33,633 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:03:33,634 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:33,655 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:03:33,656 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:03:33,661 INFO L87 Difference]: Start difference. First operand has 400 states, 313 states have (on average 1.5623003194888179) internal successors, (489), 318 states have internal predecessors, (489), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (62), 61 states have call predecessors, (62), 62 states have call successors, (62) Second operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:34,084 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:34,084 INFO L93 Difference]: Finished difference Result 602 states and 908 transitions. [2022-02-20 18:03:34,084 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:03:34,085 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2022-02-20 18:03:34,085 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:34,087 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:34,129 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 908 transitions. [2022-02-20 18:03:34,130 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:34,166 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 908 transitions. [2022-02-20 18:03:34,166 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 908 transitions. [2022-02-20 18:03:34,907 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 908 edges. 908 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:34,955 INFO L225 Difference]: With dead ends: 602 [2022-02-20 18:03:34,955 INFO L226 Difference]: Without dead ends: 393 [2022-02-20 18:03:34,964 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 125 GetRequests, 118 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:03:34,967 INFO L933 BasicCegarLoop]: 609 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 609 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:34,969 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 609 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:34,987 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 393 states. [2022-02-20 18:03:35,050 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 393 to 393. [2022-02-20 18:03:35,051 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:35,057 INFO L82 GeneralOperation]: Start isEquivalent. First operand 393 states. Second operand has 393 states, 307 states have (on average 1.5570032573289903) internal successors, (478), 311 states have internal predecessors, (478), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:03:35,062 INFO L74 IsIncluded]: Start isIncluded. First operand 393 states. Second operand has 393 states, 307 states have (on average 1.5570032573289903) internal successors, (478), 311 states have internal predecessors, (478), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:03:35,068 INFO L87 Difference]: Start difference. First operand 393 states. Second operand has 393 states, 307 states have (on average 1.5570032573289903) internal successors, (478), 311 states have internal predecessors, (478), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:03:35,090 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:35,090 INFO L93 Difference]: Finished difference Result 393 states and 601 transitions. [2022-02-20 18:03:35,090 INFO L276 IsEmpty]: Start isEmpty. Operand 393 states and 601 transitions. [2022-02-20 18:03:35,093 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:35,093 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:35,095 INFO L74 IsIncluded]: Start isIncluded. First operand has 393 states, 307 states have (on average 1.5570032573289903) internal successors, (478), 311 states have internal predecessors, (478), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 393 states. [2022-02-20 18:03:35,097 INFO L87 Difference]: Start difference. First operand has 393 states, 307 states have (on average 1.5570032573289903) internal successors, (478), 311 states have internal predecessors, (478), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 393 states. [2022-02-20 18:03:35,119 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:35,119 INFO L93 Difference]: Finished difference Result 393 states and 601 transitions. [2022-02-20 18:03:35,119 INFO L276 IsEmpty]: Start isEmpty. Operand 393 states and 601 transitions. [2022-02-20 18:03:35,121 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:35,121 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:35,122 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:35,122 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:35,127 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 393 states, 307 states have (on average 1.5570032573289903) internal successors, (478), 311 states have internal predecessors, (478), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:03:35,148 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 393 states to 393 states and 601 transitions. [2022-02-20 18:03:35,150 INFO L78 Accepts]: Start accepts. Automaton has 393 states and 601 transitions. Word has length 98 [2022-02-20 18:03:35,150 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:35,150 INFO L470 AbstractCegarLoop]: Abstraction has 393 states and 601 transitions. [2022-02-20 18:03:35,151 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:35,151 INFO L276 IsEmpty]: Start isEmpty. Operand 393 states and 601 transitions. [2022-02-20 18:03:35,157 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2022-02-20 18:03:35,157 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:35,157 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:35,178 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:03:35,367 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 18:03:35,368 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:35,368 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:35,369 INFO L85 PathProgramCache]: Analyzing trace with hash 1213717743, now seen corresponding path program 1 times [2022-02-20 18:03:35,369 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:35,369 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [977854972] [2022-02-20 18:03:35,369 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:35,369 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:35,413 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,452 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:35,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,464 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,464 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2916#true} #1250#return; {2916#true} is VALID [2022-02-20 18:03:35,470 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:35,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,475 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,476 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,476 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2916#true} #1252#return; {2916#true} is VALID [2022-02-20 18:03:35,477 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:35,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,493 INFO L290 TraceCheckUtils]: 0: Hoare triple {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2969#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,494 INFO L290 TraceCheckUtils]: 1: Hoare triple {2969#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2970#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:35,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {2970#(= |setClientId_#in~handle| 1)} assume true; {2970#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:35,501 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2970#(= |setClientId_#in~handle| 1)} {2926#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1254#return; {2917#false} is VALID [2022-02-20 18:03:35,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:03:35,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,506 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,507 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,507 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,507 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1256#return; {2917#false} is VALID [2022-02-20 18:03:35,508 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:03:35,510 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,513 INFO L290 TraceCheckUtils]: 0: Hoare triple {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,514 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,514 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,514 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1258#return; {2917#false} is VALID [2022-02-20 18:03:35,514 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:03:35,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,520 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,521 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,521 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,521 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1260#return; {2917#false} is VALID [2022-02-20 18:03:35,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 18:03:35,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,533 INFO L290 TraceCheckUtils]: 0: Hoare triple {2971#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,534 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,534 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,534 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1194#return; {2917#false} is VALID [2022-02-20 18:03:35,542 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 18:03:35,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {2972#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,551 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,551 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,551 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1196#return; {2917#false} is VALID [2022-02-20 18:03:35,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:03:35,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~30; {2916#true} is VALID [2022-02-20 18:03:35,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {2916#true} is VALID [2022-02-20 18:03:35,560 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,560 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1176#return; {2917#false} is VALID [2022-02-20 18:03:35,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:03:35,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,564 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~15; {2916#true} is VALID [2022-02-20 18:03:35,564 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {2916#true} is VALID [2022-02-20 18:03:35,565 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,565 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1208#return; {2917#false} is VALID [2022-02-20 18:03:35,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:03:35,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,569 INFO L290 TraceCheckUtils]: 0: Hoare triple {2971#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,569 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,570 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1214#return; {2917#false} is VALID [2022-02-20 18:03:35,570 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 18:03:35,571 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~18; {2916#true} is VALID [2022-02-20 18:03:35,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {2916#true} is VALID [2022-02-20 18:03:35,574 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,574 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1216#return; {2917#false} is VALID [2022-02-20 18:03:35,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2916#true} is VALID [2022-02-20 18:03:35,575 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2916#true} is VALID [2022-02-20 18:03:35,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2916#true} is VALID [2022-02-20 18:03:35,575 INFO L290 TraceCheckUtils]: 3: Hoare triple {2916#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {2916#true} is VALID [2022-02-20 18:03:35,575 INFO L290 TraceCheckUtils]: 4: Hoare triple {2916#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2916#true} is VALID [2022-02-20 18:03:35,575 INFO L290 TraceCheckUtils]: 5: Hoare triple {2916#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2916#true} is VALID [2022-02-20 18:03:35,576 INFO L272 TraceCheckUtils]: 6: Hoare triple {2916#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:35,577 INFO L290 TraceCheckUtils]: 7: Hoare triple {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,577 INFO L290 TraceCheckUtils]: 8: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,577 INFO L290 TraceCheckUtils]: 9: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,577 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2916#true} {2916#true} #1250#return; {2916#true} is VALID [2022-02-20 18:03:35,577 INFO L290 TraceCheckUtils]: 11: Hoare triple {2916#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2916#true} is VALID [2022-02-20 18:03:35,578 INFO L272 TraceCheckUtils]: 12: Hoare triple {2916#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:35,578 INFO L290 TraceCheckUtils]: 13: Hoare triple {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,578 INFO L290 TraceCheckUtils]: 14: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,579 INFO L290 TraceCheckUtils]: 15: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,579 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2916#true} {2916#true} #1252#return; {2916#true} is VALID [2022-02-20 18:03:35,579 INFO L290 TraceCheckUtils]: 17: Hoare triple {2916#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2926#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:35,580 INFO L272 TraceCheckUtils]: 18: Hoare triple {2926#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:35,581 INFO L290 TraceCheckUtils]: 19: Hoare triple {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2969#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:35,581 INFO L290 TraceCheckUtils]: 20: Hoare triple {2969#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2970#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:35,581 INFO L290 TraceCheckUtils]: 21: Hoare triple {2970#(= |setClientId_#in~handle| 1)} assume true; {2970#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:35,582 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2970#(= |setClientId_#in~handle| 1)} {2926#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1254#return; {2917#false} is VALID [2022-02-20 18:03:35,582 INFO L290 TraceCheckUtils]: 23: Hoare triple {2917#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2917#false} is VALID [2022-02-20 18:03:35,582 INFO L272 TraceCheckUtils]: 24: Hoare triple {2917#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:35,583 INFO L290 TraceCheckUtils]: 25: Hoare triple {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,583 INFO L290 TraceCheckUtils]: 26: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,583 INFO L290 TraceCheckUtils]: 27: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,583 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2916#true} {2917#false} #1256#return; {2917#false} is VALID [2022-02-20 18:03:35,583 INFO L290 TraceCheckUtils]: 29: Hoare triple {2917#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2917#false} is VALID [2022-02-20 18:03:35,583 INFO L272 TraceCheckUtils]: 30: Hoare triple {2917#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:35,584 INFO L290 TraceCheckUtils]: 31: Hoare triple {2967#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,584 INFO L290 TraceCheckUtils]: 32: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,584 INFO L290 TraceCheckUtils]: 33: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,584 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2916#true} {2917#false} #1258#return; {2917#false} is VALID [2022-02-20 18:03:35,584 INFO L290 TraceCheckUtils]: 35: Hoare triple {2917#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2917#false} is VALID [2022-02-20 18:03:35,584 INFO L272 TraceCheckUtils]: 36: Hoare triple {2917#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:35,585 INFO L290 TraceCheckUtils]: 37: Hoare triple {2968#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,585 INFO L290 TraceCheckUtils]: 38: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,585 INFO L290 TraceCheckUtils]: 39: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,585 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2916#true} {2917#false} #1260#return; {2917#false} is VALID [2022-02-20 18:03:35,585 INFO L290 TraceCheckUtils]: 41: Hoare triple {2917#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2917#false} is VALID [2022-02-20 18:03:35,585 INFO L290 TraceCheckUtils]: 42: Hoare triple {2917#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2917#false} is VALID [2022-02-20 18:03:35,586 INFO L290 TraceCheckUtils]: 43: Hoare triple {2917#false} assume !false; {2917#false} is VALID [2022-02-20 18:03:35,586 INFO L290 TraceCheckUtils]: 44: Hoare triple {2917#false} assume !(test_~splverifierCounter~0#1 < 4); {2917#false} is VALID [2022-02-20 18:03:35,586 INFO L290 TraceCheckUtils]: 45: Hoare triple {2917#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2917#false} is VALID [2022-02-20 18:03:35,586 INFO L272 TraceCheckUtils]: 46: Hoare triple {2917#false} call sendEmail(~bob~0, ~rjh~0); {2917#false} is VALID [2022-02-20 18:03:35,586 INFO L290 TraceCheckUtils]: 47: Hoare triple {2917#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2917#false} is VALID [2022-02-20 18:03:35,587 INFO L272 TraceCheckUtils]: 48: Hoare triple {2917#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2971#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:35,587 INFO L290 TraceCheckUtils]: 49: Hoare triple {2971#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,587 INFO L290 TraceCheckUtils]: 50: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,587 INFO L290 TraceCheckUtils]: 51: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,587 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2916#true} {2917#false} #1194#return; {2917#false} is VALID [2022-02-20 18:03:35,587 INFO L272 TraceCheckUtils]: 53: Hoare triple {2917#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2972#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:35,588 INFO L290 TraceCheckUtils]: 54: Hoare triple {2972#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,588 INFO L290 TraceCheckUtils]: 55: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,588 INFO L290 TraceCheckUtils]: 56: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,588 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2916#true} {2917#false} #1196#return; {2917#false} is VALID [2022-02-20 18:03:35,588 INFO L290 TraceCheckUtils]: 58: Hoare triple {2917#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {2917#false} is VALID [2022-02-20 18:03:35,588 INFO L290 TraceCheckUtils]: 59: Hoare triple {2917#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {2917#false} is VALID [2022-02-20 18:03:35,589 INFO L272 TraceCheckUtils]: 60: Hoare triple {2917#false} call outgoing(~sender#1, ~email~0#1); {2917#false} is VALID [2022-02-20 18:03:35,589 INFO L290 TraceCheckUtils]: 61: Hoare triple {2917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {2917#false} is VALID [2022-02-20 18:03:35,589 INFO L272 TraceCheckUtils]: 62: Hoare triple {2917#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {2916#true} is VALID [2022-02-20 18:03:35,589 INFO L290 TraceCheckUtils]: 63: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~30; {2916#true} is VALID [2022-02-20 18:03:35,589 INFO L290 TraceCheckUtils]: 64: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {2916#true} is VALID [2022-02-20 18:03:35,589 INFO L290 TraceCheckUtils]: 65: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,590 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2916#true} {2917#false} #1176#return; {2917#false} is VALID [2022-02-20 18:03:35,590 INFO L290 TraceCheckUtils]: 67: Hoare triple {2917#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {2917#false} is VALID [2022-02-20 18:03:35,590 INFO L290 TraceCheckUtils]: 68: Hoare triple {2917#false} assume !(0 != ~size~0#1); {2917#false} is VALID [2022-02-20 18:03:35,590 INFO L272 TraceCheckUtils]: 69: Hoare triple {2917#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {2917#false} is VALID [2022-02-20 18:03:35,590 INFO L290 TraceCheckUtils]: 70: Hoare triple {2917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {2917#false} is VALID [2022-02-20 18:03:35,590 INFO L272 TraceCheckUtils]: 71: Hoare triple {2917#false} call #t~ret33#1 := getEmailTo(~msg#1); {2916#true} is VALID [2022-02-20 18:03:35,591 INFO L290 TraceCheckUtils]: 72: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~15; {2916#true} is VALID [2022-02-20 18:03:35,591 INFO L290 TraceCheckUtils]: 73: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {2916#true} is VALID [2022-02-20 18:03:35,591 INFO L290 TraceCheckUtils]: 74: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,591 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {2916#true} {2917#false} #1208#return; {2917#false} is VALID [2022-02-20 18:03:35,591 INFO L290 TraceCheckUtils]: 76: Hoare triple {2917#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {2917#false} is VALID [2022-02-20 18:03:35,591 INFO L290 TraceCheckUtils]: 77: Hoare triple {2917#false} assume 1 == findPublicKey_~handle#1; {2917#false} is VALID [2022-02-20 18:03:35,592 INFO L290 TraceCheckUtils]: 78: Hoare triple {2917#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {2917#false} is VALID [2022-02-20 18:03:35,592 INFO L290 TraceCheckUtils]: 79: Hoare triple {2917#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {2917#false} is VALID [2022-02-20 18:03:35,592 INFO L290 TraceCheckUtils]: 80: Hoare triple {2917#false} assume !(0 != ~pubkey~0#1); {2917#false} is VALID [2022-02-20 18:03:35,592 INFO L290 TraceCheckUtils]: 81: Hoare triple {2917#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {2917#false} is VALID [2022-02-20 18:03:35,592 INFO L290 TraceCheckUtils]: 82: Hoare triple {2917#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {2917#false} is VALID [2022-02-20 18:03:35,592 INFO L290 TraceCheckUtils]: 83: Hoare triple {2917#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {2917#false} is VALID [2022-02-20 18:03:35,593 INFO L272 TraceCheckUtils]: 84: Hoare triple {2917#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {2971#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:35,593 INFO L290 TraceCheckUtils]: 85: Hoare triple {2971#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:35,593 INFO L290 TraceCheckUtils]: 86: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:35,593 INFO L290 TraceCheckUtils]: 87: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,593 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2916#true} {2917#false} #1214#return; {2917#false} is VALID [2022-02-20 18:03:35,593 INFO L290 TraceCheckUtils]: 89: Hoare triple {2917#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {2917#false} is VALID [2022-02-20 18:03:35,594 INFO L290 TraceCheckUtils]: 90: Hoare triple {2917#false} assume 0 != ~in_encrypted~0; {2917#false} is VALID [2022-02-20 18:03:35,594 INFO L272 TraceCheckUtils]: 91: Hoare triple {2917#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {2916#true} is VALID [2022-02-20 18:03:35,594 INFO L290 TraceCheckUtils]: 92: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~18; {2916#true} is VALID [2022-02-20 18:03:35,594 INFO L290 TraceCheckUtils]: 93: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {2916#true} is VALID [2022-02-20 18:03:35,594 INFO L290 TraceCheckUtils]: 94: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:35,594 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {2916#true} {2917#false} #1216#return; {2917#false} is VALID [2022-02-20 18:03:35,595 INFO L290 TraceCheckUtils]: 96: Hoare triple {2917#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {2917#false} is VALID [2022-02-20 18:03:35,595 INFO L290 TraceCheckUtils]: 97: Hoare triple {2917#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {2917#false} is VALID [2022-02-20 18:03:35,595 INFO L290 TraceCheckUtils]: 98: Hoare triple {2917#false} assume !false; {2917#false} is VALID [2022-02-20 18:03:35,595 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:03:35,596 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:35,596 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [977854972] [2022-02-20 18:03:35,596 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [977854972] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:35,596 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1171514495] [2022-02-20 18:03:35,597 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:35,597 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:35,597 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:35,598 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:35,605 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:03:35,873 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,878 INFO L263 TraceCheckSpWp]: Trace formula consists of 1050 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:03:35,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:35,950 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:36,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2916#true} is VALID [2022-02-20 18:03:36,194 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2916#true} is VALID [2022-02-20 18:03:36,194 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2916#true} is VALID [2022-02-20 18:03:36,201 INFO L290 TraceCheckUtils]: 3: Hoare triple {2916#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {2916#true} is VALID [2022-02-20 18:03:36,201 INFO L290 TraceCheckUtils]: 4: Hoare triple {2916#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2916#true} is VALID [2022-02-20 18:03:36,201 INFO L290 TraceCheckUtils]: 5: Hoare triple {2916#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2916#true} is VALID [2022-02-20 18:03:36,202 INFO L272 TraceCheckUtils]: 6: Hoare triple {2916#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2916#true} is VALID [2022-02-20 18:03:36,202 INFO L290 TraceCheckUtils]: 7: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:36,202 INFO L290 TraceCheckUtils]: 8: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:36,202 INFO L290 TraceCheckUtils]: 9: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:36,210 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2916#true} {2916#true} #1250#return; {2916#true} is VALID [2022-02-20 18:03:36,211 INFO L290 TraceCheckUtils]: 11: Hoare triple {2916#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2916#true} is VALID [2022-02-20 18:03:36,211 INFO L272 TraceCheckUtils]: 12: Hoare triple {2916#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2916#true} is VALID [2022-02-20 18:03:36,211 INFO L290 TraceCheckUtils]: 13: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:36,211 INFO L290 TraceCheckUtils]: 14: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:36,211 INFO L290 TraceCheckUtils]: 15: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:36,211 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2916#true} {2916#true} #1252#return; {2916#true} is VALID [2022-02-20 18:03:36,212 INFO L290 TraceCheckUtils]: 17: Hoare triple {2916#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2916#true} is VALID [2022-02-20 18:03:36,212 INFO L272 TraceCheckUtils]: 18: Hoare triple {2916#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2916#true} is VALID [2022-02-20 18:03:36,212 INFO L290 TraceCheckUtils]: 19: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:36,212 INFO L290 TraceCheckUtils]: 20: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:36,212 INFO L290 TraceCheckUtils]: 21: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:36,212 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2916#true} {2916#true} #1254#return; {2916#true} is VALID [2022-02-20 18:03:36,213 INFO L290 TraceCheckUtils]: 23: Hoare triple {2916#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2916#true} is VALID [2022-02-20 18:03:36,213 INFO L272 TraceCheckUtils]: 24: Hoare triple {2916#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2916#true} is VALID [2022-02-20 18:03:36,213 INFO L290 TraceCheckUtils]: 25: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:36,213 INFO L290 TraceCheckUtils]: 26: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:36,213 INFO L290 TraceCheckUtils]: 27: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:36,213 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2916#true} {2916#true} #1256#return; {2916#true} is VALID [2022-02-20 18:03:36,214 INFO L290 TraceCheckUtils]: 29: Hoare triple {2916#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2916#true} is VALID [2022-02-20 18:03:36,214 INFO L272 TraceCheckUtils]: 30: Hoare triple {2916#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2916#true} is VALID [2022-02-20 18:03:36,214 INFO L290 TraceCheckUtils]: 31: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:36,214 INFO L290 TraceCheckUtils]: 32: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:36,214 INFO L290 TraceCheckUtils]: 33: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:36,214 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2916#true} {2916#true} #1258#return; {2916#true} is VALID [2022-02-20 18:03:36,215 INFO L290 TraceCheckUtils]: 35: Hoare triple {2916#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2916#true} is VALID [2022-02-20 18:03:36,215 INFO L272 TraceCheckUtils]: 36: Hoare triple {2916#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2916#true} is VALID [2022-02-20 18:03:36,215 INFO L290 TraceCheckUtils]: 37: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 18:03:36,215 INFO L290 TraceCheckUtils]: 38: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 18:03:36,215 INFO L290 TraceCheckUtils]: 39: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 18:03:36,215 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2916#true} {2916#true} #1260#return; {2916#true} is VALID [2022-02-20 18:03:36,216 INFO L290 TraceCheckUtils]: 41: Hoare triple {2916#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2916#true} is VALID [2022-02-20 18:03:36,216 INFO L290 TraceCheckUtils]: 42: Hoare triple {2916#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3102#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:36,217 INFO L290 TraceCheckUtils]: 43: Hoare triple {3102#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3102#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:03:36,218 INFO L290 TraceCheckUtils]: 44: Hoare triple {3102#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2917#false} is VALID [2022-02-20 18:03:36,218 INFO L290 TraceCheckUtils]: 45: Hoare triple {2917#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2917#false} is VALID [2022-02-20 18:03:36,218 INFO L272 TraceCheckUtils]: 46: Hoare triple {2917#false} call sendEmail(~bob~0, ~rjh~0); {2917#false} is VALID [2022-02-20 18:03:36,218 INFO L290 TraceCheckUtils]: 47: Hoare triple {2917#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2917#false} is VALID [2022-02-20 18:03:36,218 INFO L272 TraceCheckUtils]: 48: Hoare triple {2917#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2917#false} is VALID [2022-02-20 18:03:36,218 INFO L290 TraceCheckUtils]: 49: Hoare triple {2917#false} ~handle := #in~handle;~value := #in~value; {2917#false} is VALID [2022-02-20 18:03:36,219 INFO L290 TraceCheckUtils]: 50: Hoare triple {2917#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2917#false} is VALID [2022-02-20 18:03:36,219 INFO L290 TraceCheckUtils]: 51: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 18:03:36,219 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2917#false} {2917#false} #1194#return; {2917#false} is VALID [2022-02-20 18:03:36,219 INFO L272 TraceCheckUtils]: 53: Hoare triple {2917#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2917#false} is VALID [2022-02-20 18:03:36,219 INFO L290 TraceCheckUtils]: 54: Hoare triple {2917#false} ~handle := #in~handle;~value := #in~value; {2917#false} is VALID [2022-02-20 18:03:36,219 INFO L290 TraceCheckUtils]: 55: Hoare triple {2917#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2917#false} is VALID [2022-02-20 18:03:36,220 INFO L290 TraceCheckUtils]: 56: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 18:03:36,220 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2917#false} {2917#false} #1196#return; {2917#false} is VALID [2022-02-20 18:03:36,220 INFO L290 TraceCheckUtils]: 58: Hoare triple {2917#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {2917#false} is VALID [2022-02-20 18:03:36,220 INFO L290 TraceCheckUtils]: 59: Hoare triple {2917#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {2917#false} is VALID [2022-02-20 18:03:36,220 INFO L272 TraceCheckUtils]: 60: Hoare triple {2917#false} call outgoing(~sender#1, ~email~0#1); {2917#false} is VALID [2022-02-20 18:03:36,220 INFO L290 TraceCheckUtils]: 61: Hoare triple {2917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {2917#false} is VALID [2022-02-20 18:03:36,221 INFO L272 TraceCheckUtils]: 62: Hoare triple {2917#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {2917#false} is VALID [2022-02-20 18:03:36,221 INFO L290 TraceCheckUtils]: 63: Hoare triple {2917#false} ~handle := #in~handle;havoc ~retValue_acc~30; {2917#false} is VALID [2022-02-20 18:03:36,221 INFO L290 TraceCheckUtils]: 64: Hoare triple {2917#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {2917#false} is VALID [2022-02-20 18:03:36,221 INFO L290 TraceCheckUtils]: 65: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 18:03:36,221 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2917#false} {2917#false} #1176#return; {2917#false} is VALID [2022-02-20 18:03:36,221 INFO L290 TraceCheckUtils]: 67: Hoare triple {2917#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {2917#false} is VALID [2022-02-20 18:03:36,222 INFO L290 TraceCheckUtils]: 68: Hoare triple {2917#false} assume !(0 != ~size~0#1); {2917#false} is VALID [2022-02-20 18:03:36,222 INFO L272 TraceCheckUtils]: 69: Hoare triple {2917#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {2917#false} is VALID [2022-02-20 18:03:36,222 INFO L290 TraceCheckUtils]: 70: Hoare triple {2917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {2917#false} is VALID [2022-02-20 18:03:36,222 INFO L272 TraceCheckUtils]: 71: Hoare triple {2917#false} call #t~ret33#1 := getEmailTo(~msg#1); {2917#false} is VALID [2022-02-20 18:03:36,222 INFO L290 TraceCheckUtils]: 72: Hoare triple {2917#false} ~handle := #in~handle;havoc ~retValue_acc~15; {2917#false} is VALID [2022-02-20 18:03:36,222 INFO L290 TraceCheckUtils]: 73: Hoare triple {2917#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {2917#false} is VALID [2022-02-20 18:03:36,223 INFO L290 TraceCheckUtils]: 74: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 18:03:36,223 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {2917#false} {2917#false} #1208#return; {2917#false} is VALID [2022-02-20 18:03:36,223 INFO L290 TraceCheckUtils]: 76: Hoare triple {2917#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {2917#false} is VALID [2022-02-20 18:03:36,223 INFO L290 TraceCheckUtils]: 77: Hoare triple {2917#false} assume 1 == findPublicKey_~handle#1; {2917#false} is VALID [2022-02-20 18:03:36,223 INFO L290 TraceCheckUtils]: 78: Hoare triple {2917#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {2917#false} is VALID [2022-02-20 18:03:36,223 INFO L290 TraceCheckUtils]: 79: Hoare triple {2917#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {2917#false} is VALID [2022-02-20 18:03:36,224 INFO L290 TraceCheckUtils]: 80: Hoare triple {2917#false} assume !(0 != ~pubkey~0#1); {2917#false} is VALID [2022-02-20 18:03:36,224 INFO L290 TraceCheckUtils]: 81: Hoare triple {2917#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {2917#false} is VALID [2022-02-20 18:03:36,224 INFO L290 TraceCheckUtils]: 82: Hoare triple {2917#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {2917#false} is VALID [2022-02-20 18:03:36,224 INFO L290 TraceCheckUtils]: 83: Hoare triple {2917#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {2917#false} is VALID [2022-02-20 18:03:36,224 INFO L272 TraceCheckUtils]: 84: Hoare triple {2917#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {2917#false} is VALID [2022-02-20 18:03:36,224 INFO L290 TraceCheckUtils]: 85: Hoare triple {2917#false} ~handle := #in~handle;~value := #in~value; {2917#false} is VALID [2022-02-20 18:03:36,225 INFO L290 TraceCheckUtils]: 86: Hoare triple {2917#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2917#false} is VALID [2022-02-20 18:03:36,225 INFO L290 TraceCheckUtils]: 87: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 18:03:36,225 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2917#false} {2917#false} #1214#return; {2917#false} is VALID [2022-02-20 18:03:36,225 INFO L290 TraceCheckUtils]: 89: Hoare triple {2917#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {2917#false} is VALID [2022-02-20 18:03:36,225 INFO L290 TraceCheckUtils]: 90: Hoare triple {2917#false} assume 0 != ~in_encrypted~0; {2917#false} is VALID [2022-02-20 18:03:36,226 INFO L272 TraceCheckUtils]: 91: Hoare triple {2917#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {2917#false} is VALID [2022-02-20 18:03:36,226 INFO L290 TraceCheckUtils]: 92: Hoare triple {2917#false} ~handle := #in~handle;havoc ~retValue_acc~18; {2917#false} is VALID [2022-02-20 18:03:36,226 INFO L290 TraceCheckUtils]: 93: Hoare triple {2917#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {2917#false} is VALID [2022-02-20 18:03:36,226 INFO L290 TraceCheckUtils]: 94: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 18:03:36,226 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {2917#false} {2917#false} #1216#return; {2917#false} is VALID [2022-02-20 18:03:36,226 INFO L290 TraceCheckUtils]: 96: Hoare triple {2917#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {2917#false} is VALID [2022-02-20 18:03:36,227 INFO L290 TraceCheckUtils]: 97: Hoare triple {2917#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {2917#false} is VALID [2022-02-20 18:03:36,227 INFO L290 TraceCheckUtils]: 98: Hoare triple {2917#false} assume !false; {2917#false} is VALID [2022-02-20 18:03:36,227 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:03:36,227 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:36,228 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1171514495] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:36,228 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:36,228 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:03:36,228 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [303576903] [2022-02-20 18:03:36,228 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:36,230 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2022-02-20 18:03:36,230 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:36,230 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:36,297 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:36,297 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:03:36,297 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:36,298 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:03:36,298 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:03:36,299 INFO L87 Difference]: Start difference. First operand 393 states and 601 transitions. Second operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:36,908 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:36,908 INFO L93 Difference]: Finished difference Result 592 states and 886 transitions. [2022-02-20 18:03:36,909 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:03:36,909 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2022-02-20 18:03:36,909 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:36,910 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:36,924 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 886 transitions. [2022-02-20 18:03:36,924 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:36,939 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 886 transitions. [2022-02-20 18:03:36,939 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 886 transitions. [2022-02-20 18:03:37,595 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 886 edges. 886 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:37,609 INFO L225 Difference]: With dead ends: 592 [2022-02-20 18:03:37,609 INFO L226 Difference]: Without dead ends: 396 [2022-02-20 18:03:37,610 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 126 GetRequests, 118 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:03:37,611 INFO L933 BasicCegarLoop]: 599 mSDtfsCounter, 1 mSDsluCounter, 597 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1196 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:37,612 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1196 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:37,613 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 396 states. [2022-02-20 18:03:37,626 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 396 to 395. [2022-02-20 18:03:37,626 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:37,630 INFO L82 GeneralOperation]: Start isEquivalent. First operand 396 states. Second operand has 395 states, 309 states have (on average 1.5533980582524272) internal successors, (480), 313 states have internal predecessors, (480), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:03:37,632 INFO L74 IsIncluded]: Start isIncluded. First operand 396 states. Second operand has 395 states, 309 states have (on average 1.5533980582524272) internal successors, (480), 313 states have internal predecessors, (480), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:03:37,633 INFO L87 Difference]: Start difference. First operand 396 states. Second operand has 395 states, 309 states have (on average 1.5533980582524272) internal successors, (480), 313 states have internal predecessors, (480), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:03:37,668 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:37,668 INFO L93 Difference]: Finished difference Result 396 states and 604 transitions. [2022-02-20 18:03:37,668 INFO L276 IsEmpty]: Start isEmpty. Operand 396 states and 604 transitions. [2022-02-20 18:03:37,672 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:37,673 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:37,674 INFO L74 IsIncluded]: Start isIncluded. First operand has 395 states, 309 states have (on average 1.5533980582524272) internal successors, (480), 313 states have internal predecessors, (480), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 396 states. [2022-02-20 18:03:37,675 INFO L87 Difference]: Start difference. First operand has 395 states, 309 states have (on average 1.5533980582524272) internal successors, (480), 313 states have internal predecessors, (480), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 396 states. [2022-02-20 18:03:37,709 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:37,710 INFO L93 Difference]: Finished difference Result 396 states and 604 transitions. [2022-02-20 18:03:37,710 INFO L276 IsEmpty]: Start isEmpty. Operand 396 states and 604 transitions. [2022-02-20 18:03:37,711 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:37,712 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:37,712 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:37,712 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:37,713 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 395 states, 309 states have (on average 1.5533980582524272) internal successors, (480), 313 states have internal predecessors, (480), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 18:03:37,734 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 395 states to 395 states and 603 transitions. [2022-02-20 18:03:37,735 INFO L78 Accepts]: Start accepts. Automaton has 395 states and 603 transitions. Word has length 99 [2022-02-20 18:03:37,735 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:37,735 INFO L470 AbstractCegarLoop]: Abstraction has 395 states and 603 transitions. [2022-02-20 18:03:37,735 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:37,736 INFO L276 IsEmpty]: Start isEmpty. Operand 395 states and 603 transitions. [2022-02-20 18:03:37,739 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 18:03:37,739 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:37,740 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:37,765 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:37,956 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 18:03:37,957 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:37,957 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:37,958 INFO L85 PathProgramCache]: Analyzing trace with hash 1440636413, now seen corresponding path program 1 times [2022-02-20 18:03:37,958 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:37,958 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [167214939] [2022-02-20 18:03:37,958 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:37,958 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:37,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,016 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:38,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,021 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,021 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5426#true} #1250#return; {5426#true} is VALID [2022-02-20 18:03:38,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:38,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5426#true} #1252#return; {5426#true} is VALID [2022-02-20 18:03:38,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:38,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,054 INFO L290 TraceCheckUtils]: 0: Hoare triple {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5479#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:38,056 INFO L290 TraceCheckUtils]: 1: Hoare triple {5479#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5480#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:38,057 INFO L290 TraceCheckUtils]: 2: Hoare triple {5480#(= |setClientId_#in~handle| 1)} assume true; {5480#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:38,057 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5480#(= |setClientId_#in~handle| 1)} {5436#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1254#return; {5427#false} is VALID [2022-02-20 18:03:38,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:03:38,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,065 INFO L290 TraceCheckUtils]: 0: Hoare triple {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,065 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,066 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1256#return; {5427#false} is VALID [2022-02-20 18:03:38,066 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:03:38,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,075 INFO L290 TraceCheckUtils]: 0: Hoare triple {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,075 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,075 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1258#return; {5427#false} is VALID [2022-02-20 18:03:38,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:03:38,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,082 INFO L290 TraceCheckUtils]: 0: Hoare triple {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,083 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,083 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,083 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1260#return; {5427#false} is VALID [2022-02-20 18:03:38,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:03:38,092 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,095 INFO L290 TraceCheckUtils]: 0: Hoare triple {5481#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,095 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,095 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,095 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1194#return; {5427#false} is VALID [2022-02-20 18:03:38,103 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:03:38,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {5482#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,108 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1196#return; {5427#false} is VALID [2022-02-20 18:03:38,108 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 18:03:38,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,112 INFO L290 TraceCheckUtils]: 0: Hoare triple {5426#true} ~handle := #in~handle;havoc ~retValue_acc~30; {5426#true} is VALID [2022-02-20 18:03:38,112 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {5426#true} is VALID [2022-02-20 18:03:38,112 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,112 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1176#return; {5427#false} is VALID [2022-02-20 18:03:38,112 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 18:03:38,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,115 INFO L290 TraceCheckUtils]: 0: Hoare triple {5426#true} ~handle := #in~handle;havoc ~retValue_acc~15; {5426#true} is VALID [2022-02-20 18:03:38,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {5426#true} is VALID [2022-02-20 18:03:38,116 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,116 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1208#return; {5427#false} is VALID [2022-02-20 18:03:38,116 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 18:03:38,117 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,119 INFO L290 TraceCheckUtils]: 0: Hoare triple {5481#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,120 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,120 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,120 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1214#return; {5427#false} is VALID [2022-02-20 18:03:38,120 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 18:03:38,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {5426#true} ~handle := #in~handle;havoc ~retValue_acc~18; {5426#true} is VALID [2022-02-20 18:03:38,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {5426#true} is VALID [2022-02-20 18:03:38,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,128 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5426#true} {5427#false} #1216#return; {5427#false} is VALID [2022-02-20 18:03:38,128 INFO L290 TraceCheckUtils]: 0: Hoare triple {5426#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5426#true} is VALID [2022-02-20 18:03:38,128 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5426#true} is VALID [2022-02-20 18:03:38,128 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5426#true} is VALID [2022-02-20 18:03:38,128 INFO L290 TraceCheckUtils]: 3: Hoare triple {5426#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {5426#true} is VALID [2022-02-20 18:03:38,129 INFO L290 TraceCheckUtils]: 4: Hoare triple {5426#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5426#true} is VALID [2022-02-20 18:03:38,129 INFO L290 TraceCheckUtils]: 5: Hoare triple {5426#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5426#true} is VALID [2022-02-20 18:03:38,129 INFO L272 TraceCheckUtils]: 6: Hoare triple {5426#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:38,130 INFO L290 TraceCheckUtils]: 7: Hoare triple {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,130 INFO L290 TraceCheckUtils]: 8: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,130 INFO L290 TraceCheckUtils]: 9: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,130 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5426#true} {5426#true} #1250#return; {5426#true} is VALID [2022-02-20 18:03:38,130 INFO L290 TraceCheckUtils]: 11: Hoare triple {5426#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5426#true} is VALID [2022-02-20 18:03:38,132 INFO L272 TraceCheckUtils]: 12: Hoare triple {5426#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:38,132 INFO L290 TraceCheckUtils]: 13: Hoare triple {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,132 INFO L290 TraceCheckUtils]: 14: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,132 INFO L290 TraceCheckUtils]: 15: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,133 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5426#true} {5426#true} #1252#return; {5426#true} is VALID [2022-02-20 18:03:38,133 INFO L290 TraceCheckUtils]: 17: Hoare triple {5426#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5436#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:38,134 INFO L272 TraceCheckUtils]: 18: Hoare triple {5436#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:38,134 INFO L290 TraceCheckUtils]: 19: Hoare triple {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5479#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:38,135 INFO L290 TraceCheckUtils]: 20: Hoare triple {5479#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5480#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:38,135 INFO L290 TraceCheckUtils]: 21: Hoare triple {5480#(= |setClientId_#in~handle| 1)} assume true; {5480#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:38,136 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5480#(= |setClientId_#in~handle| 1)} {5436#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1254#return; {5427#false} is VALID [2022-02-20 18:03:38,136 INFO L290 TraceCheckUtils]: 23: Hoare triple {5427#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5427#false} is VALID [2022-02-20 18:03:38,136 INFO L272 TraceCheckUtils]: 24: Hoare triple {5427#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:38,136 INFO L290 TraceCheckUtils]: 25: Hoare triple {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,136 INFO L290 TraceCheckUtils]: 26: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,136 INFO L290 TraceCheckUtils]: 27: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,136 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5426#true} {5427#false} #1256#return; {5427#false} is VALID [2022-02-20 18:03:38,137 INFO L290 TraceCheckUtils]: 29: Hoare triple {5427#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5427#false} is VALID [2022-02-20 18:03:38,137 INFO L272 TraceCheckUtils]: 30: Hoare triple {5427#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:38,137 INFO L290 TraceCheckUtils]: 31: Hoare triple {5477#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,137 INFO L290 TraceCheckUtils]: 32: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,137 INFO L290 TraceCheckUtils]: 33: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,137 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5426#true} {5427#false} #1258#return; {5427#false} is VALID [2022-02-20 18:03:38,137 INFO L290 TraceCheckUtils]: 35: Hoare triple {5427#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5427#false} is VALID [2022-02-20 18:03:38,137 INFO L272 TraceCheckUtils]: 36: Hoare triple {5427#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:38,137 INFO L290 TraceCheckUtils]: 37: Hoare triple {5478#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,137 INFO L290 TraceCheckUtils]: 38: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,137 INFO L290 TraceCheckUtils]: 39: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,137 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5426#true} {5427#false} #1260#return; {5427#false} is VALID [2022-02-20 18:03:38,138 INFO L290 TraceCheckUtils]: 41: Hoare triple {5427#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5427#false} is VALID [2022-02-20 18:03:38,138 INFO L290 TraceCheckUtils]: 42: Hoare triple {5427#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5427#false} is VALID [2022-02-20 18:03:38,138 INFO L290 TraceCheckUtils]: 43: Hoare triple {5427#false} assume !false; {5427#false} is VALID [2022-02-20 18:03:38,138 INFO L290 TraceCheckUtils]: 44: Hoare triple {5427#false} assume test_~splverifierCounter~0#1 < 4; {5427#false} is VALID [2022-02-20 18:03:38,138 INFO L290 TraceCheckUtils]: 45: Hoare triple {5427#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5427#false} is VALID [2022-02-20 18:03:38,138 INFO L290 TraceCheckUtils]: 46: Hoare triple {5427#false} assume !(0 == test_~op1~0#1); {5427#false} is VALID [2022-02-20 18:03:38,138 INFO L290 TraceCheckUtils]: 47: Hoare triple {5427#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {5427#false} is VALID [2022-02-20 18:03:38,139 INFO L290 TraceCheckUtils]: 48: Hoare triple {5427#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5427#false} is VALID [2022-02-20 18:03:38,139 INFO L290 TraceCheckUtils]: 49: Hoare triple {5427#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5427#false} is VALID [2022-02-20 18:03:38,139 INFO L290 TraceCheckUtils]: 50: Hoare triple {5427#false} assume { :end_inline_setClientAutoResponse } true; {5427#false} is VALID [2022-02-20 18:03:38,139 INFO L290 TraceCheckUtils]: 51: Hoare triple {5427#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5427#false} is VALID [2022-02-20 18:03:38,139 INFO L290 TraceCheckUtils]: 52: Hoare triple {5427#false} assume !false; {5427#false} is VALID [2022-02-20 18:03:38,139 INFO L290 TraceCheckUtils]: 53: Hoare triple {5427#false} assume !(test_~splverifierCounter~0#1 < 4); {5427#false} is VALID [2022-02-20 18:03:38,139 INFO L290 TraceCheckUtils]: 54: Hoare triple {5427#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5427#false} is VALID [2022-02-20 18:03:38,140 INFO L272 TraceCheckUtils]: 55: Hoare triple {5427#false} call sendEmail(~bob~0, ~rjh~0); {5427#false} is VALID [2022-02-20 18:03:38,140 INFO L290 TraceCheckUtils]: 56: Hoare triple {5427#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5427#false} is VALID [2022-02-20 18:03:38,140 INFO L272 TraceCheckUtils]: 57: Hoare triple {5427#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5481#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:38,140 INFO L290 TraceCheckUtils]: 58: Hoare triple {5481#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,140 INFO L290 TraceCheckUtils]: 59: Hoare triple {5426#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,140 INFO L290 TraceCheckUtils]: 60: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,141 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5426#true} {5427#false} #1194#return; {5427#false} is VALID [2022-02-20 18:03:38,141 INFO L272 TraceCheckUtils]: 62: Hoare triple {5427#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5482#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:38,141 INFO L290 TraceCheckUtils]: 63: Hoare triple {5482#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,141 INFO L290 TraceCheckUtils]: 64: Hoare triple {5426#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,141 INFO L290 TraceCheckUtils]: 65: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,141 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5426#true} {5427#false} #1196#return; {5427#false} is VALID [2022-02-20 18:03:38,142 INFO L290 TraceCheckUtils]: 67: Hoare triple {5427#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {5427#false} is VALID [2022-02-20 18:03:38,142 INFO L290 TraceCheckUtils]: 68: Hoare triple {5427#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {5427#false} is VALID [2022-02-20 18:03:38,142 INFO L272 TraceCheckUtils]: 69: Hoare triple {5427#false} call outgoing(~sender#1, ~email~0#1); {5427#false} is VALID [2022-02-20 18:03:38,142 INFO L290 TraceCheckUtils]: 70: Hoare triple {5427#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {5427#false} is VALID [2022-02-20 18:03:38,142 INFO L272 TraceCheckUtils]: 71: Hoare triple {5427#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {5426#true} is VALID [2022-02-20 18:03:38,142 INFO L290 TraceCheckUtils]: 72: Hoare triple {5426#true} ~handle := #in~handle;havoc ~retValue_acc~30; {5426#true} is VALID [2022-02-20 18:03:38,142 INFO L290 TraceCheckUtils]: 73: Hoare triple {5426#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {5426#true} is VALID [2022-02-20 18:03:38,143 INFO L290 TraceCheckUtils]: 74: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,143 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5426#true} {5427#false} #1176#return; {5427#false} is VALID [2022-02-20 18:03:38,143 INFO L290 TraceCheckUtils]: 76: Hoare triple {5427#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {5427#false} is VALID [2022-02-20 18:03:38,143 INFO L290 TraceCheckUtils]: 77: Hoare triple {5427#false} assume !(0 != ~size~0#1); {5427#false} is VALID [2022-02-20 18:03:38,143 INFO L272 TraceCheckUtils]: 78: Hoare triple {5427#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {5427#false} is VALID [2022-02-20 18:03:38,143 INFO L290 TraceCheckUtils]: 79: Hoare triple {5427#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {5427#false} is VALID [2022-02-20 18:03:38,144 INFO L272 TraceCheckUtils]: 80: Hoare triple {5427#false} call #t~ret33#1 := getEmailTo(~msg#1); {5426#true} is VALID [2022-02-20 18:03:38,144 INFO L290 TraceCheckUtils]: 81: Hoare triple {5426#true} ~handle := #in~handle;havoc ~retValue_acc~15; {5426#true} is VALID [2022-02-20 18:03:38,144 INFO L290 TraceCheckUtils]: 82: Hoare triple {5426#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {5426#true} is VALID [2022-02-20 18:03:38,144 INFO L290 TraceCheckUtils]: 83: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,144 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {5426#true} {5427#false} #1208#return; {5427#false} is VALID [2022-02-20 18:03:38,144 INFO L290 TraceCheckUtils]: 85: Hoare triple {5427#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {5427#false} is VALID [2022-02-20 18:03:38,145 INFO L290 TraceCheckUtils]: 86: Hoare triple {5427#false} assume 1 == findPublicKey_~handle#1; {5427#false} is VALID [2022-02-20 18:03:38,145 INFO L290 TraceCheckUtils]: 87: Hoare triple {5427#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {5427#false} is VALID [2022-02-20 18:03:38,145 INFO L290 TraceCheckUtils]: 88: Hoare triple {5427#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {5427#false} is VALID [2022-02-20 18:03:38,145 INFO L290 TraceCheckUtils]: 89: Hoare triple {5427#false} assume !(0 != ~pubkey~0#1); {5427#false} is VALID [2022-02-20 18:03:38,145 INFO L290 TraceCheckUtils]: 90: Hoare triple {5427#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {5427#false} is VALID [2022-02-20 18:03:38,145 INFO L290 TraceCheckUtils]: 91: Hoare triple {5427#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {5427#false} is VALID [2022-02-20 18:03:38,146 INFO L290 TraceCheckUtils]: 92: Hoare triple {5427#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {5427#false} is VALID [2022-02-20 18:03:38,146 INFO L272 TraceCheckUtils]: 93: Hoare triple {5427#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {5481#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:38,146 INFO L290 TraceCheckUtils]: 94: Hoare triple {5481#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,146 INFO L290 TraceCheckUtils]: 95: Hoare triple {5426#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,146 INFO L290 TraceCheckUtils]: 96: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,146 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5426#true} {5427#false} #1214#return; {5427#false} is VALID [2022-02-20 18:03:38,146 INFO L290 TraceCheckUtils]: 98: Hoare triple {5427#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {5427#false} is VALID [2022-02-20 18:03:38,147 INFO L290 TraceCheckUtils]: 99: Hoare triple {5427#false} assume 0 != ~in_encrypted~0; {5427#false} is VALID [2022-02-20 18:03:38,147 INFO L272 TraceCheckUtils]: 100: Hoare triple {5427#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {5426#true} is VALID [2022-02-20 18:03:38,147 INFO L290 TraceCheckUtils]: 101: Hoare triple {5426#true} ~handle := #in~handle;havoc ~retValue_acc~18; {5426#true} is VALID [2022-02-20 18:03:38,147 INFO L290 TraceCheckUtils]: 102: Hoare triple {5426#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {5426#true} is VALID [2022-02-20 18:03:38,147 INFO L290 TraceCheckUtils]: 103: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,147 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {5426#true} {5427#false} #1216#return; {5427#false} is VALID [2022-02-20 18:03:38,148 INFO L290 TraceCheckUtils]: 105: Hoare triple {5427#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {5427#false} is VALID [2022-02-20 18:03:38,148 INFO L290 TraceCheckUtils]: 106: Hoare triple {5427#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {5427#false} is VALID [2022-02-20 18:03:38,148 INFO L290 TraceCheckUtils]: 107: Hoare triple {5427#false} assume !false; {5427#false} is VALID [2022-02-20 18:03:38,148 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:03:38,149 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:38,149 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [167214939] [2022-02-20 18:03:38,149 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [167214939] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:38,149 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1534705117] [2022-02-20 18:03:38,149 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:38,150 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:38,150 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:38,151 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:38,160 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 18:03:38,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,392 INFO L263 TraceCheckSpWp]: Trace formula consists of 1077 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 18:03:38,434 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:38,444 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:38,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {5426#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5426#true} is VALID [2022-02-20 18:03:38,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {5426#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5426#true} is VALID [2022-02-20 18:03:38,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {5426#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5426#true} is VALID [2022-02-20 18:03:38,692 INFO L290 TraceCheckUtils]: 3: Hoare triple {5426#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {5426#true} is VALID [2022-02-20 18:03:38,692 INFO L290 TraceCheckUtils]: 4: Hoare triple {5426#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5426#true} is VALID [2022-02-20 18:03:38,692 INFO L290 TraceCheckUtils]: 5: Hoare triple {5426#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5426#true} is VALID [2022-02-20 18:03:38,692 INFO L272 TraceCheckUtils]: 6: Hoare triple {5426#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5426#true} is VALID [2022-02-20 18:03:38,692 INFO L290 TraceCheckUtils]: 7: Hoare triple {5426#true} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L290 TraceCheckUtils]: 8: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L290 TraceCheckUtils]: 9: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5426#true} {5426#true} #1250#return; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L290 TraceCheckUtils]: 11: Hoare triple {5426#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L272 TraceCheckUtils]: 12: Hoare triple {5426#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L290 TraceCheckUtils]: 13: Hoare triple {5426#true} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L290 TraceCheckUtils]: 14: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L290 TraceCheckUtils]: 15: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5426#true} {5426#true} #1252#return; {5426#true} is VALID [2022-02-20 18:03:38,693 INFO L290 TraceCheckUtils]: 17: Hoare triple {5426#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L272 TraceCheckUtils]: 18: Hoare triple {5426#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L290 TraceCheckUtils]: 19: Hoare triple {5426#true} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L290 TraceCheckUtils]: 20: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L290 TraceCheckUtils]: 21: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5426#true} {5426#true} #1254#return; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L290 TraceCheckUtils]: 23: Hoare triple {5426#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L272 TraceCheckUtils]: 24: Hoare triple {5426#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L290 TraceCheckUtils]: 25: Hoare triple {5426#true} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L290 TraceCheckUtils]: 26: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L290 TraceCheckUtils]: 27: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5426#true} {5426#true} #1256#return; {5426#true} is VALID [2022-02-20 18:03:38,694 INFO L290 TraceCheckUtils]: 29: Hoare triple {5426#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5426#true} is VALID [2022-02-20 18:03:38,695 INFO L272 TraceCheckUtils]: 30: Hoare triple {5426#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5426#true} is VALID [2022-02-20 18:03:38,695 INFO L290 TraceCheckUtils]: 31: Hoare triple {5426#true} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,695 INFO L290 TraceCheckUtils]: 32: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,695 INFO L290 TraceCheckUtils]: 33: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,696 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5426#true} {5426#true} #1258#return; {5426#true} is VALID [2022-02-20 18:03:38,696 INFO L290 TraceCheckUtils]: 35: Hoare triple {5426#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5426#true} is VALID [2022-02-20 18:03:38,696 INFO L272 TraceCheckUtils]: 36: Hoare triple {5426#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5426#true} is VALID [2022-02-20 18:03:38,696 INFO L290 TraceCheckUtils]: 37: Hoare triple {5426#true} ~handle := #in~handle;~value := #in~value; {5426#true} is VALID [2022-02-20 18:03:38,696 INFO L290 TraceCheckUtils]: 38: Hoare triple {5426#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5426#true} is VALID [2022-02-20 18:03:38,696 INFO L290 TraceCheckUtils]: 39: Hoare triple {5426#true} assume true; {5426#true} is VALID [2022-02-20 18:03:38,696 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5426#true} {5426#true} #1260#return; {5426#true} is VALID [2022-02-20 18:03:38,696 INFO L290 TraceCheckUtils]: 41: Hoare triple {5426#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5426#true} is VALID [2022-02-20 18:03:38,697 INFO L290 TraceCheckUtils]: 42: Hoare triple {5426#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5612#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:38,697 INFO L290 TraceCheckUtils]: 43: Hoare triple {5612#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5612#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:38,698 INFO L290 TraceCheckUtils]: 44: Hoare triple {5612#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5612#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:38,698 INFO L290 TraceCheckUtils]: 45: Hoare triple {5612#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5612#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 18:03:38,698 INFO L290 TraceCheckUtils]: 46: Hoare triple {5612#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5427#false} is VALID [2022-02-20 18:03:38,698 INFO L290 TraceCheckUtils]: 47: Hoare triple {5427#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {5427#false} is VALID [2022-02-20 18:03:38,699 INFO L290 TraceCheckUtils]: 48: Hoare triple {5427#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5427#false} is VALID [2022-02-20 18:03:38,699 INFO L290 TraceCheckUtils]: 49: Hoare triple {5427#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5427#false} is VALID [2022-02-20 18:03:38,699 INFO L290 TraceCheckUtils]: 50: Hoare triple {5427#false} assume { :end_inline_setClientAutoResponse } true; {5427#false} is VALID [2022-02-20 18:03:38,699 INFO L290 TraceCheckUtils]: 51: Hoare triple {5427#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5427#false} is VALID [2022-02-20 18:03:38,699 INFO L290 TraceCheckUtils]: 52: Hoare triple {5427#false} assume !false; {5427#false} is VALID [2022-02-20 18:03:38,699 INFO L290 TraceCheckUtils]: 53: Hoare triple {5427#false} assume !(test_~splverifierCounter~0#1 < 4); {5427#false} is VALID [2022-02-20 18:03:38,700 INFO L290 TraceCheckUtils]: 54: Hoare triple {5427#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5427#false} is VALID [2022-02-20 18:03:38,700 INFO L272 TraceCheckUtils]: 55: Hoare triple {5427#false} call sendEmail(~bob~0, ~rjh~0); {5427#false} is VALID [2022-02-20 18:03:38,700 INFO L290 TraceCheckUtils]: 56: Hoare triple {5427#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5427#false} is VALID [2022-02-20 18:03:38,700 INFO L272 TraceCheckUtils]: 57: Hoare triple {5427#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5427#false} is VALID [2022-02-20 18:03:38,700 INFO L290 TraceCheckUtils]: 58: Hoare triple {5427#false} ~handle := #in~handle;~value := #in~value; {5427#false} is VALID [2022-02-20 18:03:38,701 INFO L290 TraceCheckUtils]: 59: Hoare triple {5427#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5427#false} is VALID [2022-02-20 18:03:38,701 INFO L290 TraceCheckUtils]: 60: Hoare triple {5427#false} assume true; {5427#false} is VALID [2022-02-20 18:03:38,701 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5427#false} {5427#false} #1194#return; {5427#false} is VALID [2022-02-20 18:03:38,701 INFO L272 TraceCheckUtils]: 62: Hoare triple {5427#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5427#false} is VALID [2022-02-20 18:03:38,701 INFO L290 TraceCheckUtils]: 63: Hoare triple {5427#false} ~handle := #in~handle;~value := #in~value; {5427#false} is VALID [2022-02-20 18:03:38,701 INFO L290 TraceCheckUtils]: 64: Hoare triple {5427#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5427#false} is VALID [2022-02-20 18:03:38,701 INFO L290 TraceCheckUtils]: 65: Hoare triple {5427#false} assume true; {5427#false} is VALID [2022-02-20 18:03:38,702 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5427#false} {5427#false} #1196#return; {5427#false} is VALID [2022-02-20 18:03:38,702 INFO L290 TraceCheckUtils]: 67: Hoare triple {5427#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {5427#false} is VALID [2022-02-20 18:03:38,702 INFO L290 TraceCheckUtils]: 68: Hoare triple {5427#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {5427#false} is VALID [2022-02-20 18:03:38,702 INFO L272 TraceCheckUtils]: 69: Hoare triple {5427#false} call outgoing(~sender#1, ~email~0#1); {5427#false} is VALID [2022-02-20 18:03:38,702 INFO L290 TraceCheckUtils]: 70: Hoare triple {5427#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {5427#false} is VALID [2022-02-20 18:03:38,702 INFO L272 TraceCheckUtils]: 71: Hoare triple {5427#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {5427#false} is VALID [2022-02-20 18:03:38,703 INFO L290 TraceCheckUtils]: 72: Hoare triple {5427#false} ~handle := #in~handle;havoc ~retValue_acc~30; {5427#false} is VALID [2022-02-20 18:03:38,703 INFO L290 TraceCheckUtils]: 73: Hoare triple {5427#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {5427#false} is VALID [2022-02-20 18:03:38,703 INFO L290 TraceCheckUtils]: 74: Hoare triple {5427#false} assume true; {5427#false} is VALID [2022-02-20 18:03:38,703 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5427#false} {5427#false} #1176#return; {5427#false} is VALID [2022-02-20 18:03:38,703 INFO L290 TraceCheckUtils]: 76: Hoare triple {5427#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {5427#false} is VALID [2022-02-20 18:03:38,703 INFO L290 TraceCheckUtils]: 77: Hoare triple {5427#false} assume !(0 != ~size~0#1); {5427#false} is VALID [2022-02-20 18:03:38,704 INFO L272 TraceCheckUtils]: 78: Hoare triple {5427#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {5427#false} is VALID [2022-02-20 18:03:38,704 INFO L290 TraceCheckUtils]: 79: Hoare triple {5427#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {5427#false} is VALID [2022-02-20 18:03:38,704 INFO L272 TraceCheckUtils]: 80: Hoare triple {5427#false} call #t~ret33#1 := getEmailTo(~msg#1); {5427#false} is VALID [2022-02-20 18:03:38,704 INFO L290 TraceCheckUtils]: 81: Hoare triple {5427#false} ~handle := #in~handle;havoc ~retValue_acc~15; {5427#false} is VALID [2022-02-20 18:03:38,704 INFO L290 TraceCheckUtils]: 82: Hoare triple {5427#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {5427#false} is VALID [2022-02-20 18:03:38,704 INFO L290 TraceCheckUtils]: 83: Hoare triple {5427#false} assume true; {5427#false} is VALID [2022-02-20 18:03:38,705 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {5427#false} {5427#false} #1208#return; {5427#false} is VALID [2022-02-20 18:03:38,705 INFO L290 TraceCheckUtils]: 85: Hoare triple {5427#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {5427#false} is VALID [2022-02-20 18:03:38,705 INFO L290 TraceCheckUtils]: 86: Hoare triple {5427#false} assume 1 == findPublicKey_~handle#1; {5427#false} is VALID [2022-02-20 18:03:38,705 INFO L290 TraceCheckUtils]: 87: Hoare triple {5427#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {5427#false} is VALID [2022-02-20 18:03:38,705 INFO L290 TraceCheckUtils]: 88: Hoare triple {5427#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {5427#false} is VALID [2022-02-20 18:03:38,705 INFO L290 TraceCheckUtils]: 89: Hoare triple {5427#false} assume !(0 != ~pubkey~0#1); {5427#false} is VALID [2022-02-20 18:03:38,706 INFO L290 TraceCheckUtils]: 90: Hoare triple {5427#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {5427#false} is VALID [2022-02-20 18:03:38,706 INFO L290 TraceCheckUtils]: 91: Hoare triple {5427#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {5427#false} is VALID [2022-02-20 18:03:38,706 INFO L290 TraceCheckUtils]: 92: Hoare triple {5427#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {5427#false} is VALID [2022-02-20 18:03:38,706 INFO L272 TraceCheckUtils]: 93: Hoare triple {5427#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {5427#false} is VALID [2022-02-20 18:03:38,706 INFO L290 TraceCheckUtils]: 94: Hoare triple {5427#false} ~handle := #in~handle;~value := #in~value; {5427#false} is VALID [2022-02-20 18:03:38,706 INFO L290 TraceCheckUtils]: 95: Hoare triple {5427#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5427#false} is VALID [2022-02-20 18:03:38,706 INFO L290 TraceCheckUtils]: 96: Hoare triple {5427#false} assume true; {5427#false} is VALID [2022-02-20 18:03:38,707 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5427#false} {5427#false} #1214#return; {5427#false} is VALID [2022-02-20 18:03:38,707 INFO L290 TraceCheckUtils]: 98: Hoare triple {5427#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {5427#false} is VALID [2022-02-20 18:03:38,707 INFO L290 TraceCheckUtils]: 99: Hoare triple {5427#false} assume 0 != ~in_encrypted~0; {5427#false} is VALID [2022-02-20 18:03:38,707 INFO L272 TraceCheckUtils]: 100: Hoare triple {5427#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {5427#false} is VALID [2022-02-20 18:03:38,707 INFO L290 TraceCheckUtils]: 101: Hoare triple {5427#false} ~handle := #in~handle;havoc ~retValue_acc~18; {5427#false} is VALID [2022-02-20 18:03:38,707 INFO L290 TraceCheckUtils]: 102: Hoare triple {5427#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {5427#false} is VALID [2022-02-20 18:03:38,708 INFO L290 TraceCheckUtils]: 103: Hoare triple {5427#false} assume true; {5427#false} is VALID [2022-02-20 18:03:38,708 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {5427#false} {5427#false} #1216#return; {5427#false} is VALID [2022-02-20 18:03:38,708 INFO L290 TraceCheckUtils]: 105: Hoare triple {5427#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {5427#false} is VALID [2022-02-20 18:03:38,708 INFO L290 TraceCheckUtils]: 106: Hoare triple {5427#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {5427#false} is VALID [2022-02-20 18:03:38,708 INFO L290 TraceCheckUtils]: 107: Hoare triple {5427#false} assume !false; {5427#false} is VALID [2022-02-20 18:03:38,709 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:03:38,709 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:38,709 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1534705117] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:38,709 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:38,709 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 18:03:38,710 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [321836086] [2022-02-20 18:03:38,710 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:38,710 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 108 [2022-02-20 18:03:38,711 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:38,711 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:38,813 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:38,814 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:03:38,814 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:38,814 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:03:38,814 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:03:38,814 INFO L87 Difference]: Start difference. First operand 395 states and 603 transitions. Second operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:39,455 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:39,456 INFO L93 Difference]: Finished difference Result 843 states and 1306 transitions. [2022-02-20 18:03:39,456 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:03:39,456 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 108 [2022-02-20 18:03:39,458 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:39,458 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:39,474 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1304 transitions. [2022-02-20 18:03:39,474 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:39,488 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1304 transitions. [2022-02-20 18:03:39,489 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1304 transitions. [2022-02-20 18:03:40,450 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1304 edges. 1304 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:40,469 INFO L225 Difference]: With dead ends: 843 [2022-02-20 18:03:40,469 INFO L226 Difference]: Without dead ends: 475 [2022-02-20 18:03:40,470 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 135 GetRequests, 127 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:03:40,471 INFO L933 BasicCegarLoop]: 630 mSDtfsCounter, 142 mSDsluCounter, 556 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 160 SdHoareTripleChecker+Valid, 1186 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:40,472 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [160 Valid, 1186 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:40,473 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 475 states. [2022-02-20 18:03:40,486 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 475 to 467. [2022-02-20 18:03:40,486 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:40,488 INFO L82 GeneralOperation]: Start isEquivalent. First operand 475 states. Second operand has 467 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 371 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:03:40,489 INFO L74 IsIncluded]: Start isIncluded. First operand 475 states. Second operand has 467 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 371 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:03:40,490 INFO L87 Difference]: Start difference. First operand 475 states. Second operand has 467 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 371 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:03:40,507 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:40,508 INFO L93 Difference]: Finished difference Result 475 states and 737 transitions. [2022-02-20 18:03:40,508 INFO L276 IsEmpty]: Start isEmpty. Operand 475 states and 737 transitions. [2022-02-20 18:03:40,510 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:40,510 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:40,512 INFO L74 IsIncluded]: Start isIncluded. First operand has 467 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 371 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) Second operand 475 states. [2022-02-20 18:03:40,513 INFO L87 Difference]: Start difference. First operand has 467 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 371 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) Second operand 475 states. [2022-02-20 18:03:40,530 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:40,531 INFO L93 Difference]: Finished difference Result 475 states and 737 transitions. [2022-02-20 18:03:40,531 INFO L276 IsEmpty]: Start isEmpty. Operand 475 states and 737 transitions. [2022-02-20 18:03:40,533 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:40,533 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:40,533 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:40,533 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:40,535 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 467 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 371 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 18:03:40,554 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 467 states to 467 states and 728 transitions. [2022-02-20 18:03:40,555 INFO L78 Accepts]: Start accepts. Automaton has 467 states and 728 transitions. Word has length 108 [2022-02-20 18:03:40,555 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:40,555 INFO L470 AbstractCegarLoop]: Abstraction has 467 states and 728 transitions. [2022-02-20 18:03:40,556 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 18:03:40,556 INFO L276 IsEmpty]: Start isEmpty. Operand 467 states and 728 transitions. [2022-02-20 18:03:40,558 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 18:03:40,558 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:40,558 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:40,586 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:40,771 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:40,772 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:40,772 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:40,772 INFO L85 PathProgramCache]: Analyzing trace with hash 630003650, now seen corresponding path program 1 times [2022-02-20 18:03:40,772 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:40,772 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1569372711] [2022-02-20 18:03:40,772 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:40,773 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:40,823 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,865 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:40,867 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,870 INFO L290 TraceCheckUtils]: 0: Hoare triple {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,870 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,870 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,871 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8577#true} #1250#return; {8577#true} is VALID [2022-02-20 18:03:40,876 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:40,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,881 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8577#true} #1252#return; {8577#true} is VALID [2022-02-20 18:03:40,881 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:40,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8630#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:40,898 INFO L290 TraceCheckUtils]: 1: Hoare triple {8630#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8631#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:40,898 INFO L290 TraceCheckUtils]: 2: Hoare triple {8631#(= |setClientId_#in~handle| 1)} assume true; {8631#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:40,899 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8631#(= |setClientId_#in~handle| 1)} {8587#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1254#return; {8578#false} is VALID [2022-02-20 18:03:40,899 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:03:40,901 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,903 INFO L290 TraceCheckUtils]: 0: Hoare triple {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,904 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,904 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,904 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1256#return; {8578#false} is VALID [2022-02-20 18:03:40,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:03:40,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,911 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1258#return; {8578#false} is VALID [2022-02-20 18:03:40,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 18:03:40,914 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,917 INFO L290 TraceCheckUtils]: 0: Hoare triple {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,917 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,918 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,918 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1260#return; {8578#false} is VALID [2022-02-20 18:03:40,925 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 18:03:40,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,928 INFO L290 TraceCheckUtils]: 0: Hoare triple {8632#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,928 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,929 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1194#return; {8578#false} is VALID [2022-02-20 18:03:40,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:03:40,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {8633#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1196#return; {8578#false} is VALID [2022-02-20 18:03:40,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 18:03:40,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {8577#true} ~handle := #in~handle;havoc ~retValue_acc~30; {8577#true} is VALID [2022-02-20 18:03:40,959 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {8577#true} is VALID [2022-02-20 18:03:40,959 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,959 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1176#return; {8578#false} is VALID [2022-02-20 18:03:40,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 18:03:40,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {8577#true} ~handle := #in~handle;havoc ~retValue_acc~15; {8577#true} is VALID [2022-02-20 18:03:40,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {8577#true} is VALID [2022-02-20 18:03:40,966 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,966 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1208#return; {8578#false} is VALID [2022-02-20 18:03:40,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 18:03:40,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {8632#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,980 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1214#return; {8578#false} is VALID [2022-02-20 18:03:40,980 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 18:03:40,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:40,983 INFO L290 TraceCheckUtils]: 0: Hoare triple {8577#true} ~handle := #in~handle;havoc ~retValue_acc~18; {8577#true} is VALID [2022-02-20 18:03:40,983 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {8577#true} is VALID [2022-02-20 18:03:40,983 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,984 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8577#true} {8578#false} #1216#return; {8578#false} is VALID [2022-02-20 18:03:40,984 INFO L290 TraceCheckUtils]: 0: Hoare triple {8577#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8577#true} is VALID [2022-02-20 18:03:40,984 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {8577#true} is VALID [2022-02-20 18:03:40,984 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8577#true} is VALID [2022-02-20 18:03:40,984 INFO L290 TraceCheckUtils]: 3: Hoare triple {8577#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {8577#true} is VALID [2022-02-20 18:03:40,984 INFO L290 TraceCheckUtils]: 4: Hoare triple {8577#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {8577#true} is VALID [2022-02-20 18:03:40,985 INFO L290 TraceCheckUtils]: 5: Hoare triple {8577#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8577#true} is VALID [2022-02-20 18:03:40,985 INFO L272 TraceCheckUtils]: 6: Hoare triple {8577#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:40,986 INFO L290 TraceCheckUtils]: 7: Hoare triple {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,986 INFO L290 TraceCheckUtils]: 8: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,986 INFO L290 TraceCheckUtils]: 9: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,986 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8577#true} {8577#true} #1250#return; {8577#true} is VALID [2022-02-20 18:03:40,986 INFO L290 TraceCheckUtils]: 11: Hoare triple {8577#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8577#true} is VALID [2022-02-20 18:03:40,987 INFO L272 TraceCheckUtils]: 12: Hoare triple {8577#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:40,987 INFO L290 TraceCheckUtils]: 13: Hoare triple {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,987 INFO L290 TraceCheckUtils]: 14: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,987 INFO L290 TraceCheckUtils]: 15: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,988 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8577#true} {8577#true} #1252#return; {8577#true} is VALID [2022-02-20 18:03:40,989 INFO L290 TraceCheckUtils]: 17: Hoare triple {8577#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8587#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 18:03:40,989 INFO L272 TraceCheckUtils]: 18: Hoare triple {8587#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:40,990 INFO L290 TraceCheckUtils]: 19: Hoare triple {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8630#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:40,990 INFO L290 TraceCheckUtils]: 20: Hoare triple {8630#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8631#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:40,990 INFO L290 TraceCheckUtils]: 21: Hoare triple {8631#(= |setClientId_#in~handle| 1)} assume true; {8631#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:40,991 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8631#(= |setClientId_#in~handle| 1)} {8587#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1254#return; {8578#false} is VALID [2022-02-20 18:03:40,991 INFO L290 TraceCheckUtils]: 23: Hoare triple {8578#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8578#false} is VALID [2022-02-20 18:03:40,991 INFO L272 TraceCheckUtils]: 24: Hoare triple {8578#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:40,991 INFO L290 TraceCheckUtils]: 25: Hoare triple {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,992 INFO L290 TraceCheckUtils]: 26: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,992 INFO L290 TraceCheckUtils]: 27: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,992 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8577#true} {8578#false} #1256#return; {8578#false} is VALID [2022-02-20 18:03:40,992 INFO L290 TraceCheckUtils]: 29: Hoare triple {8578#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8578#false} is VALID [2022-02-20 18:03:40,992 INFO L272 TraceCheckUtils]: 30: Hoare triple {8578#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:40,992 INFO L290 TraceCheckUtils]: 31: Hoare triple {8628#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,993 INFO L290 TraceCheckUtils]: 32: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,993 INFO L290 TraceCheckUtils]: 33: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,993 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8577#true} {8578#false} #1258#return; {8578#false} is VALID [2022-02-20 18:03:40,993 INFO L290 TraceCheckUtils]: 35: Hoare triple {8578#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8578#false} is VALID [2022-02-20 18:03:40,993 INFO L272 TraceCheckUtils]: 36: Hoare triple {8578#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:40,993 INFO L290 TraceCheckUtils]: 37: Hoare triple {8629#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,993 INFO L290 TraceCheckUtils]: 38: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,994 INFO L290 TraceCheckUtils]: 39: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,994 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8577#true} {8578#false} #1260#return; {8578#false} is VALID [2022-02-20 18:03:40,994 INFO L290 TraceCheckUtils]: 41: Hoare triple {8578#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {8578#false} is VALID [2022-02-20 18:03:40,994 INFO L290 TraceCheckUtils]: 42: Hoare triple {8578#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8578#false} is VALID [2022-02-20 18:03:40,994 INFO L290 TraceCheckUtils]: 43: Hoare triple {8578#false} assume !false; {8578#false} is VALID [2022-02-20 18:03:40,994 INFO L290 TraceCheckUtils]: 44: Hoare triple {8578#false} assume test_~splverifierCounter~0#1 < 4; {8578#false} is VALID [2022-02-20 18:03:40,995 INFO L290 TraceCheckUtils]: 45: Hoare triple {8578#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8578#false} is VALID [2022-02-20 18:03:40,995 INFO L290 TraceCheckUtils]: 46: Hoare triple {8578#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {8578#false} is VALID [2022-02-20 18:03:40,995 INFO L290 TraceCheckUtils]: 47: Hoare triple {8578#false} assume !(0 != test_~tmp___9~0#1); {8578#false} is VALID [2022-02-20 18:03:40,995 INFO L290 TraceCheckUtils]: 48: Hoare triple {8578#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {8578#false} is VALID [2022-02-20 18:03:40,995 INFO L290 TraceCheckUtils]: 49: Hoare triple {8578#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8578#false} is VALID [2022-02-20 18:03:40,995 INFO L290 TraceCheckUtils]: 50: Hoare triple {8578#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8578#false} is VALID [2022-02-20 18:03:40,996 INFO L290 TraceCheckUtils]: 51: Hoare triple {8578#false} assume { :end_inline_setClientAutoResponse } true; {8578#false} is VALID [2022-02-20 18:03:40,996 INFO L290 TraceCheckUtils]: 52: Hoare triple {8578#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8578#false} is VALID [2022-02-20 18:03:40,996 INFO L290 TraceCheckUtils]: 53: Hoare triple {8578#false} assume !false; {8578#false} is VALID [2022-02-20 18:03:40,996 INFO L290 TraceCheckUtils]: 54: Hoare triple {8578#false} assume !(test_~splverifierCounter~0#1 < 4); {8578#false} is VALID [2022-02-20 18:03:40,996 INFO L290 TraceCheckUtils]: 55: Hoare triple {8578#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {8578#false} is VALID [2022-02-20 18:03:40,996 INFO L272 TraceCheckUtils]: 56: Hoare triple {8578#false} call sendEmail(~bob~0, ~rjh~0); {8578#false} is VALID [2022-02-20 18:03:40,996 INFO L290 TraceCheckUtils]: 57: Hoare triple {8578#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8578#false} is VALID [2022-02-20 18:03:40,997 INFO L272 TraceCheckUtils]: 58: Hoare triple {8578#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8632#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:40,997 INFO L290 TraceCheckUtils]: 59: Hoare triple {8632#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,997 INFO L290 TraceCheckUtils]: 60: Hoare triple {8577#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,997 INFO L290 TraceCheckUtils]: 61: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,997 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8577#true} {8578#false} #1194#return; {8578#false} is VALID [2022-02-20 18:03:40,997 INFO L272 TraceCheckUtils]: 63: Hoare triple {8578#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8633#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:40,997 INFO L290 TraceCheckUtils]: 64: Hoare triple {8633#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:40,998 INFO L290 TraceCheckUtils]: 65: Hoare triple {8577#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:40,998 INFO L290 TraceCheckUtils]: 66: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,998 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8577#true} {8578#false} #1196#return; {8578#false} is VALID [2022-02-20 18:03:40,998 INFO L290 TraceCheckUtils]: 68: Hoare triple {8578#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {8578#false} is VALID [2022-02-20 18:03:40,998 INFO L290 TraceCheckUtils]: 69: Hoare triple {8578#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {8578#false} is VALID [2022-02-20 18:03:40,998 INFO L272 TraceCheckUtils]: 70: Hoare triple {8578#false} call outgoing(~sender#1, ~email~0#1); {8578#false} is VALID [2022-02-20 18:03:40,999 INFO L290 TraceCheckUtils]: 71: Hoare triple {8578#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {8578#false} is VALID [2022-02-20 18:03:40,999 INFO L272 TraceCheckUtils]: 72: Hoare triple {8578#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {8577#true} is VALID [2022-02-20 18:03:40,999 INFO L290 TraceCheckUtils]: 73: Hoare triple {8577#true} ~handle := #in~handle;havoc ~retValue_acc~30; {8577#true} is VALID [2022-02-20 18:03:40,999 INFO L290 TraceCheckUtils]: 74: Hoare triple {8577#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {8577#true} is VALID [2022-02-20 18:03:40,999 INFO L290 TraceCheckUtils]: 75: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:40,999 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8577#true} {8578#false} #1176#return; {8578#false} is VALID [2022-02-20 18:03:41,000 INFO L290 TraceCheckUtils]: 77: Hoare triple {8578#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {8578#false} is VALID [2022-02-20 18:03:41,000 INFO L290 TraceCheckUtils]: 78: Hoare triple {8578#false} assume !(0 != ~size~0#1); {8578#false} is VALID [2022-02-20 18:03:41,000 INFO L272 TraceCheckUtils]: 79: Hoare triple {8578#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {8578#false} is VALID [2022-02-20 18:03:41,000 INFO L290 TraceCheckUtils]: 80: Hoare triple {8578#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {8578#false} is VALID [2022-02-20 18:03:41,000 INFO L272 TraceCheckUtils]: 81: Hoare triple {8578#false} call #t~ret33#1 := getEmailTo(~msg#1); {8577#true} is VALID [2022-02-20 18:03:41,000 INFO L290 TraceCheckUtils]: 82: Hoare triple {8577#true} ~handle := #in~handle;havoc ~retValue_acc~15; {8577#true} is VALID [2022-02-20 18:03:41,000 INFO L290 TraceCheckUtils]: 83: Hoare triple {8577#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {8577#true} is VALID [2022-02-20 18:03:41,001 INFO L290 TraceCheckUtils]: 84: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:41,001 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8577#true} {8578#false} #1208#return; {8578#false} is VALID [2022-02-20 18:03:41,001 INFO L290 TraceCheckUtils]: 86: Hoare triple {8578#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {8578#false} is VALID [2022-02-20 18:03:41,001 INFO L290 TraceCheckUtils]: 87: Hoare triple {8578#false} assume 1 == findPublicKey_~handle#1; {8578#false} is VALID [2022-02-20 18:03:41,001 INFO L290 TraceCheckUtils]: 88: Hoare triple {8578#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {8578#false} is VALID [2022-02-20 18:03:41,001 INFO L290 TraceCheckUtils]: 89: Hoare triple {8578#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {8578#false} is VALID [2022-02-20 18:03:41,002 INFO L290 TraceCheckUtils]: 90: Hoare triple {8578#false} assume !(0 != ~pubkey~0#1); {8578#false} is VALID [2022-02-20 18:03:41,002 INFO L290 TraceCheckUtils]: 91: Hoare triple {8578#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {8578#false} is VALID [2022-02-20 18:03:41,002 INFO L290 TraceCheckUtils]: 92: Hoare triple {8578#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {8578#false} is VALID [2022-02-20 18:03:41,002 INFO L290 TraceCheckUtils]: 93: Hoare triple {8578#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {8578#false} is VALID [2022-02-20 18:03:41,002 INFO L272 TraceCheckUtils]: 94: Hoare triple {8578#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {8632#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:41,002 INFO L290 TraceCheckUtils]: 95: Hoare triple {8632#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:41,002 INFO L290 TraceCheckUtils]: 96: Hoare triple {8577#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:41,003 INFO L290 TraceCheckUtils]: 97: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:41,003 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8577#true} {8578#false} #1214#return; {8578#false} is VALID [2022-02-20 18:03:41,003 INFO L290 TraceCheckUtils]: 99: Hoare triple {8578#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {8578#false} is VALID [2022-02-20 18:03:41,003 INFO L290 TraceCheckUtils]: 100: Hoare triple {8578#false} assume 0 != ~in_encrypted~0; {8578#false} is VALID [2022-02-20 18:03:41,003 INFO L272 TraceCheckUtils]: 101: Hoare triple {8578#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {8577#true} is VALID [2022-02-20 18:03:41,003 INFO L290 TraceCheckUtils]: 102: Hoare triple {8577#true} ~handle := #in~handle;havoc ~retValue_acc~18; {8577#true} is VALID [2022-02-20 18:03:41,004 INFO L290 TraceCheckUtils]: 103: Hoare triple {8577#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {8577#true} is VALID [2022-02-20 18:03:41,004 INFO L290 TraceCheckUtils]: 104: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:41,004 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {8577#true} {8578#false} #1216#return; {8578#false} is VALID [2022-02-20 18:03:41,004 INFO L290 TraceCheckUtils]: 106: Hoare triple {8578#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {8578#false} is VALID [2022-02-20 18:03:41,004 INFO L290 TraceCheckUtils]: 107: Hoare triple {8578#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {8578#false} is VALID [2022-02-20 18:03:41,004 INFO L290 TraceCheckUtils]: 108: Hoare triple {8578#false} assume !false; {8578#false} is VALID [2022-02-20 18:03:41,005 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:03:41,008 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:41,009 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1569372711] [2022-02-20 18:03:41,009 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1569372711] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:41,010 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2097157380] [2022-02-20 18:03:41,010 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:41,010 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:41,010 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:41,012 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:41,043 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 18:03:41,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:41,267 INFO L263 TraceCheckSpWp]: Trace formula consists of 1084 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:03:41,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:41,331 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:41,652 INFO L290 TraceCheckUtils]: 0: Hoare triple {8577#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L290 TraceCheckUtils]: 1: Hoare triple {8577#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L290 TraceCheckUtils]: 2: Hoare triple {8577#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L290 TraceCheckUtils]: 3: Hoare triple {8577#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L290 TraceCheckUtils]: 4: Hoare triple {8577#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L290 TraceCheckUtils]: 5: Hoare triple {8577#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L272 TraceCheckUtils]: 6: Hoare triple {8577#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L290 TraceCheckUtils]: 7: Hoare triple {8577#true} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L290 TraceCheckUtils]: 8: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:41,653 INFO L290 TraceCheckUtils]: 9: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:41,654 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8577#true} {8577#true} #1250#return; {8577#true} is VALID [2022-02-20 18:03:41,654 INFO L290 TraceCheckUtils]: 11: Hoare triple {8577#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8577#true} is VALID [2022-02-20 18:03:41,654 INFO L272 TraceCheckUtils]: 12: Hoare triple {8577#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8577#true} is VALID [2022-02-20 18:03:41,654 INFO L290 TraceCheckUtils]: 13: Hoare triple {8577#true} ~handle := #in~handle;~value := #in~value; {8577#true} is VALID [2022-02-20 18:03:41,654 INFO L290 TraceCheckUtils]: 14: Hoare triple {8577#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8577#true} is VALID [2022-02-20 18:03:41,654 INFO L290 TraceCheckUtils]: 15: Hoare triple {8577#true} assume true; {8577#true} is VALID [2022-02-20 18:03:41,654 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8577#true} {8577#true} #1252#return; {8577#true} is VALID [2022-02-20 18:03:41,655 INFO L290 TraceCheckUtils]: 17: Hoare triple {8577#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8688#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:03:41,655 INFO L272 TraceCheckUtils]: 18: Hoare triple {8688#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8577#true} is VALID [2022-02-20 18:03:41,655 INFO L290 TraceCheckUtils]: 19: Hoare triple {8577#true} ~handle := #in~handle;~value := #in~value; {8695#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 18:03:41,656 INFO L290 TraceCheckUtils]: 20: Hoare triple {8695#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8699#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:41,656 INFO L290 TraceCheckUtils]: 21: Hoare triple {8699#(<= |setClientId_#in~handle| 1)} assume true; {8699#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:41,657 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8699#(<= |setClientId_#in~handle| 1)} {8688#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1254#return; {8578#false} is VALID [2022-02-20 18:03:41,657 INFO L290 TraceCheckUtils]: 23: Hoare triple {8578#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8578#false} is VALID [2022-02-20 18:03:41,657 INFO L272 TraceCheckUtils]: 24: Hoare triple {8578#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8578#false} is VALID [2022-02-20 18:03:41,657 INFO L290 TraceCheckUtils]: 25: Hoare triple {8578#false} ~handle := #in~handle;~value := #in~value; {8578#false} is VALID [2022-02-20 18:03:41,657 INFO L290 TraceCheckUtils]: 26: Hoare triple {8578#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8578#false} is VALID [2022-02-20 18:03:41,657 INFO L290 TraceCheckUtils]: 27: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,657 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8578#false} {8578#false} #1256#return; {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L290 TraceCheckUtils]: 29: Hoare triple {8578#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L272 TraceCheckUtils]: 30: Hoare triple {8578#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L290 TraceCheckUtils]: 31: Hoare triple {8578#false} ~handle := #in~handle;~value := #in~value; {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L290 TraceCheckUtils]: 32: Hoare triple {8578#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L290 TraceCheckUtils]: 33: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8578#false} {8578#false} #1258#return; {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L290 TraceCheckUtils]: 35: Hoare triple {8578#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L272 TraceCheckUtils]: 36: Hoare triple {8578#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8578#false} is VALID [2022-02-20 18:03:41,658 INFO L290 TraceCheckUtils]: 37: Hoare triple {8578#false} ~handle := #in~handle;~value := #in~value; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L290 TraceCheckUtils]: 38: Hoare triple {8578#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L290 TraceCheckUtils]: 39: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8578#false} {8578#false} #1260#return; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L290 TraceCheckUtils]: 41: Hoare triple {8578#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L290 TraceCheckUtils]: 42: Hoare triple {8578#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L290 TraceCheckUtils]: 43: Hoare triple {8578#false} assume !false; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L290 TraceCheckUtils]: 44: Hoare triple {8578#false} assume test_~splverifierCounter~0#1 < 4; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L290 TraceCheckUtils]: 45: Hoare triple {8578#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8578#false} is VALID [2022-02-20 18:03:41,659 INFO L290 TraceCheckUtils]: 46: Hoare triple {8578#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 47: Hoare triple {8578#false} assume !(0 != test_~tmp___9~0#1); {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 48: Hoare triple {8578#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 49: Hoare triple {8578#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 50: Hoare triple {8578#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 51: Hoare triple {8578#false} assume { :end_inline_setClientAutoResponse } true; {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 52: Hoare triple {8578#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 53: Hoare triple {8578#false} assume !false; {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 54: Hoare triple {8578#false} assume !(test_~splverifierCounter~0#1 < 4); {8578#false} is VALID [2022-02-20 18:03:41,660 INFO L290 TraceCheckUtils]: 55: Hoare triple {8578#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L272 TraceCheckUtils]: 56: Hoare triple {8578#false} call sendEmail(~bob~0, ~rjh~0); {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L290 TraceCheckUtils]: 57: Hoare triple {8578#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L272 TraceCheckUtils]: 58: Hoare triple {8578#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L290 TraceCheckUtils]: 59: Hoare triple {8578#false} ~handle := #in~handle;~value := #in~value; {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L290 TraceCheckUtils]: 60: Hoare triple {8578#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L290 TraceCheckUtils]: 61: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8578#false} {8578#false} #1194#return; {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L272 TraceCheckUtils]: 63: Hoare triple {8578#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8578#false} is VALID [2022-02-20 18:03:41,661 INFO L290 TraceCheckUtils]: 64: Hoare triple {8578#false} ~handle := #in~handle;~value := #in~value; {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L290 TraceCheckUtils]: 65: Hoare triple {8578#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L290 TraceCheckUtils]: 66: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8578#false} {8578#false} #1196#return; {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L290 TraceCheckUtils]: 68: Hoare triple {8578#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L290 TraceCheckUtils]: 69: Hoare triple {8578#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L272 TraceCheckUtils]: 70: Hoare triple {8578#false} call outgoing(~sender#1, ~email~0#1); {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L290 TraceCheckUtils]: 71: Hoare triple {8578#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L272 TraceCheckUtils]: 72: Hoare triple {8578#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {8578#false} is VALID [2022-02-20 18:03:41,662 INFO L290 TraceCheckUtils]: 73: Hoare triple {8578#false} ~handle := #in~handle;havoc ~retValue_acc~30; {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L290 TraceCheckUtils]: 74: Hoare triple {8578#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L290 TraceCheckUtils]: 75: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8578#false} {8578#false} #1176#return; {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L290 TraceCheckUtils]: 77: Hoare triple {8578#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L290 TraceCheckUtils]: 78: Hoare triple {8578#false} assume !(0 != ~size~0#1); {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L272 TraceCheckUtils]: 79: Hoare triple {8578#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L290 TraceCheckUtils]: 80: Hoare triple {8578#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L272 TraceCheckUtils]: 81: Hoare triple {8578#false} call #t~ret33#1 := getEmailTo(~msg#1); {8578#false} is VALID [2022-02-20 18:03:41,663 INFO L290 TraceCheckUtils]: 82: Hoare triple {8578#false} ~handle := #in~handle;havoc ~retValue_acc~15; {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L290 TraceCheckUtils]: 83: Hoare triple {8578#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L290 TraceCheckUtils]: 84: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8578#false} {8578#false} #1208#return; {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L290 TraceCheckUtils]: 86: Hoare triple {8578#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L290 TraceCheckUtils]: 87: Hoare triple {8578#false} assume 1 == findPublicKey_~handle#1; {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L290 TraceCheckUtils]: 88: Hoare triple {8578#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L290 TraceCheckUtils]: 89: Hoare triple {8578#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L290 TraceCheckUtils]: 90: Hoare triple {8578#false} assume !(0 != ~pubkey~0#1); {8578#false} is VALID [2022-02-20 18:03:41,664 INFO L290 TraceCheckUtils]: 91: Hoare triple {8578#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L290 TraceCheckUtils]: 92: Hoare triple {8578#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L290 TraceCheckUtils]: 93: Hoare triple {8578#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L272 TraceCheckUtils]: 94: Hoare triple {8578#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L290 TraceCheckUtils]: 95: Hoare triple {8578#false} ~handle := #in~handle;~value := #in~value; {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L290 TraceCheckUtils]: 96: Hoare triple {8578#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L290 TraceCheckUtils]: 97: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8578#false} {8578#false} #1214#return; {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L290 TraceCheckUtils]: 99: Hoare triple {8578#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {8578#false} is VALID [2022-02-20 18:03:41,665 INFO L290 TraceCheckUtils]: 100: Hoare triple {8578#false} assume 0 != ~in_encrypted~0; {8578#false} is VALID [2022-02-20 18:03:41,666 INFO L272 TraceCheckUtils]: 101: Hoare triple {8578#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {8578#false} is VALID [2022-02-20 18:03:41,666 INFO L290 TraceCheckUtils]: 102: Hoare triple {8578#false} ~handle := #in~handle;havoc ~retValue_acc~18; {8578#false} is VALID [2022-02-20 18:03:41,666 INFO L290 TraceCheckUtils]: 103: Hoare triple {8578#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {8578#false} is VALID [2022-02-20 18:03:41,666 INFO L290 TraceCheckUtils]: 104: Hoare triple {8578#false} assume true; {8578#false} is VALID [2022-02-20 18:03:41,666 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {8578#false} {8578#false} #1216#return; {8578#false} is VALID [2022-02-20 18:03:41,666 INFO L290 TraceCheckUtils]: 106: Hoare triple {8578#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {8578#false} is VALID [2022-02-20 18:03:41,666 INFO L290 TraceCheckUtils]: 107: Hoare triple {8578#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {8578#false} is VALID [2022-02-20 18:03:41,666 INFO L290 TraceCheckUtils]: 108: Hoare triple {8578#false} assume !false; {8578#false} is VALID [2022-02-20 18:03:41,667 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:03:41,667 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:41,667 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2097157380] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:41,670 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:41,671 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 18:03:41,671 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1129781055] [2022-02-20 18:03:41,671 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:41,672 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 18:03:41,672 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:41,672 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:41,759 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:41,759 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:03:41,759 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:41,760 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:03:41,760 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:03:41,763 INFO L87 Difference]: Start difference. First operand 467 states and 728 transitions. Second operand has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:42,935 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:42,935 INFO L93 Difference]: Finished difference Result 925 states and 1446 transitions. [2022-02-20 18:03:42,936 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:03:42,936 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 18:03:42,936 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:42,937 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:42,948 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1192 transitions. [2022-02-20 18:03:42,948 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:42,960 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1192 transitions. [2022-02-20 18:03:42,960 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1192 transitions. [2022-02-20 18:03:43,714 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1192 edges. 1192 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:43,731 INFO L225 Difference]: With dead ends: 925 [2022-02-20 18:03:43,731 INFO L226 Difference]: Without dead ends: 469 [2022-02-20 18:03:43,733 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 137 GetRequests, 126 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 18:03:43,734 INFO L933 BasicCegarLoop]: 592 mSDtfsCounter, 160 mSDsluCounter, 1594 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 2186 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:43,734 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 2186 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:43,735 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 469 states. [2022-02-20 18:03:43,800 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 469 to 469. [2022-02-20 18:03:43,801 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:43,802 INFO L82 GeneralOperation]: Start isEquivalent. First operand 469 states. Second operand has 469 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 373 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:03:43,803 INFO L74 IsIncluded]: Start isIncluded. First operand 469 states. Second operand has 469 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 373 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:03:43,805 INFO L87 Difference]: Start difference. First operand 469 states. Second operand has 469 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 373 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:03:43,822 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:43,823 INFO L93 Difference]: Finished difference Result 469 states and 731 transitions. [2022-02-20 18:03:43,823 INFO L276 IsEmpty]: Start isEmpty. Operand 469 states and 731 transitions. [2022-02-20 18:03:43,825 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:43,825 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:43,826 INFO L74 IsIncluded]: Start isIncluded. First operand has 469 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 373 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) Second operand 469 states. [2022-02-20 18:03:43,828 INFO L87 Difference]: Start difference. First operand has 469 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 373 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) Second operand 469 states. [2022-02-20 18:03:43,846 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:43,847 INFO L93 Difference]: Finished difference Result 469 states and 731 transitions. [2022-02-20 18:03:43,847 INFO L276 IsEmpty]: Start isEmpty. Operand 469 states and 731 transitions. [2022-02-20 18:03:43,849 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:43,849 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:43,849 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:43,849 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:43,851 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 469 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 373 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 18:03:43,870 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 469 states to 469 states and 731 transitions. [2022-02-20 18:03:43,871 INFO L78 Accepts]: Start accepts. Automaton has 469 states and 731 transitions. Word has length 109 [2022-02-20 18:03:43,871 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:43,871 INFO L470 AbstractCegarLoop]: Abstraction has 469 states and 731 transitions. [2022-02-20 18:03:43,871 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:43,871 INFO L276 IsEmpty]: Start isEmpty. Operand 469 states and 731 transitions. [2022-02-20 18:03:43,873 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2022-02-20 18:03:43,874 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:43,874 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:43,902 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:44,087 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:44,087 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:44,088 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:44,088 INFO L85 PathProgramCache]: Analyzing trace with hash 1737380185, now seen corresponding path program 1 times [2022-02-20 18:03:44,088 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:44,088 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1496032602] [2022-02-20 18:03:44,088 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:44,088 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:44,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:44,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,181 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,181 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11847#true} #1250#return; {11847#true} is VALID [2022-02-20 18:03:44,187 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:44,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,191 INFO L290 TraceCheckUtils]: 0: Hoare triple {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,191 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,191 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,191 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11847#true} #1252#return; {11847#true} is VALID [2022-02-20 18:03:44,192 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:44,193 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11902#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,208 INFO L290 TraceCheckUtils]: 1: Hoare triple {11902#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11902#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,209 INFO L290 TraceCheckUtils]: 2: Hoare triple {11902#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11903#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,209 INFO L290 TraceCheckUtils]: 3: Hoare triple {11903#(= 2 |setClientId_#in~handle|)} assume true; {11903#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,210 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11903#(= 2 |setClientId_#in~handle|)} {11857#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1254#return; {11863#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:03:44,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:44,213 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11904#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:44,230 INFO L290 TraceCheckUtils]: 1: Hoare triple {11904#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11905#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:44,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {11905#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11905#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:44,231 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11905#(= |setClientPrivateKey_#in~handle| 1)} {11863#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1256#return; {11848#false} is VALID [2022-02-20 18:03:44,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:03:44,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,235 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,235 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11848#false} #1258#return; {11848#false} is VALID [2022-02-20 18:03:44,235 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:03:44,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,238 INFO L290 TraceCheckUtils]: 0: Hoare triple {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,238 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,238 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,239 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11848#false} #1260#return; {11848#false} is VALID [2022-02-20 18:03:44,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 18:03:44,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {11906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,250 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11848#false} #1194#return; {11848#false} is VALID [2022-02-20 18:03:44,259 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 18:03:44,260 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,262 INFO L290 TraceCheckUtils]: 0: Hoare triple {11907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,263 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11848#false} #1196#return; {11848#false} is VALID [2022-02-20 18:03:44,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:03:44,263 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,265 INFO L290 TraceCheckUtils]: 0: Hoare triple {11847#true} ~handle := #in~handle;havoc ~retValue_acc~30; {11847#true} is VALID [2022-02-20 18:03:44,265 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {11847#true} is VALID [2022-02-20 18:03:44,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,265 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11848#false} #1176#return; {11848#false} is VALID [2022-02-20 18:03:44,266 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:03:44,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {11847#true} ~handle := #in~handle;havoc ~retValue_acc~15; {11847#true} is VALID [2022-02-20 18:03:44,268 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {11847#true} is VALID [2022-02-20 18:03:44,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11848#false} #1208#return; {11848#false} is VALID [2022-02-20 18:03:44,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 18:03:44,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {11906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,271 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,271 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,271 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11848#false} #1214#return; {11848#false} is VALID [2022-02-20 18:03:44,271 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 18:03:44,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {11847#true} ~handle := #in~handle;havoc ~retValue_acc~18; {11847#true} is VALID [2022-02-20 18:03:44,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {11847#true} is VALID [2022-02-20 18:03:44,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,274 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11847#true} {11848#false} #1216#return; {11848#false} is VALID [2022-02-20 18:03:44,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {11847#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11847#true} is VALID [2022-02-20 18:03:44,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {11847#true} is VALID [2022-02-20 18:03:44,275 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11847#true} is VALID [2022-02-20 18:03:44,275 INFO L290 TraceCheckUtils]: 3: Hoare triple {11847#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {11847#true} is VALID [2022-02-20 18:03:44,275 INFO L290 TraceCheckUtils]: 4: Hoare triple {11847#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {11847#true} is VALID [2022-02-20 18:03:44,275 INFO L290 TraceCheckUtils]: 5: Hoare triple {11847#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11847#true} is VALID [2022-02-20 18:03:44,276 INFO L272 TraceCheckUtils]: 6: Hoare triple {11847#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:44,276 INFO L290 TraceCheckUtils]: 7: Hoare triple {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,276 INFO L290 TraceCheckUtils]: 8: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,276 INFO L290 TraceCheckUtils]: 9: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,276 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11847#true} {11847#true} #1250#return; {11847#true} is VALID [2022-02-20 18:03:44,277 INFO L290 TraceCheckUtils]: 11: Hoare triple {11847#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11847#true} is VALID [2022-02-20 18:03:44,277 INFO L272 TraceCheckUtils]: 12: Hoare triple {11847#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:44,277 INFO L290 TraceCheckUtils]: 13: Hoare triple {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,278 INFO L290 TraceCheckUtils]: 14: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,278 INFO L290 TraceCheckUtils]: 15: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,278 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11847#true} {11847#true} #1252#return; {11847#true} is VALID [2022-02-20 18:03:44,278 INFO L290 TraceCheckUtils]: 17: Hoare triple {11847#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11857#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 18:03:44,279 INFO L272 TraceCheckUtils]: 18: Hoare triple {11857#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:44,279 INFO L290 TraceCheckUtils]: 19: Hoare triple {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11902#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,280 INFO L290 TraceCheckUtils]: 20: Hoare triple {11902#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11902#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,280 INFO L290 TraceCheckUtils]: 21: Hoare triple {11902#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11903#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,281 INFO L290 TraceCheckUtils]: 22: Hoare triple {11903#(= 2 |setClientId_#in~handle|)} assume true; {11903#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:44,281 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11903#(= 2 |setClientId_#in~handle|)} {11857#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1254#return; {11863#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:03:44,282 INFO L290 TraceCheckUtils]: 24: Hoare triple {11863#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11863#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 18:03:44,282 INFO L272 TraceCheckUtils]: 25: Hoare triple {11863#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:44,283 INFO L290 TraceCheckUtils]: 26: Hoare triple {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11904#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:03:44,283 INFO L290 TraceCheckUtils]: 27: Hoare triple {11904#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11905#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:44,283 INFO L290 TraceCheckUtils]: 28: Hoare triple {11905#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11905#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:44,284 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11905#(= |setClientPrivateKey_#in~handle| 1)} {11863#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1256#return; {11848#false} is VALID [2022-02-20 18:03:44,284 INFO L290 TraceCheckUtils]: 30: Hoare triple {11848#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11848#false} is VALID [2022-02-20 18:03:44,284 INFO L272 TraceCheckUtils]: 31: Hoare triple {11848#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:44,284 INFO L290 TraceCheckUtils]: 32: Hoare triple {11900#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,284 INFO L290 TraceCheckUtils]: 33: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,285 INFO L290 TraceCheckUtils]: 34: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,285 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11847#true} {11848#false} #1258#return; {11848#false} is VALID [2022-02-20 18:03:44,285 INFO L290 TraceCheckUtils]: 36: Hoare triple {11848#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11848#false} is VALID [2022-02-20 18:03:44,285 INFO L272 TraceCheckUtils]: 37: Hoare triple {11848#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:44,285 INFO L290 TraceCheckUtils]: 38: Hoare triple {11901#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,285 INFO L290 TraceCheckUtils]: 39: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,285 INFO L290 TraceCheckUtils]: 40: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,286 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11847#true} {11848#false} #1260#return; {11848#false} is VALID [2022-02-20 18:03:44,286 INFO L290 TraceCheckUtils]: 42: Hoare triple {11848#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {11848#false} is VALID [2022-02-20 18:03:44,286 INFO L290 TraceCheckUtils]: 43: Hoare triple {11848#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11848#false} is VALID [2022-02-20 18:03:44,286 INFO L290 TraceCheckUtils]: 44: Hoare triple {11848#false} assume !false; {11848#false} is VALID [2022-02-20 18:03:44,286 INFO L290 TraceCheckUtils]: 45: Hoare triple {11848#false} assume test_~splverifierCounter~0#1 < 4; {11848#false} is VALID [2022-02-20 18:03:44,286 INFO L290 TraceCheckUtils]: 46: Hoare triple {11848#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11848#false} is VALID [2022-02-20 18:03:44,286 INFO L290 TraceCheckUtils]: 47: Hoare triple {11848#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {11848#false} is VALID [2022-02-20 18:03:44,287 INFO L290 TraceCheckUtils]: 48: Hoare triple {11848#false} assume !(0 != test_~tmp___9~0#1); {11848#false} is VALID [2022-02-20 18:03:44,287 INFO L290 TraceCheckUtils]: 49: Hoare triple {11848#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {11848#false} is VALID [2022-02-20 18:03:44,287 INFO L290 TraceCheckUtils]: 50: Hoare triple {11848#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11848#false} is VALID [2022-02-20 18:03:44,287 INFO L290 TraceCheckUtils]: 51: Hoare triple {11848#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11848#false} is VALID [2022-02-20 18:03:44,287 INFO L290 TraceCheckUtils]: 52: Hoare triple {11848#false} assume { :end_inline_setClientAutoResponse } true; {11848#false} is VALID [2022-02-20 18:03:44,287 INFO L290 TraceCheckUtils]: 53: Hoare triple {11848#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11848#false} is VALID [2022-02-20 18:03:44,287 INFO L290 TraceCheckUtils]: 54: Hoare triple {11848#false} assume !false; {11848#false} is VALID [2022-02-20 18:03:44,288 INFO L290 TraceCheckUtils]: 55: Hoare triple {11848#false} assume !(test_~splverifierCounter~0#1 < 4); {11848#false} is VALID [2022-02-20 18:03:44,288 INFO L290 TraceCheckUtils]: 56: Hoare triple {11848#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {11848#false} is VALID [2022-02-20 18:03:44,288 INFO L272 TraceCheckUtils]: 57: Hoare triple {11848#false} call sendEmail(~bob~0, ~rjh~0); {11848#false} is VALID [2022-02-20 18:03:44,288 INFO L290 TraceCheckUtils]: 58: Hoare triple {11848#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11848#false} is VALID [2022-02-20 18:03:44,288 INFO L272 TraceCheckUtils]: 59: Hoare triple {11848#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:44,288 INFO L290 TraceCheckUtils]: 60: Hoare triple {11906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,288 INFO L290 TraceCheckUtils]: 61: Hoare triple {11847#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,289 INFO L290 TraceCheckUtils]: 62: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,289 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11847#true} {11848#false} #1194#return; {11848#false} is VALID [2022-02-20 18:03:44,289 INFO L272 TraceCheckUtils]: 64: Hoare triple {11848#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:44,289 INFO L290 TraceCheckUtils]: 65: Hoare triple {11907#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,289 INFO L290 TraceCheckUtils]: 66: Hoare triple {11847#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,289 INFO L290 TraceCheckUtils]: 67: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,289 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11847#true} {11848#false} #1196#return; {11848#false} is VALID [2022-02-20 18:03:44,290 INFO L290 TraceCheckUtils]: 69: Hoare triple {11848#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {11848#false} is VALID [2022-02-20 18:03:44,290 INFO L290 TraceCheckUtils]: 70: Hoare triple {11848#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {11848#false} is VALID [2022-02-20 18:03:44,290 INFO L272 TraceCheckUtils]: 71: Hoare triple {11848#false} call outgoing(~sender#1, ~email~0#1); {11848#false} is VALID [2022-02-20 18:03:44,290 INFO L290 TraceCheckUtils]: 72: Hoare triple {11848#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {11848#false} is VALID [2022-02-20 18:03:44,290 INFO L272 TraceCheckUtils]: 73: Hoare triple {11848#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {11847#true} is VALID [2022-02-20 18:03:44,290 INFO L290 TraceCheckUtils]: 74: Hoare triple {11847#true} ~handle := #in~handle;havoc ~retValue_acc~30; {11847#true} is VALID [2022-02-20 18:03:44,290 INFO L290 TraceCheckUtils]: 75: Hoare triple {11847#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {11847#true} is VALID [2022-02-20 18:03:44,291 INFO L290 TraceCheckUtils]: 76: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,291 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {11847#true} {11848#false} #1176#return; {11848#false} is VALID [2022-02-20 18:03:44,291 INFO L290 TraceCheckUtils]: 78: Hoare triple {11848#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {11848#false} is VALID [2022-02-20 18:03:44,291 INFO L290 TraceCheckUtils]: 79: Hoare triple {11848#false} assume !(0 != ~size~0#1); {11848#false} is VALID [2022-02-20 18:03:44,291 INFO L272 TraceCheckUtils]: 80: Hoare triple {11848#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {11848#false} is VALID [2022-02-20 18:03:44,291 INFO L290 TraceCheckUtils]: 81: Hoare triple {11848#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {11848#false} is VALID [2022-02-20 18:03:44,291 INFO L272 TraceCheckUtils]: 82: Hoare triple {11848#false} call #t~ret33#1 := getEmailTo(~msg#1); {11847#true} is VALID [2022-02-20 18:03:44,292 INFO L290 TraceCheckUtils]: 83: Hoare triple {11847#true} ~handle := #in~handle;havoc ~retValue_acc~15; {11847#true} is VALID [2022-02-20 18:03:44,292 INFO L290 TraceCheckUtils]: 84: Hoare triple {11847#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {11847#true} is VALID [2022-02-20 18:03:44,292 INFO L290 TraceCheckUtils]: 85: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,292 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {11847#true} {11848#false} #1208#return; {11848#false} is VALID [2022-02-20 18:03:44,292 INFO L290 TraceCheckUtils]: 87: Hoare triple {11848#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {11848#false} is VALID [2022-02-20 18:03:44,292 INFO L290 TraceCheckUtils]: 88: Hoare triple {11848#false} assume 1 == findPublicKey_~handle#1; {11848#false} is VALID [2022-02-20 18:03:44,292 INFO L290 TraceCheckUtils]: 89: Hoare triple {11848#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {11848#false} is VALID [2022-02-20 18:03:44,293 INFO L290 TraceCheckUtils]: 90: Hoare triple {11848#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {11848#false} is VALID [2022-02-20 18:03:44,293 INFO L290 TraceCheckUtils]: 91: Hoare triple {11848#false} assume !(0 != ~pubkey~0#1); {11848#false} is VALID [2022-02-20 18:03:44,293 INFO L290 TraceCheckUtils]: 92: Hoare triple {11848#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {11848#false} is VALID [2022-02-20 18:03:44,293 INFO L290 TraceCheckUtils]: 93: Hoare triple {11848#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {11848#false} is VALID [2022-02-20 18:03:44,293 INFO L290 TraceCheckUtils]: 94: Hoare triple {11848#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {11848#false} is VALID [2022-02-20 18:03:44,293 INFO L272 TraceCheckUtils]: 95: Hoare triple {11848#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {11906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:44,293 INFO L290 TraceCheckUtils]: 96: Hoare triple {11906#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,294 INFO L290 TraceCheckUtils]: 97: Hoare triple {11847#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,294 INFO L290 TraceCheckUtils]: 98: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,294 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11847#true} {11848#false} #1214#return; {11848#false} is VALID [2022-02-20 18:03:44,294 INFO L290 TraceCheckUtils]: 100: Hoare triple {11848#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {11848#false} is VALID [2022-02-20 18:03:44,294 INFO L290 TraceCheckUtils]: 101: Hoare triple {11848#false} assume 0 != ~in_encrypted~0; {11848#false} is VALID [2022-02-20 18:03:44,294 INFO L272 TraceCheckUtils]: 102: Hoare triple {11848#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {11847#true} is VALID [2022-02-20 18:03:44,294 INFO L290 TraceCheckUtils]: 103: Hoare triple {11847#true} ~handle := #in~handle;havoc ~retValue_acc~18; {11847#true} is VALID [2022-02-20 18:03:44,295 INFO L290 TraceCheckUtils]: 104: Hoare triple {11847#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {11847#true} is VALID [2022-02-20 18:03:44,295 INFO L290 TraceCheckUtils]: 105: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,295 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {11847#true} {11848#false} #1216#return; {11848#false} is VALID [2022-02-20 18:03:44,295 INFO L290 TraceCheckUtils]: 107: Hoare triple {11848#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {11848#false} is VALID [2022-02-20 18:03:44,295 INFO L290 TraceCheckUtils]: 108: Hoare triple {11848#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {11848#false} is VALID [2022-02-20 18:03:44,295 INFO L290 TraceCheckUtils]: 109: Hoare triple {11848#false} assume !false; {11848#false} is VALID [2022-02-20 18:03:44,296 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:03:44,296 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:44,296 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1496032602] [2022-02-20 18:03:44,296 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1496032602] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:03:44,296 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [326389912] [2022-02-20 18:03:44,297 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:44,297 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:44,297 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:03:44,298 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:03:44,299 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 18:03:44,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,529 INFO L263 TraceCheckSpWp]: Trace formula consists of 1085 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:03:44,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:44,581 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:03:44,859 INFO L290 TraceCheckUtils]: 0: Hoare triple {11847#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11847#true} is VALID [2022-02-20 18:03:44,859 INFO L290 TraceCheckUtils]: 1: Hoare triple {11847#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {11847#true} is VALID [2022-02-20 18:03:44,859 INFO L290 TraceCheckUtils]: 2: Hoare triple {11847#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11847#true} is VALID [2022-02-20 18:03:44,859 INFO L290 TraceCheckUtils]: 3: Hoare triple {11847#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {11847#true} is VALID [2022-02-20 18:03:44,860 INFO L290 TraceCheckUtils]: 4: Hoare triple {11847#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {11847#true} is VALID [2022-02-20 18:03:44,860 INFO L290 TraceCheckUtils]: 5: Hoare triple {11847#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11847#true} is VALID [2022-02-20 18:03:44,860 INFO L272 TraceCheckUtils]: 6: Hoare triple {11847#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11847#true} is VALID [2022-02-20 18:03:44,860 INFO L290 TraceCheckUtils]: 7: Hoare triple {11847#true} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,860 INFO L290 TraceCheckUtils]: 8: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,860 INFO L290 TraceCheckUtils]: 9: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,861 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11847#true} {11847#true} #1250#return; {11847#true} is VALID [2022-02-20 18:03:44,861 INFO L290 TraceCheckUtils]: 11: Hoare triple {11847#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11847#true} is VALID [2022-02-20 18:03:44,861 INFO L272 TraceCheckUtils]: 12: Hoare triple {11847#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11847#true} is VALID [2022-02-20 18:03:44,861 INFO L290 TraceCheckUtils]: 13: Hoare triple {11847#true} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,861 INFO L290 TraceCheckUtils]: 14: Hoare triple {11847#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,861 INFO L290 TraceCheckUtils]: 15: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,861 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11847#true} {11847#true} #1252#return; {11847#true} is VALID [2022-02-20 18:03:44,862 INFO L290 TraceCheckUtils]: 17: Hoare triple {11847#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11962#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:03:44,862 INFO L272 TraceCheckUtils]: 18: Hoare triple {11962#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11847#true} is VALID [2022-02-20 18:03:44,862 INFO L290 TraceCheckUtils]: 19: Hoare triple {11847#true} ~handle := #in~handle;~value := #in~value; {11847#true} is VALID [2022-02-20 18:03:44,862 INFO L290 TraceCheckUtils]: 20: Hoare triple {11847#true} assume !(1 == ~handle); {11847#true} is VALID [2022-02-20 18:03:44,863 INFO L290 TraceCheckUtils]: 21: Hoare triple {11847#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11847#true} is VALID [2022-02-20 18:03:44,863 INFO L290 TraceCheckUtils]: 22: Hoare triple {11847#true} assume true; {11847#true} is VALID [2022-02-20 18:03:44,863 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11847#true} {11962#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1254#return; {11962#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:03:44,864 INFO L290 TraceCheckUtils]: 24: Hoare triple {11962#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11962#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 18:03:44,864 INFO L272 TraceCheckUtils]: 25: Hoare triple {11962#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11847#true} is VALID [2022-02-20 18:03:44,864 INFO L290 TraceCheckUtils]: 26: Hoare triple {11847#true} ~handle := #in~handle;~value := #in~value; {11990#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 18:03:44,865 INFO L290 TraceCheckUtils]: 27: Hoare triple {11990#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11994#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:44,865 INFO L290 TraceCheckUtils]: 28: Hoare triple {11994#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11994#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:03:44,866 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11994#(<= |setClientPrivateKey_#in~handle| 1)} {11962#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1256#return; {11848#false} is VALID [2022-02-20 18:03:44,866 INFO L290 TraceCheckUtils]: 30: Hoare triple {11848#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11848#false} is VALID [2022-02-20 18:03:44,866 INFO L272 TraceCheckUtils]: 31: Hoare triple {11848#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11848#false} is VALID [2022-02-20 18:03:44,866 INFO L290 TraceCheckUtils]: 32: Hoare triple {11848#false} ~handle := #in~handle;~value := #in~value; {11848#false} is VALID [2022-02-20 18:03:44,866 INFO L290 TraceCheckUtils]: 33: Hoare triple {11848#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11848#false} is VALID [2022-02-20 18:03:44,866 INFO L290 TraceCheckUtils]: 34: Hoare triple {11848#false} assume true; {11848#false} is VALID [2022-02-20 18:03:44,867 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11848#false} {11848#false} #1258#return; {11848#false} is VALID [2022-02-20 18:03:44,867 INFO L290 TraceCheckUtils]: 36: Hoare triple {11848#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11848#false} is VALID [2022-02-20 18:03:44,867 INFO L272 TraceCheckUtils]: 37: Hoare triple {11848#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11848#false} is VALID [2022-02-20 18:03:44,867 INFO L290 TraceCheckUtils]: 38: Hoare triple {11848#false} ~handle := #in~handle;~value := #in~value; {11848#false} is VALID [2022-02-20 18:03:44,867 INFO L290 TraceCheckUtils]: 39: Hoare triple {11848#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11848#false} is VALID [2022-02-20 18:03:44,867 INFO L290 TraceCheckUtils]: 40: Hoare triple {11848#false} assume true; {11848#false} is VALID [2022-02-20 18:03:44,867 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11848#false} {11848#false} #1260#return; {11848#false} is VALID [2022-02-20 18:03:44,868 INFO L290 TraceCheckUtils]: 42: Hoare triple {11848#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {11848#false} is VALID [2022-02-20 18:03:44,868 INFO L290 TraceCheckUtils]: 43: Hoare triple {11848#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11848#false} is VALID [2022-02-20 18:03:44,868 INFO L290 TraceCheckUtils]: 44: Hoare triple {11848#false} assume !false; {11848#false} is VALID [2022-02-20 18:03:44,868 INFO L290 TraceCheckUtils]: 45: Hoare triple {11848#false} assume test_~splverifierCounter~0#1 < 4; {11848#false} is VALID [2022-02-20 18:03:44,868 INFO L290 TraceCheckUtils]: 46: Hoare triple {11848#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11848#false} is VALID [2022-02-20 18:03:44,868 INFO L290 TraceCheckUtils]: 47: Hoare triple {11848#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {11848#false} is VALID [2022-02-20 18:03:44,868 INFO L290 TraceCheckUtils]: 48: Hoare triple {11848#false} assume !(0 != test_~tmp___9~0#1); {11848#false} is VALID [2022-02-20 18:03:44,869 INFO L290 TraceCheckUtils]: 49: Hoare triple {11848#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {11848#false} is VALID [2022-02-20 18:03:44,869 INFO L290 TraceCheckUtils]: 50: Hoare triple {11848#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11848#false} is VALID [2022-02-20 18:03:44,869 INFO L290 TraceCheckUtils]: 51: Hoare triple {11848#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11848#false} is VALID [2022-02-20 18:03:44,869 INFO L290 TraceCheckUtils]: 52: Hoare triple {11848#false} assume { :end_inline_setClientAutoResponse } true; {11848#false} is VALID [2022-02-20 18:03:44,869 INFO L290 TraceCheckUtils]: 53: Hoare triple {11848#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11848#false} is VALID [2022-02-20 18:03:44,869 INFO L290 TraceCheckUtils]: 54: Hoare triple {11848#false} assume !false; {11848#false} is VALID [2022-02-20 18:03:44,869 INFO L290 TraceCheckUtils]: 55: Hoare triple {11848#false} assume !(test_~splverifierCounter~0#1 < 4); {11848#false} is VALID [2022-02-20 18:03:44,870 INFO L290 TraceCheckUtils]: 56: Hoare triple {11848#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {11848#false} is VALID [2022-02-20 18:03:44,870 INFO L272 TraceCheckUtils]: 57: Hoare triple {11848#false} call sendEmail(~bob~0, ~rjh~0); {11848#false} is VALID [2022-02-20 18:03:44,870 INFO L290 TraceCheckUtils]: 58: Hoare triple {11848#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11848#false} is VALID [2022-02-20 18:03:44,870 INFO L272 TraceCheckUtils]: 59: Hoare triple {11848#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11848#false} is VALID [2022-02-20 18:03:44,870 INFO L290 TraceCheckUtils]: 60: Hoare triple {11848#false} ~handle := #in~handle;~value := #in~value; {11848#false} is VALID [2022-02-20 18:03:44,870 INFO L290 TraceCheckUtils]: 61: Hoare triple {11848#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11848#false} is VALID [2022-02-20 18:03:44,871 INFO L290 TraceCheckUtils]: 62: Hoare triple {11848#false} assume true; {11848#false} is VALID [2022-02-20 18:03:44,871 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11848#false} {11848#false} #1194#return; {11848#false} is VALID [2022-02-20 18:03:44,871 INFO L272 TraceCheckUtils]: 64: Hoare triple {11848#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11848#false} is VALID [2022-02-20 18:03:44,871 INFO L290 TraceCheckUtils]: 65: Hoare triple {11848#false} ~handle := #in~handle;~value := #in~value; {11848#false} is VALID [2022-02-20 18:03:44,871 INFO L290 TraceCheckUtils]: 66: Hoare triple {11848#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11848#false} is VALID [2022-02-20 18:03:44,871 INFO L290 TraceCheckUtils]: 67: Hoare triple {11848#false} assume true; {11848#false} is VALID [2022-02-20 18:03:44,872 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11848#false} {11848#false} #1196#return; {11848#false} is VALID [2022-02-20 18:03:44,872 INFO L290 TraceCheckUtils]: 69: Hoare triple {11848#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {11848#false} is VALID [2022-02-20 18:03:44,872 INFO L290 TraceCheckUtils]: 70: Hoare triple {11848#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {11848#false} is VALID [2022-02-20 18:03:44,872 INFO L272 TraceCheckUtils]: 71: Hoare triple {11848#false} call outgoing(~sender#1, ~email~0#1); {11848#false} is VALID [2022-02-20 18:03:44,872 INFO L290 TraceCheckUtils]: 72: Hoare triple {11848#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {11848#false} is VALID [2022-02-20 18:03:44,872 INFO L272 TraceCheckUtils]: 73: Hoare triple {11848#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {11848#false} is VALID [2022-02-20 18:03:44,873 INFO L290 TraceCheckUtils]: 74: Hoare triple {11848#false} ~handle := #in~handle;havoc ~retValue_acc~30; {11848#false} is VALID [2022-02-20 18:03:44,873 INFO L290 TraceCheckUtils]: 75: Hoare triple {11848#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {11848#false} is VALID [2022-02-20 18:03:44,873 INFO L290 TraceCheckUtils]: 76: Hoare triple {11848#false} assume true; {11848#false} is VALID [2022-02-20 18:03:44,873 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {11848#false} {11848#false} #1176#return; {11848#false} is VALID [2022-02-20 18:03:44,873 INFO L290 TraceCheckUtils]: 78: Hoare triple {11848#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {11848#false} is VALID [2022-02-20 18:03:44,873 INFO L290 TraceCheckUtils]: 79: Hoare triple {11848#false} assume !(0 != ~size~0#1); {11848#false} is VALID [2022-02-20 18:03:44,874 INFO L272 TraceCheckUtils]: 80: Hoare triple {11848#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {11848#false} is VALID [2022-02-20 18:03:44,874 INFO L290 TraceCheckUtils]: 81: Hoare triple {11848#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {11848#false} is VALID [2022-02-20 18:03:44,874 INFO L272 TraceCheckUtils]: 82: Hoare triple {11848#false} call #t~ret33#1 := getEmailTo(~msg#1); {11848#false} is VALID [2022-02-20 18:03:44,874 INFO L290 TraceCheckUtils]: 83: Hoare triple {11848#false} ~handle := #in~handle;havoc ~retValue_acc~15; {11848#false} is VALID [2022-02-20 18:03:44,874 INFO L290 TraceCheckUtils]: 84: Hoare triple {11848#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {11848#false} is VALID [2022-02-20 18:03:44,874 INFO L290 TraceCheckUtils]: 85: Hoare triple {11848#false} assume true; {11848#false} is VALID [2022-02-20 18:03:44,874 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {11848#false} {11848#false} #1208#return; {11848#false} is VALID [2022-02-20 18:03:44,875 INFO L290 TraceCheckUtils]: 87: Hoare triple {11848#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {11848#false} is VALID [2022-02-20 18:03:44,875 INFO L290 TraceCheckUtils]: 88: Hoare triple {11848#false} assume 1 == findPublicKey_~handle#1; {11848#false} is VALID [2022-02-20 18:03:44,875 INFO L290 TraceCheckUtils]: 89: Hoare triple {11848#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {11848#false} is VALID [2022-02-20 18:03:44,875 INFO L290 TraceCheckUtils]: 90: Hoare triple {11848#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {11848#false} is VALID [2022-02-20 18:03:44,875 INFO L290 TraceCheckUtils]: 91: Hoare triple {11848#false} assume !(0 != ~pubkey~0#1); {11848#false} is VALID [2022-02-20 18:03:44,875 INFO L290 TraceCheckUtils]: 92: Hoare triple {11848#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {11848#false} is VALID [2022-02-20 18:03:44,876 INFO L290 TraceCheckUtils]: 93: Hoare triple {11848#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {11848#false} is VALID [2022-02-20 18:03:44,876 INFO L290 TraceCheckUtils]: 94: Hoare triple {11848#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {11848#false} is VALID [2022-02-20 18:03:44,876 INFO L272 TraceCheckUtils]: 95: Hoare triple {11848#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {11848#false} is VALID [2022-02-20 18:03:44,876 INFO L290 TraceCheckUtils]: 96: Hoare triple {11848#false} ~handle := #in~handle;~value := #in~value; {11848#false} is VALID [2022-02-20 18:03:44,876 INFO L290 TraceCheckUtils]: 97: Hoare triple {11848#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11848#false} is VALID [2022-02-20 18:03:44,876 INFO L290 TraceCheckUtils]: 98: Hoare triple {11848#false} assume true; {11848#false} is VALID [2022-02-20 18:03:44,876 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11848#false} {11848#false} #1214#return; {11848#false} is VALID [2022-02-20 18:03:44,877 INFO L290 TraceCheckUtils]: 100: Hoare triple {11848#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {11848#false} is VALID [2022-02-20 18:03:44,877 INFO L290 TraceCheckUtils]: 101: Hoare triple {11848#false} assume 0 != ~in_encrypted~0; {11848#false} is VALID [2022-02-20 18:03:44,877 INFO L272 TraceCheckUtils]: 102: Hoare triple {11848#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {11848#false} is VALID [2022-02-20 18:03:44,877 INFO L290 TraceCheckUtils]: 103: Hoare triple {11848#false} ~handle := #in~handle;havoc ~retValue_acc~18; {11848#false} is VALID [2022-02-20 18:03:44,877 INFO L290 TraceCheckUtils]: 104: Hoare triple {11848#false} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {11848#false} is VALID [2022-02-20 18:03:44,877 INFO L290 TraceCheckUtils]: 105: Hoare triple {11848#false} assume true; {11848#false} is VALID [2022-02-20 18:03:44,878 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {11848#false} {11848#false} #1216#return; {11848#false} is VALID [2022-02-20 18:03:44,878 INFO L290 TraceCheckUtils]: 107: Hoare triple {11848#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {11848#false} is VALID [2022-02-20 18:03:44,878 INFO L290 TraceCheckUtils]: 108: Hoare triple {11848#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {11848#false} is VALID [2022-02-20 18:03:44,878 INFO L290 TraceCheckUtils]: 109: Hoare triple {11848#false} assume !false; {11848#false} is VALID [2022-02-20 18:03:44,878 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:03:44,879 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:03:44,879 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [326389912] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:44,879 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:03:44,879 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 18:03:44,879 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1537560216] [2022-02-20 18:03:44,879 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:44,880 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 110 [2022-02-20 18:03:44,880 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:44,881 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:44,959 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:44,959 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:03:44,959 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:44,959 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:03:44,959 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:03:44,960 INFO L87 Difference]: Start difference. First operand 469 states and 731 transitions. Second operand has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:46,047 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:46,047 INFO L93 Difference]: Finished difference Result 927 states and 1451 transitions. [2022-02-20 18:03:46,047 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:03:46,048 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 110 [2022-02-20 18:03:46,048 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:46,048 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:46,059 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1191 transitions. [2022-02-20 18:03:46,060 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:46,071 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1191 transitions. [2022-02-20 18:03:46,071 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1191 transitions. [2022-02-20 18:03:46,931 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1191 edges. 1191 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:46,947 INFO L225 Difference]: With dead ends: 927 [2022-02-20 18:03:46,948 INFO L226 Difference]: Without dead ends: 471 [2022-02-20 18:03:46,949 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 140 GetRequests, 126 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:03:46,950 INFO L933 BasicCegarLoop]: 590 mSDtfsCounter, 159 mSDsluCounter, 1585 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 182 SdHoareTripleChecker+Valid, 2175 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:46,950 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [182 Valid, 2175 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:03:46,951 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 471 states. [2022-02-20 18:03:47,066 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 471 to 471. [2022-02-20 18:03:47,066 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:47,068 INFO L82 GeneralOperation]: Start isEquivalent. First operand 471 states. Second operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:03:47,069 INFO L74 IsIncluded]: Start isIncluded. First operand 471 states. Second operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:03:47,070 INFO L87 Difference]: Start difference. First operand 471 states. Second operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:03:47,086 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:47,086 INFO L93 Difference]: Finished difference Result 471 states and 737 transitions. [2022-02-20 18:03:47,087 INFO L276 IsEmpty]: Start isEmpty. Operand 471 states and 737 transitions. [2022-02-20 18:03:47,088 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:47,089 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:47,090 INFO L74 IsIncluded]: Start isIncluded. First operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 471 states. [2022-02-20 18:03:47,091 INFO L87 Difference]: Start difference. First operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 471 states. [2022-02-20 18:03:47,107 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:47,108 INFO L93 Difference]: Finished difference Result 471 states and 737 transitions. [2022-02-20 18:03:47,108 INFO L276 IsEmpty]: Start isEmpty. Operand 471 states and 737 transitions. [2022-02-20 18:03:47,109 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:47,110 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:47,110 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:47,110 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:47,111 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:03:47,130 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 471 states to 471 states and 737 transitions. [2022-02-20 18:03:47,131 INFO L78 Accepts]: Start accepts. Automaton has 471 states and 737 transitions. Word has length 110 [2022-02-20 18:03:47,131 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:47,131 INFO L470 AbstractCegarLoop]: Abstraction has 471 states and 737 transitions. [2022-02-20 18:03:47,132 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:47,132 INFO L276 IsEmpty]: Start isEmpty. Operand 471 states and 737 transitions. [2022-02-20 18:03:47,134 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 18:03:47,134 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:47,134 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:47,161 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:03:47,347 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:03:47,347 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:47,348 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:47,348 INFO L85 PathProgramCache]: Analyzing trace with hash 1454142977, now seen corresponding path program 1 times [2022-02-20 18:03:47,348 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:47,348 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [217324091] [2022-02-20 18:03:47,348 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:47,348 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:47,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:47,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,412 INFO L290 TraceCheckUtils]: 0: Hoare triple {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,412 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15130#true} #1250#return; {15130#true} is VALID [2022-02-20 18:03:47,418 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:47,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,421 INFO L290 TraceCheckUtils]: 0: Hoare triple {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,421 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,421 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,421 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15130#true} #1252#return; {15130#true} is VALID [2022-02-20 18:03:47,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:47,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,425 INFO L290 TraceCheckUtils]: 0: Hoare triple {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,425 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume !(1 == ~handle); {15130#true} is VALID [2022-02-20 18:03:47,425 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,425 INFO L290 TraceCheckUtils]: 3: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,425 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15130#true} {15130#true} #1254#return; {15130#true} is VALID [2022-02-20 18:03:47,425 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:47,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,431 INFO L290 TraceCheckUtils]: 0: Hoare triple {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,431 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume !(1 == ~handle); {15130#true} is VALID [2022-02-20 18:03:47,431 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,431 INFO L290 TraceCheckUtils]: 3: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,431 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15130#true} {15130#true} #1256#return; {15130#true} is VALID [2022-02-20 18:03:47,432 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:47,433 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,446 INFO L290 TraceCheckUtils]: 0: Hoare triple {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15185#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:47,446 INFO L290 TraceCheckUtils]: 1: Hoare triple {15185#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15186#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:47,447 INFO L290 TraceCheckUtils]: 2: Hoare triple {15186#(= |setClientId_#in~handle| 1)} assume true; {15186#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:47,447 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15186#(= |setClientId_#in~handle| 1)} {15150#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1258#return; {15131#false} is VALID [2022-02-20 18:03:47,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:03:47,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,452 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,452 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,452 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15131#false} #1260#return; {15131#false} is VALID [2022-02-20 18:03:47,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 18:03:47,460 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,462 INFO L290 TraceCheckUtils]: 0: Hoare triple {15187#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,462 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,462 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,463 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15131#false} #1194#return; {15131#false} is VALID [2022-02-20 18:03:47,470 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 18:03:47,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,474 INFO L290 TraceCheckUtils]: 0: Hoare triple {15188#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,474 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,474 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,474 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15131#false} #1196#return; {15131#false} is VALID [2022-02-20 18:03:47,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 18:03:47,475 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {15130#true} ~handle := #in~handle;havoc ~retValue_acc~30; {15130#true} is VALID [2022-02-20 18:03:47,477 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {15130#true} is VALID [2022-02-20 18:03:47,477 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,478 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15131#false} #1176#return; {15131#false} is VALID [2022-02-20 18:03:47,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 18:03:47,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {15130#true} ~handle := #in~handle;havoc ~retValue_acc~15; {15130#true} is VALID [2022-02-20 18:03:47,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {15130#true} is VALID [2022-02-20 18:03:47,481 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,481 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15131#false} #1208#return; {15131#false} is VALID [2022-02-20 18:03:47,481 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 18:03:47,482 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,484 INFO L290 TraceCheckUtils]: 0: Hoare triple {15187#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,484 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,484 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,484 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15131#false} #1214#return; {15131#false} is VALID [2022-02-20 18:03:47,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 18:03:47,487 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:47,489 INFO L290 TraceCheckUtils]: 0: Hoare triple {15130#true} ~handle := #in~handle;havoc ~retValue_acc~18; {15130#true} is VALID [2022-02-20 18:03:47,489 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {15130#true} is VALID [2022-02-20 18:03:47,489 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,489 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15130#true} {15131#false} #1216#return; {15131#false} is VALID [2022-02-20 18:03:47,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {15130#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {15130#true} is VALID [2022-02-20 18:03:47,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {15130#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {15130#true} is VALID [2022-02-20 18:03:47,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {15130#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15130#true} is VALID [2022-02-20 18:03:47,490 INFO L290 TraceCheckUtils]: 3: Hoare triple {15130#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {15130#true} is VALID [2022-02-20 18:03:47,490 INFO L290 TraceCheckUtils]: 4: Hoare triple {15130#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {15130#true} is VALID [2022-02-20 18:03:47,490 INFO L290 TraceCheckUtils]: 5: Hoare triple {15130#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15130#true} is VALID [2022-02-20 18:03:47,491 INFO L272 TraceCheckUtils]: 6: Hoare triple {15130#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:47,491 INFO L290 TraceCheckUtils]: 7: Hoare triple {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,491 INFO L290 TraceCheckUtils]: 8: Hoare triple {15130#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,491 INFO L290 TraceCheckUtils]: 9: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,491 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15130#true} {15130#true} #1250#return; {15130#true} is VALID [2022-02-20 18:03:47,491 INFO L290 TraceCheckUtils]: 11: Hoare triple {15130#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15130#true} is VALID [2022-02-20 18:03:47,492 INFO L272 TraceCheckUtils]: 12: Hoare triple {15130#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:47,492 INFO L290 TraceCheckUtils]: 13: Hoare triple {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,492 INFO L290 TraceCheckUtils]: 14: Hoare triple {15130#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,492 INFO L290 TraceCheckUtils]: 15: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,492 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15130#true} {15130#true} #1252#return; {15130#true} is VALID [2022-02-20 18:03:47,492 INFO L290 TraceCheckUtils]: 17: Hoare triple {15130#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15130#true} is VALID [2022-02-20 18:03:47,493 INFO L272 TraceCheckUtils]: 18: Hoare triple {15130#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:47,493 INFO L290 TraceCheckUtils]: 19: Hoare triple {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,493 INFO L290 TraceCheckUtils]: 20: Hoare triple {15130#true} assume !(1 == ~handle); {15130#true} is VALID [2022-02-20 18:03:47,493 INFO L290 TraceCheckUtils]: 21: Hoare triple {15130#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,493 INFO L290 TraceCheckUtils]: 22: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,493 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15130#true} {15130#true} #1254#return; {15130#true} is VALID [2022-02-20 18:03:47,494 INFO L290 TraceCheckUtils]: 24: Hoare triple {15130#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15130#true} is VALID [2022-02-20 18:03:47,494 INFO L272 TraceCheckUtils]: 25: Hoare triple {15130#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:47,494 INFO L290 TraceCheckUtils]: 26: Hoare triple {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,494 INFO L290 TraceCheckUtils]: 27: Hoare triple {15130#true} assume !(1 == ~handle); {15130#true} is VALID [2022-02-20 18:03:47,494 INFO L290 TraceCheckUtils]: 28: Hoare triple {15130#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,495 INFO L290 TraceCheckUtils]: 29: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,495 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15130#true} {15130#true} #1256#return; {15130#true} is VALID [2022-02-20 18:03:47,518 INFO L290 TraceCheckUtils]: 31: Hoare triple {15130#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15150#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:47,519 INFO L272 TraceCheckUtils]: 32: Hoare triple {15150#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:47,520 INFO L290 TraceCheckUtils]: 33: Hoare triple {15183#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15185#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:47,520 INFO L290 TraceCheckUtils]: 34: Hoare triple {15185#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15186#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:47,520 INFO L290 TraceCheckUtils]: 35: Hoare triple {15186#(= |setClientId_#in~handle| 1)} assume true; {15186#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 18:03:47,521 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {15186#(= |setClientId_#in~handle| 1)} {15150#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1258#return; {15131#false} is VALID [2022-02-20 18:03:47,521 INFO L290 TraceCheckUtils]: 37: Hoare triple {15131#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15131#false} is VALID [2022-02-20 18:03:47,521 INFO L272 TraceCheckUtils]: 38: Hoare triple {15131#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:47,521 INFO L290 TraceCheckUtils]: 39: Hoare triple {15184#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,521 INFO L290 TraceCheckUtils]: 40: Hoare triple {15130#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,521 INFO L290 TraceCheckUtils]: 41: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,521 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {15130#true} {15131#false} #1260#return; {15131#false} is VALID [2022-02-20 18:03:47,521 INFO L290 TraceCheckUtils]: 43: Hoare triple {15131#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {15131#false} is VALID [2022-02-20 18:03:47,521 INFO L290 TraceCheckUtils]: 44: Hoare triple {15131#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 45: Hoare triple {15131#false} assume !false; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 46: Hoare triple {15131#false} assume test_~splverifierCounter~0#1 < 4; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 47: Hoare triple {15131#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 48: Hoare triple {15131#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 49: Hoare triple {15131#false} assume !(0 != test_~tmp___9~0#1); {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 50: Hoare triple {15131#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 51: Hoare triple {15131#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 52: Hoare triple {15131#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 53: Hoare triple {15131#false} assume { :end_inline_setClientAutoResponse } true; {15131#false} is VALID [2022-02-20 18:03:47,522 INFO L290 TraceCheckUtils]: 54: Hoare triple {15131#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {15131#false} is VALID [2022-02-20 18:03:47,523 INFO L290 TraceCheckUtils]: 55: Hoare triple {15131#false} assume !false; {15131#false} is VALID [2022-02-20 18:03:47,523 INFO L290 TraceCheckUtils]: 56: Hoare triple {15131#false} assume !(test_~splverifierCounter~0#1 < 4); {15131#false} is VALID [2022-02-20 18:03:47,523 INFO L290 TraceCheckUtils]: 57: Hoare triple {15131#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {15131#false} is VALID [2022-02-20 18:03:47,523 INFO L272 TraceCheckUtils]: 58: Hoare triple {15131#false} call sendEmail(~bob~0, ~rjh~0); {15131#false} is VALID [2022-02-20 18:03:47,523 INFO L290 TraceCheckUtils]: 59: Hoare triple {15131#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15131#false} is VALID [2022-02-20 18:03:47,523 INFO L272 TraceCheckUtils]: 60: Hoare triple {15131#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15187#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:47,523 INFO L290 TraceCheckUtils]: 61: Hoare triple {15187#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,523 INFO L290 TraceCheckUtils]: 62: Hoare triple {15130#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,523 INFO L290 TraceCheckUtils]: 63: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,524 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {15130#true} {15131#false} #1194#return; {15131#false} is VALID [2022-02-20 18:03:47,524 INFO L272 TraceCheckUtils]: 65: Hoare triple {15131#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {15188#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:47,524 INFO L290 TraceCheckUtils]: 66: Hoare triple {15188#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,524 INFO L290 TraceCheckUtils]: 67: Hoare triple {15130#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,524 INFO L290 TraceCheckUtils]: 68: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,524 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {15130#true} {15131#false} #1196#return; {15131#false} is VALID [2022-02-20 18:03:47,524 INFO L290 TraceCheckUtils]: 70: Hoare triple {15131#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {15131#false} is VALID [2022-02-20 18:03:47,524 INFO L290 TraceCheckUtils]: 71: Hoare triple {15131#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {15131#false} is VALID [2022-02-20 18:03:47,524 INFO L272 TraceCheckUtils]: 72: Hoare triple {15131#false} call outgoing(~sender#1, ~email~0#1); {15131#false} is VALID [2022-02-20 18:03:47,524 INFO L290 TraceCheckUtils]: 73: Hoare triple {15131#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {15131#false} is VALID [2022-02-20 18:03:47,524 INFO L272 TraceCheckUtils]: 74: Hoare triple {15131#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {15130#true} is VALID [2022-02-20 18:03:47,524 INFO L290 TraceCheckUtils]: 75: Hoare triple {15130#true} ~handle := #in~handle;havoc ~retValue_acc~30; {15130#true} is VALID [2022-02-20 18:03:47,524 INFO L290 TraceCheckUtils]: 76: Hoare triple {15130#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {15130#true} is VALID [2022-02-20 18:03:47,525 INFO L290 TraceCheckUtils]: 77: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,525 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {15130#true} {15131#false} #1176#return; {15131#false} is VALID [2022-02-20 18:03:47,525 INFO L290 TraceCheckUtils]: 79: Hoare triple {15131#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {15131#false} is VALID [2022-02-20 18:03:47,525 INFO L290 TraceCheckUtils]: 80: Hoare triple {15131#false} assume !(0 != ~size~0#1); {15131#false} is VALID [2022-02-20 18:03:47,525 INFO L272 TraceCheckUtils]: 81: Hoare triple {15131#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {15131#false} is VALID [2022-02-20 18:03:47,525 INFO L290 TraceCheckUtils]: 82: Hoare triple {15131#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {15131#false} is VALID [2022-02-20 18:03:47,525 INFO L272 TraceCheckUtils]: 83: Hoare triple {15131#false} call #t~ret33#1 := getEmailTo(~msg#1); {15130#true} is VALID [2022-02-20 18:03:47,525 INFO L290 TraceCheckUtils]: 84: Hoare triple {15130#true} ~handle := #in~handle;havoc ~retValue_acc~15; {15130#true} is VALID [2022-02-20 18:03:47,526 INFO L290 TraceCheckUtils]: 85: Hoare triple {15130#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {15130#true} is VALID [2022-02-20 18:03:47,526 INFO L290 TraceCheckUtils]: 86: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,526 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {15130#true} {15131#false} #1208#return; {15131#false} is VALID [2022-02-20 18:03:47,526 INFO L290 TraceCheckUtils]: 88: Hoare triple {15131#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {15131#false} is VALID [2022-02-20 18:03:47,526 INFO L290 TraceCheckUtils]: 89: Hoare triple {15131#false} assume 1 == findPublicKey_~handle#1; {15131#false} is VALID [2022-02-20 18:03:47,526 INFO L290 TraceCheckUtils]: 90: Hoare triple {15131#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {15131#false} is VALID [2022-02-20 18:03:47,527 INFO L290 TraceCheckUtils]: 91: Hoare triple {15131#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {15131#false} is VALID [2022-02-20 18:03:47,527 INFO L290 TraceCheckUtils]: 92: Hoare triple {15131#false} assume !(0 != ~pubkey~0#1); {15131#false} is VALID [2022-02-20 18:03:47,527 INFO L290 TraceCheckUtils]: 93: Hoare triple {15131#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {15131#false} is VALID [2022-02-20 18:03:47,527 INFO L290 TraceCheckUtils]: 94: Hoare triple {15131#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {15131#false} is VALID [2022-02-20 18:03:47,527 INFO L290 TraceCheckUtils]: 95: Hoare triple {15131#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {15131#false} is VALID [2022-02-20 18:03:47,527 INFO L272 TraceCheckUtils]: 96: Hoare triple {15131#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {15187#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:47,527 INFO L290 TraceCheckUtils]: 97: Hoare triple {15187#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15130#true} is VALID [2022-02-20 18:03:47,528 INFO L290 TraceCheckUtils]: 98: Hoare triple {15130#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15130#true} is VALID [2022-02-20 18:03:47,528 INFO L290 TraceCheckUtils]: 99: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,528 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {15130#true} {15131#false} #1214#return; {15131#false} is VALID [2022-02-20 18:03:47,528 INFO L290 TraceCheckUtils]: 101: Hoare triple {15131#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {15131#false} is VALID [2022-02-20 18:03:47,528 INFO L290 TraceCheckUtils]: 102: Hoare triple {15131#false} assume 0 != ~in_encrypted~0; {15131#false} is VALID [2022-02-20 18:03:47,528 INFO L272 TraceCheckUtils]: 103: Hoare triple {15131#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {15130#true} is VALID [2022-02-20 18:03:47,528 INFO L290 TraceCheckUtils]: 104: Hoare triple {15130#true} ~handle := #in~handle;havoc ~retValue_acc~18; {15130#true} is VALID [2022-02-20 18:03:47,529 INFO L290 TraceCheckUtils]: 105: Hoare triple {15130#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {15130#true} is VALID [2022-02-20 18:03:47,529 INFO L290 TraceCheckUtils]: 106: Hoare triple {15130#true} assume true; {15130#true} is VALID [2022-02-20 18:03:47,529 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {15130#true} {15131#false} #1216#return; {15131#false} is VALID [2022-02-20 18:03:47,529 INFO L290 TraceCheckUtils]: 108: Hoare triple {15131#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {15131#false} is VALID [2022-02-20 18:03:47,529 INFO L290 TraceCheckUtils]: 109: Hoare triple {15131#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {15131#false} is VALID [2022-02-20 18:03:47,529 INFO L290 TraceCheckUtils]: 110: Hoare triple {15131#false} assume !false; {15131#false} is VALID [2022-02-20 18:03:47,530 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:03:47,530 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:47,530 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [217324091] [2022-02-20 18:03:47,530 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [217324091] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:47,530 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:47,530 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:03:47,531 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1215031483] [2022-02-20 18:03:47,531 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:47,531 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 111 [2022-02-20 18:03:47,532 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:47,532 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:47,600 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:47,601 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:03:47,601 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:47,602 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:03:47,602 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:03:47,602 INFO L87 Difference]: Start difference. First operand 471 states and 737 transitions. Second operand has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:56,396 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:56,396 INFO L93 Difference]: Finished difference Result 1112 states and 1766 transitions. [2022-02-20 18:03:56,397 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:03:56,397 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 111 [2022-02-20 18:03:56,397 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:03:56,398 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:56,417 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1498 transitions. [2022-02-20 18:03:56,417 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:56,436 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1498 transitions. [2022-02-20 18:03:56,436 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1498 transitions. [2022-02-20 18:03:57,913 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1498 edges. 1498 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:57,942 INFO L225 Difference]: With dead ends: 1112 [2022-02-20 18:03:57,942 INFO L226 Difference]: Without dead ends: 664 [2022-02-20 18:03:57,944 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:03:57,944 INFO L933 BasicCegarLoop]: 727 mSDtfsCounter, 1460 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2564 mSolverCounterSat, 588 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1480 SdHoareTripleChecker+Valid, 1761 SdHoareTripleChecker+Invalid, 3152 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 588 IncrementalHoareTripleChecker+Valid, 2564 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:03:57,944 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1480 Valid, 1761 Invalid, 3152 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [588 Valid, 2564 Invalid, 0 Unknown, 0 Unchecked, 4.0s Time] [2022-02-20 18:03:57,946 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 664 states. [2022-02-20 18:03:58,053 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 664 to 471. [2022-02-20 18:03:58,054 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:03:58,055 INFO L82 GeneralOperation]: Start isEquivalent. First operand 664 states. Second operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:03:58,056 INFO L74 IsIncluded]: Start isIncluded. First operand 664 states. Second operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:03:58,057 INFO L87 Difference]: Start difference. First operand 664 states. Second operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:03:58,086 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:58,086 INFO L93 Difference]: Finished difference Result 664 states and 1060 transitions. [2022-02-20 18:03:58,086 INFO L276 IsEmpty]: Start isEmpty. Operand 664 states and 1060 transitions. [2022-02-20 18:03:58,092 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:58,092 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:58,093 INFO L74 IsIncluded]: Start isIncluded. First operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) Second operand 664 states. [2022-02-20 18:03:58,095 INFO L87 Difference]: Start difference. First operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) Second operand 664 states. [2022-02-20 18:03:58,131 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:03:58,132 INFO L93 Difference]: Finished difference Result 664 states and 1060 transitions. [2022-02-20 18:03:58,132 INFO L276 IsEmpty]: Start isEmpty. Operand 664 states and 1060 transitions. [2022-02-20 18:03:58,136 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:03:58,136 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:03:58,137 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:03:58,148 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:03:58,149 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 471 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 375 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 18:03:58,167 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 471 states to 471 states and 736 transitions. [2022-02-20 18:03:58,168 INFO L78 Accepts]: Start accepts. Automaton has 471 states and 736 transitions. Word has length 111 [2022-02-20 18:03:58,168 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:03:58,168 INFO L470 AbstractCegarLoop]: Abstraction has 471 states and 736 transitions. [2022-02-20 18:03:58,168 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:58,169 INFO L276 IsEmpty]: Start isEmpty. Operand 471 states and 736 transitions. [2022-02-20 18:03:58,170 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 18:03:58,171 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:03:58,171 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:03:58,171 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:03:58,171 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:03:58,172 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:03:58,172 INFO L85 PathProgramCache]: Analyzing trace with hash 1166401654, now seen corresponding path program 2 times [2022-02-20 18:03:58,172 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:03:58,172 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1438215573] [2022-02-20 18:03:58,172 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:03:58,173 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:03:58,198 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,228 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:03:58,229 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,231 INFO L290 TraceCheckUtils]: 0: Hoare triple {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,232 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18765#true} #1250#return; {18765#true} is VALID [2022-02-20 18:03:58,238 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:03:58,241 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,243 INFO L290 TraceCheckUtils]: 0: Hoare triple {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,243 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,244 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18765#true} #1252#return; {18765#true} is VALID [2022-02-20 18:03:58,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:03:58,246 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,248 INFO L290 TraceCheckUtils]: 0: Hoare triple {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,248 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume !(1 == ~handle); {18765#true} is VALID [2022-02-20 18:03:58,248 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,248 INFO L290 TraceCheckUtils]: 3: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,248 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18765#true} {18765#true} #1254#return; {18765#true} is VALID [2022-02-20 18:03:58,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:03:58,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,253 INFO L290 TraceCheckUtils]: 0: Hoare triple {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,253 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume !(1 == ~handle); {18765#true} is VALID [2022-02-20 18:03:58,253 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,254 INFO L290 TraceCheckUtils]: 3: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,254 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18765#true} {18765#true} #1256#return; {18765#true} is VALID [2022-02-20 18:03:58,254 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:03:58,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18821#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:58,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {18821#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18821#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:58,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {18821#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18822#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:58,269 INFO L290 TraceCheckUtils]: 3: Hoare triple {18822#(= 2 |setClientId_#in~handle|)} assume true; {18822#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:58,270 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18822#(= 2 |setClientId_#in~handle|)} {18785#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1258#return; {18766#false} is VALID [2022-02-20 18:03:58,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:03:58,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,274 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18766#false} #1260#return; {18766#false} is VALID [2022-02-20 18:03:58,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:03:58,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {18823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,285 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18766#false} #1194#return; {18766#false} is VALID [2022-02-20 18:03:58,292 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 18:03:58,293 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,295 INFO L290 TraceCheckUtils]: 0: Hoare triple {18824#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,295 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,295 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18766#false} #1196#return; {18766#false} is VALID [2022-02-20 18:03:58,295 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:03:58,296 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,298 INFO L290 TraceCheckUtils]: 0: Hoare triple {18765#true} ~handle := #in~handle;havoc ~retValue_acc~30; {18765#true} is VALID [2022-02-20 18:03:58,298 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {18765#true} is VALID [2022-02-20 18:03:58,299 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,299 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18766#false} #1176#return; {18766#false} is VALID [2022-02-20 18:03:58,299 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 18:03:58,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {18765#true} ~handle := #in~handle;havoc ~retValue_acc~15; {18765#true} is VALID [2022-02-20 18:03:58,301 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {18765#true} is VALID [2022-02-20 18:03:58,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,302 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18766#false} #1208#return; {18766#false} is VALID [2022-02-20 18:03:58,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 18:03:58,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,310 INFO L290 TraceCheckUtils]: 0: Hoare triple {18823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,311 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,311 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,311 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18766#false} #1214#return; {18766#false} is VALID [2022-02-20 18:03:58,311 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 18:03:58,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:03:58,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {18765#true} ~handle := #in~handle;havoc ~retValue_acc~18; {18765#true} is VALID [2022-02-20 18:03:58,316 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {18765#true} is VALID [2022-02-20 18:03:58,316 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,316 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18765#true} {18766#false} #1216#return; {18766#false} is VALID [2022-02-20 18:03:58,316 INFO L290 TraceCheckUtils]: 0: Hoare triple {18765#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {18765#true} is VALID [2022-02-20 18:03:58,316 INFO L290 TraceCheckUtils]: 1: Hoare triple {18765#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {18765#true} is VALID [2022-02-20 18:03:58,316 INFO L290 TraceCheckUtils]: 2: Hoare triple {18765#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18765#true} is VALID [2022-02-20 18:03:58,317 INFO L290 TraceCheckUtils]: 3: Hoare triple {18765#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {18765#true} is VALID [2022-02-20 18:03:58,317 INFO L290 TraceCheckUtils]: 4: Hoare triple {18765#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {18765#true} is VALID [2022-02-20 18:03:58,317 INFO L290 TraceCheckUtils]: 5: Hoare triple {18765#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18765#true} is VALID [2022-02-20 18:03:58,318 INFO L272 TraceCheckUtils]: 6: Hoare triple {18765#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:58,318 INFO L290 TraceCheckUtils]: 7: Hoare triple {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,318 INFO L290 TraceCheckUtils]: 8: Hoare triple {18765#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,318 INFO L290 TraceCheckUtils]: 9: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,318 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18765#true} {18765#true} #1250#return; {18765#true} is VALID [2022-02-20 18:03:58,318 INFO L290 TraceCheckUtils]: 11: Hoare triple {18765#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18765#true} is VALID [2022-02-20 18:03:58,319 INFO L272 TraceCheckUtils]: 12: Hoare triple {18765#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:58,319 INFO L290 TraceCheckUtils]: 13: Hoare triple {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,319 INFO L290 TraceCheckUtils]: 14: Hoare triple {18765#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,319 INFO L290 TraceCheckUtils]: 15: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,320 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18765#true} {18765#true} #1252#return; {18765#true} is VALID [2022-02-20 18:03:58,320 INFO L290 TraceCheckUtils]: 17: Hoare triple {18765#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18765#true} is VALID [2022-02-20 18:03:58,320 INFO L272 TraceCheckUtils]: 18: Hoare triple {18765#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:58,321 INFO L290 TraceCheckUtils]: 19: Hoare triple {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,321 INFO L290 TraceCheckUtils]: 20: Hoare triple {18765#true} assume !(1 == ~handle); {18765#true} is VALID [2022-02-20 18:03:58,321 INFO L290 TraceCheckUtils]: 21: Hoare triple {18765#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,321 INFO L290 TraceCheckUtils]: 22: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,321 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18765#true} {18765#true} #1254#return; {18765#true} is VALID [2022-02-20 18:03:58,321 INFO L290 TraceCheckUtils]: 24: Hoare triple {18765#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18765#true} is VALID [2022-02-20 18:03:58,322 INFO L272 TraceCheckUtils]: 25: Hoare triple {18765#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:58,322 INFO L290 TraceCheckUtils]: 26: Hoare triple {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,322 INFO L290 TraceCheckUtils]: 27: Hoare triple {18765#true} assume !(1 == ~handle); {18765#true} is VALID [2022-02-20 18:03:58,322 INFO L290 TraceCheckUtils]: 28: Hoare triple {18765#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,323 INFO L290 TraceCheckUtils]: 29: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,323 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18765#true} {18765#true} #1256#return; {18765#true} is VALID [2022-02-20 18:03:58,323 INFO L290 TraceCheckUtils]: 31: Hoare triple {18765#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18785#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:03:58,324 INFO L272 TraceCheckUtils]: 32: Hoare triple {18785#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:03:58,324 INFO L290 TraceCheckUtils]: 33: Hoare triple {18819#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18821#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:58,324 INFO L290 TraceCheckUtils]: 34: Hoare triple {18821#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18821#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:58,325 INFO L290 TraceCheckUtils]: 35: Hoare triple {18821#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18822#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:58,325 INFO L290 TraceCheckUtils]: 36: Hoare triple {18822#(= 2 |setClientId_#in~handle|)} assume true; {18822#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 18:03:58,326 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {18822#(= 2 |setClientId_#in~handle|)} {18785#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1258#return; {18766#false} is VALID [2022-02-20 18:03:58,326 INFO L290 TraceCheckUtils]: 38: Hoare triple {18766#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {18766#false} is VALID [2022-02-20 18:03:58,326 INFO L272 TraceCheckUtils]: 39: Hoare triple {18766#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:03:58,326 INFO L290 TraceCheckUtils]: 40: Hoare triple {18820#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,326 INFO L290 TraceCheckUtils]: 41: Hoare triple {18765#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,326 INFO L290 TraceCheckUtils]: 42: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,327 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {18765#true} {18766#false} #1260#return; {18766#false} is VALID [2022-02-20 18:03:58,327 INFO L290 TraceCheckUtils]: 44: Hoare triple {18766#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {18766#false} is VALID [2022-02-20 18:03:58,327 INFO L290 TraceCheckUtils]: 45: Hoare triple {18766#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18766#false} is VALID [2022-02-20 18:03:58,327 INFO L290 TraceCheckUtils]: 46: Hoare triple {18766#false} assume !false; {18766#false} is VALID [2022-02-20 18:03:58,327 INFO L290 TraceCheckUtils]: 47: Hoare triple {18766#false} assume test_~splverifierCounter~0#1 < 4; {18766#false} is VALID [2022-02-20 18:03:58,327 INFO L290 TraceCheckUtils]: 48: Hoare triple {18766#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18766#false} is VALID [2022-02-20 18:03:58,328 INFO L290 TraceCheckUtils]: 49: Hoare triple {18766#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {18766#false} is VALID [2022-02-20 18:03:58,328 INFO L290 TraceCheckUtils]: 50: Hoare triple {18766#false} assume !(0 != test_~tmp___9~0#1); {18766#false} is VALID [2022-02-20 18:03:58,328 INFO L290 TraceCheckUtils]: 51: Hoare triple {18766#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {18766#false} is VALID [2022-02-20 18:03:58,328 INFO L290 TraceCheckUtils]: 52: Hoare triple {18766#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {18766#false} is VALID [2022-02-20 18:03:58,328 INFO L290 TraceCheckUtils]: 53: Hoare triple {18766#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {18766#false} is VALID [2022-02-20 18:03:58,328 INFO L290 TraceCheckUtils]: 54: Hoare triple {18766#false} assume { :end_inline_setClientAutoResponse } true; {18766#false} is VALID [2022-02-20 18:03:58,328 INFO L290 TraceCheckUtils]: 55: Hoare triple {18766#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {18766#false} is VALID [2022-02-20 18:03:58,329 INFO L290 TraceCheckUtils]: 56: Hoare triple {18766#false} assume !false; {18766#false} is VALID [2022-02-20 18:03:58,329 INFO L290 TraceCheckUtils]: 57: Hoare triple {18766#false} assume !(test_~splverifierCounter~0#1 < 4); {18766#false} is VALID [2022-02-20 18:03:58,329 INFO L290 TraceCheckUtils]: 58: Hoare triple {18766#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {18766#false} is VALID [2022-02-20 18:03:58,329 INFO L272 TraceCheckUtils]: 59: Hoare triple {18766#false} call sendEmail(~bob~0, ~rjh~0); {18766#false} is VALID [2022-02-20 18:03:58,329 INFO L290 TraceCheckUtils]: 60: Hoare triple {18766#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18766#false} is VALID [2022-02-20 18:03:58,329 INFO L272 TraceCheckUtils]: 61: Hoare triple {18766#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:58,329 INFO L290 TraceCheckUtils]: 62: Hoare triple {18823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,330 INFO L290 TraceCheckUtils]: 63: Hoare triple {18765#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,330 INFO L290 TraceCheckUtils]: 64: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,330 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18765#true} {18766#false} #1194#return; {18766#false} is VALID [2022-02-20 18:03:58,330 INFO L272 TraceCheckUtils]: 66: Hoare triple {18766#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18824#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:03:58,330 INFO L290 TraceCheckUtils]: 67: Hoare triple {18824#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,330 INFO L290 TraceCheckUtils]: 68: Hoare triple {18765#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,330 INFO L290 TraceCheckUtils]: 69: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,331 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {18765#true} {18766#false} #1196#return; {18766#false} is VALID [2022-02-20 18:03:58,331 INFO L290 TraceCheckUtils]: 71: Hoare triple {18766#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {18766#false} is VALID [2022-02-20 18:03:58,331 INFO L290 TraceCheckUtils]: 72: Hoare triple {18766#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {18766#false} is VALID [2022-02-20 18:03:58,331 INFO L272 TraceCheckUtils]: 73: Hoare triple {18766#false} call outgoing(~sender#1, ~email~0#1); {18766#false} is VALID [2022-02-20 18:03:58,331 INFO L290 TraceCheckUtils]: 74: Hoare triple {18766#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {18766#false} is VALID [2022-02-20 18:03:58,331 INFO L272 TraceCheckUtils]: 75: Hoare triple {18766#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {18765#true} is VALID [2022-02-20 18:03:58,332 INFO L290 TraceCheckUtils]: 76: Hoare triple {18765#true} ~handle := #in~handle;havoc ~retValue_acc~30; {18765#true} is VALID [2022-02-20 18:03:58,332 INFO L290 TraceCheckUtils]: 77: Hoare triple {18765#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {18765#true} is VALID [2022-02-20 18:03:58,332 INFO L290 TraceCheckUtils]: 78: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,332 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {18765#true} {18766#false} #1176#return; {18766#false} is VALID [2022-02-20 18:03:58,332 INFO L290 TraceCheckUtils]: 80: Hoare triple {18766#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {18766#false} is VALID [2022-02-20 18:03:58,332 INFO L290 TraceCheckUtils]: 81: Hoare triple {18766#false} assume !(0 != ~size~0#1); {18766#false} is VALID [2022-02-20 18:03:58,332 INFO L272 TraceCheckUtils]: 82: Hoare triple {18766#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {18766#false} is VALID [2022-02-20 18:03:58,333 INFO L290 TraceCheckUtils]: 83: Hoare triple {18766#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {18766#false} is VALID [2022-02-20 18:03:58,333 INFO L272 TraceCheckUtils]: 84: Hoare triple {18766#false} call #t~ret33#1 := getEmailTo(~msg#1); {18765#true} is VALID [2022-02-20 18:03:58,333 INFO L290 TraceCheckUtils]: 85: Hoare triple {18765#true} ~handle := #in~handle;havoc ~retValue_acc~15; {18765#true} is VALID [2022-02-20 18:03:58,333 INFO L290 TraceCheckUtils]: 86: Hoare triple {18765#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {18765#true} is VALID [2022-02-20 18:03:58,333 INFO L290 TraceCheckUtils]: 87: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,333 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {18765#true} {18766#false} #1208#return; {18766#false} is VALID [2022-02-20 18:03:58,333 INFO L290 TraceCheckUtils]: 89: Hoare triple {18766#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {18766#false} is VALID [2022-02-20 18:03:58,334 INFO L290 TraceCheckUtils]: 90: Hoare triple {18766#false} assume 1 == findPublicKey_~handle#1; {18766#false} is VALID [2022-02-20 18:03:58,334 INFO L290 TraceCheckUtils]: 91: Hoare triple {18766#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {18766#false} is VALID [2022-02-20 18:03:58,334 INFO L290 TraceCheckUtils]: 92: Hoare triple {18766#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {18766#false} is VALID [2022-02-20 18:03:58,334 INFO L290 TraceCheckUtils]: 93: Hoare triple {18766#false} assume !(0 != ~pubkey~0#1); {18766#false} is VALID [2022-02-20 18:03:58,334 INFO L290 TraceCheckUtils]: 94: Hoare triple {18766#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {18766#false} is VALID [2022-02-20 18:03:58,334 INFO L290 TraceCheckUtils]: 95: Hoare triple {18766#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {18766#false} is VALID [2022-02-20 18:03:58,334 INFO L290 TraceCheckUtils]: 96: Hoare triple {18766#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {18766#false} is VALID [2022-02-20 18:03:58,335 INFO L272 TraceCheckUtils]: 97: Hoare triple {18766#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {18823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:03:58,335 INFO L290 TraceCheckUtils]: 98: Hoare triple {18823#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18765#true} is VALID [2022-02-20 18:03:58,335 INFO L290 TraceCheckUtils]: 99: Hoare triple {18765#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18765#true} is VALID [2022-02-20 18:03:58,335 INFO L290 TraceCheckUtils]: 100: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,335 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {18765#true} {18766#false} #1214#return; {18766#false} is VALID [2022-02-20 18:03:58,335 INFO L290 TraceCheckUtils]: 102: Hoare triple {18766#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {18766#false} is VALID [2022-02-20 18:03:58,335 INFO L290 TraceCheckUtils]: 103: Hoare triple {18766#false} assume 0 != ~in_encrypted~0; {18766#false} is VALID [2022-02-20 18:03:58,336 INFO L272 TraceCheckUtils]: 104: Hoare triple {18766#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {18765#true} is VALID [2022-02-20 18:03:58,336 INFO L290 TraceCheckUtils]: 105: Hoare triple {18765#true} ~handle := #in~handle;havoc ~retValue_acc~18; {18765#true} is VALID [2022-02-20 18:03:58,336 INFO L290 TraceCheckUtils]: 106: Hoare triple {18765#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {18765#true} is VALID [2022-02-20 18:03:58,336 INFO L290 TraceCheckUtils]: 107: Hoare triple {18765#true} assume true; {18765#true} is VALID [2022-02-20 18:03:58,336 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {18765#true} {18766#false} #1216#return; {18766#false} is VALID [2022-02-20 18:03:58,337 INFO L290 TraceCheckUtils]: 109: Hoare triple {18766#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {18766#false} is VALID [2022-02-20 18:03:58,337 INFO L290 TraceCheckUtils]: 110: Hoare triple {18766#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {18766#false} is VALID [2022-02-20 18:03:58,337 INFO L290 TraceCheckUtils]: 111: Hoare triple {18766#false} assume !false; {18766#false} is VALID [2022-02-20 18:03:58,337 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 18:03:58,337 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:03:58,338 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1438215573] [2022-02-20 18:03:58,338 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1438215573] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:03:58,338 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:03:58,338 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 18:03:58,338 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1166680975] [2022-02-20 18:03:58,338 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:03:58,339 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 112 [2022-02-20 18:03:58,340 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:03:58,340 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:03:58,413 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:03:58,413 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 18:03:58,413 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:03:58,414 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 18:03:58,414 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:03:58,414 INFO L87 Difference]: Start difference. First operand 471 states and 736 transitions. Second operand has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:04:06,373 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:06,373 INFO L93 Difference]: Finished difference Result 1114 states and 1769 transitions. [2022-02-20 18:04:06,373 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:04:06,374 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 112 [2022-02-20 18:04:06,374 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:06,374 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:04:06,392 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1499 transitions. [2022-02-20 18:04:06,392 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:04:06,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1499 transitions. [2022-02-20 18:04:06,411 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1499 transitions. [2022-02-20 18:04:07,853 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1499 edges. 1499 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:07,887 INFO L225 Difference]: With dead ends: 1114 [2022-02-20 18:04:07,888 INFO L226 Difference]: Without dead ends: 666 [2022-02-20 18:04:07,893 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:04:07,895 INFO L933 BasicCegarLoop]: 721 mSDtfsCounter, 1458 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2566 mSolverCounterSat, 582 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1479 SdHoareTripleChecker+Valid, 1755 SdHoareTripleChecker+Invalid, 3148 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 582 IncrementalHoareTripleChecker+Valid, 2566 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.6s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:07,895 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1479 Valid, 1755 Invalid, 3148 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [582 Valid, 2566 Invalid, 0 Unknown, 0 Unchecked, 3.6s Time] [2022-02-20 18:04:07,896 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 666 states. [2022-02-20 18:04:08,038 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 666 to 473. [2022-02-20 18:04:08,038 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:08,040 INFO L82 GeneralOperation]: Start isEquivalent. First operand 666 states. Second operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:04:08,041 INFO L74 IsIncluded]: Start isIncluded. First operand 666 states. Second operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:04:08,042 INFO L87 Difference]: Start difference. First operand 666 states. Second operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:04:08,086 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:08,086 INFO L93 Difference]: Finished difference Result 666 states and 1063 transitions. [2022-02-20 18:04:08,086 INFO L276 IsEmpty]: Start isEmpty. Operand 666 states and 1063 transitions. [2022-02-20 18:04:08,092 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:08,092 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:08,108 INFO L74 IsIncluded]: Start isIncluded. First operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 666 states. [2022-02-20 18:04:08,109 INFO L87 Difference]: Start difference. First operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 666 states. [2022-02-20 18:04:08,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:08,142 INFO L93 Difference]: Finished difference Result 666 states and 1063 transitions. [2022-02-20 18:04:08,142 INFO L276 IsEmpty]: Start isEmpty. Operand 666 states and 1063 transitions. [2022-02-20 18:04:08,148 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:08,148 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:08,148 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:08,148 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:08,150 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 18:04:08,168 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 473 states to 473 states and 739 transitions. [2022-02-20 18:04:08,169 INFO L78 Accepts]: Start accepts. Automaton has 473 states and 739 transitions. Word has length 112 [2022-02-20 18:04:08,169 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:08,169 INFO L470 AbstractCegarLoop]: Abstraction has 473 states and 739 transitions. [2022-02-20 18:04:08,169 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 18:04:08,169 INFO L276 IsEmpty]: Start isEmpty. Operand 473 states and 739 transitions. [2022-02-20 18:04:08,172 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 18:04:08,172 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:08,172 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:08,173 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:04:08,173 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:08,174 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:08,174 INFO L85 PathProgramCache]: Analyzing trace with hash 904019238, now seen corresponding path program 1 times [2022-02-20 18:04:08,174 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:08,174 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1744112863] [2022-02-20 18:04:08,174 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:08,174 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:08,202 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:08,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,241 INFO L290 TraceCheckUtils]: 0: Hoare triple {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,241 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,241 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,242 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22409#true} {22409#true} #1250#return; {22409#true} is VALID [2022-02-20 18:04:08,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:08,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,252 INFO L290 TraceCheckUtils]: 0: Hoare triple {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,252 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22409#true} {22409#true} #1252#return; {22409#true} is VALID [2022-02-20 18:04:08,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:08,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume !(1 == ~handle); {22409#true} is VALID [2022-02-20 18:04:08,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,256 INFO L290 TraceCheckUtils]: 3: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,257 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22409#true} {22409#true} #1254#return; {22409#true} is VALID [2022-02-20 18:04:08,257 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:08,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,264 INFO L290 TraceCheckUtils]: 0: Hoare triple {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,265 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume !(1 == ~handle); {22409#true} is VALID [2022-02-20 18:04:08,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,265 INFO L290 TraceCheckUtils]: 3: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,265 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22409#true} {22409#true} #1256#return; {22409#true} is VALID [2022-02-20 18:04:08,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:08,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22467#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,283 INFO L290 TraceCheckUtils]: 1: Hoare triple {22467#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22467#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,283 INFO L290 TraceCheckUtils]: 2: Hoare triple {22467#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22467#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,283 INFO L290 TraceCheckUtils]: 3: Hoare triple {22467#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22468#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,284 INFO L290 TraceCheckUtils]: 4: Hoare triple {22468#(= 3 |setClientId_#in~handle|)} assume true; {22468#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,284 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22468#(= 3 |setClientId_#in~handle|)} {22429#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1258#return; {22436#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:08,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:08,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22469#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:08,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {22469#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22470#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:08,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {22470#(= |setClientPrivateKey_#in~handle| 1)} assume true; {22470#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:08,309 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22470#(= |setClientPrivateKey_#in~handle| 1)} {22436#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1260#return; {22410#false} is VALID [2022-02-20 18:04:08,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 18:04:08,319 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {22471#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,321 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,321 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22409#true} {22410#false} #1194#return; {22410#false} is VALID [2022-02-20 18:04:08,330 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 18:04:08,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,333 INFO L290 TraceCheckUtils]: 0: Hoare triple {22472#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,333 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,334 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,334 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22409#true} {22410#false} #1196#return; {22410#false} is VALID [2022-02-20 18:04:08,334 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 18:04:08,335 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {22409#true} ~handle := #in~handle;havoc ~retValue_acc~30; {22409#true} is VALID [2022-02-20 18:04:08,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {22409#true} is VALID [2022-02-20 18:04:08,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,337 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22409#true} {22410#false} #1176#return; {22410#false} is VALID [2022-02-20 18:04:08,338 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 18:04:08,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,340 INFO L290 TraceCheckUtils]: 0: Hoare triple {22409#true} ~handle := #in~handle;havoc ~retValue_acc~15; {22409#true} is VALID [2022-02-20 18:04:08,341 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {22409#true} is VALID [2022-02-20 18:04:08,341 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,341 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22409#true} {22410#false} #1208#return; {22410#false} is VALID [2022-02-20 18:04:08,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 18:04:08,342 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,345 INFO L290 TraceCheckUtils]: 0: Hoare triple {22471#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,345 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,345 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,345 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22409#true} {22410#false} #1214#return; {22410#false} is VALID [2022-02-20 18:04:08,345 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 18:04:08,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:08,348 INFO L290 TraceCheckUtils]: 0: Hoare triple {22409#true} ~handle := #in~handle;havoc ~retValue_acc~18; {22409#true} is VALID [2022-02-20 18:04:08,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {22409#true} is VALID [2022-02-20 18:04:08,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,349 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22409#true} {22410#false} #1216#return; {22410#false} is VALID [2022-02-20 18:04:08,349 INFO L290 TraceCheckUtils]: 0: Hoare triple {22409#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {22409#true} is VALID [2022-02-20 18:04:08,349 INFO L290 TraceCheckUtils]: 1: Hoare triple {22409#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {22409#true} is VALID [2022-02-20 18:04:08,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {22409#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22409#true} is VALID [2022-02-20 18:04:08,350 INFO L290 TraceCheckUtils]: 3: Hoare triple {22409#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {22409#true} is VALID [2022-02-20 18:04:08,350 INFO L290 TraceCheckUtils]: 4: Hoare triple {22409#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {22409#true} is VALID [2022-02-20 18:04:08,350 INFO L290 TraceCheckUtils]: 5: Hoare triple {22409#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22409#true} is VALID [2022-02-20 18:04:08,351 INFO L272 TraceCheckUtils]: 6: Hoare triple {22409#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:08,351 INFO L290 TraceCheckUtils]: 7: Hoare triple {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,351 INFO L290 TraceCheckUtils]: 8: Hoare triple {22409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,351 INFO L290 TraceCheckUtils]: 9: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,351 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22409#true} {22409#true} #1250#return; {22409#true} is VALID [2022-02-20 18:04:08,351 INFO L290 TraceCheckUtils]: 11: Hoare triple {22409#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22409#true} is VALID [2022-02-20 18:04:08,352 INFO L272 TraceCheckUtils]: 12: Hoare triple {22409#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:08,352 INFO L290 TraceCheckUtils]: 13: Hoare triple {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,353 INFO L290 TraceCheckUtils]: 14: Hoare triple {22409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,353 INFO L290 TraceCheckUtils]: 15: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,353 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22409#true} {22409#true} #1252#return; {22409#true} is VALID [2022-02-20 18:04:08,353 INFO L290 TraceCheckUtils]: 17: Hoare triple {22409#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22409#true} is VALID [2022-02-20 18:04:08,354 INFO L272 TraceCheckUtils]: 18: Hoare triple {22409#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:08,354 INFO L290 TraceCheckUtils]: 19: Hoare triple {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,354 INFO L290 TraceCheckUtils]: 20: Hoare triple {22409#true} assume !(1 == ~handle); {22409#true} is VALID [2022-02-20 18:04:08,354 INFO L290 TraceCheckUtils]: 21: Hoare triple {22409#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,354 INFO L290 TraceCheckUtils]: 22: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,354 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22409#true} {22409#true} #1254#return; {22409#true} is VALID [2022-02-20 18:04:08,354 INFO L290 TraceCheckUtils]: 24: Hoare triple {22409#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22409#true} is VALID [2022-02-20 18:04:08,355 INFO L272 TraceCheckUtils]: 25: Hoare triple {22409#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:08,355 INFO L290 TraceCheckUtils]: 26: Hoare triple {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,355 INFO L290 TraceCheckUtils]: 27: Hoare triple {22409#true} assume !(1 == ~handle); {22409#true} is VALID [2022-02-20 18:04:08,356 INFO L290 TraceCheckUtils]: 28: Hoare triple {22409#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,356 INFO L290 TraceCheckUtils]: 29: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,356 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22409#true} {22409#true} #1256#return; {22409#true} is VALID [2022-02-20 18:04:08,356 INFO L290 TraceCheckUtils]: 31: Hoare triple {22409#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22429#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:08,357 INFO L272 TraceCheckUtils]: 32: Hoare triple {22429#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:08,357 INFO L290 TraceCheckUtils]: 33: Hoare triple {22465#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22467#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,358 INFO L290 TraceCheckUtils]: 34: Hoare triple {22467#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22467#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,358 INFO L290 TraceCheckUtils]: 35: Hoare triple {22467#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22467#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,358 INFO L290 TraceCheckUtils]: 36: Hoare triple {22467#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22468#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,359 INFO L290 TraceCheckUtils]: 37: Hoare triple {22468#(= 3 |setClientId_#in~handle|)} assume true; {22468#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:08,359 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22468#(= 3 |setClientId_#in~handle|)} {22429#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1258#return; {22436#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:08,360 INFO L290 TraceCheckUtils]: 39: Hoare triple {22436#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {22436#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 18:04:08,360 INFO L272 TraceCheckUtils]: 40: Hoare triple {22436#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:08,361 INFO L290 TraceCheckUtils]: 41: Hoare triple {22466#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22469#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:08,361 INFO L290 TraceCheckUtils]: 42: Hoare triple {22469#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22470#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:08,361 INFO L290 TraceCheckUtils]: 43: Hoare triple {22470#(= |setClientPrivateKey_#in~handle| 1)} assume true; {22470#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 18:04:08,362 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {22470#(= |setClientPrivateKey_#in~handle| 1)} {22436#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1260#return; {22410#false} is VALID [2022-02-20 18:04:08,362 INFO L290 TraceCheckUtils]: 45: Hoare triple {22410#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {22410#false} is VALID [2022-02-20 18:04:08,362 INFO L290 TraceCheckUtils]: 46: Hoare triple {22410#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22410#false} is VALID [2022-02-20 18:04:08,362 INFO L290 TraceCheckUtils]: 47: Hoare triple {22410#false} assume !false; {22410#false} is VALID [2022-02-20 18:04:08,363 INFO L290 TraceCheckUtils]: 48: Hoare triple {22410#false} assume test_~splverifierCounter~0#1 < 4; {22410#false} is VALID [2022-02-20 18:04:08,363 INFO L290 TraceCheckUtils]: 49: Hoare triple {22410#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22410#false} is VALID [2022-02-20 18:04:08,363 INFO L290 TraceCheckUtils]: 50: Hoare triple {22410#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {22410#false} is VALID [2022-02-20 18:04:08,363 INFO L290 TraceCheckUtils]: 51: Hoare triple {22410#false} assume !(0 != test_~tmp___9~0#1); {22410#false} is VALID [2022-02-20 18:04:08,363 INFO L290 TraceCheckUtils]: 52: Hoare triple {22410#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {22410#false} is VALID [2022-02-20 18:04:08,363 INFO L290 TraceCheckUtils]: 53: Hoare triple {22410#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {22410#false} is VALID [2022-02-20 18:04:08,363 INFO L290 TraceCheckUtils]: 54: Hoare triple {22410#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {22410#false} is VALID [2022-02-20 18:04:08,364 INFO L290 TraceCheckUtils]: 55: Hoare triple {22410#false} assume { :end_inline_setClientAutoResponse } true; {22410#false} is VALID [2022-02-20 18:04:08,364 INFO L290 TraceCheckUtils]: 56: Hoare triple {22410#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {22410#false} is VALID [2022-02-20 18:04:08,364 INFO L290 TraceCheckUtils]: 57: Hoare triple {22410#false} assume !false; {22410#false} is VALID [2022-02-20 18:04:08,364 INFO L290 TraceCheckUtils]: 58: Hoare triple {22410#false} assume !(test_~splverifierCounter~0#1 < 4); {22410#false} is VALID [2022-02-20 18:04:08,364 INFO L290 TraceCheckUtils]: 59: Hoare triple {22410#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {22410#false} is VALID [2022-02-20 18:04:08,364 INFO L272 TraceCheckUtils]: 60: Hoare triple {22410#false} call sendEmail(~bob~0, ~rjh~0); {22410#false} is VALID [2022-02-20 18:04:08,364 INFO L290 TraceCheckUtils]: 61: Hoare triple {22410#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22410#false} is VALID [2022-02-20 18:04:08,365 INFO L272 TraceCheckUtils]: 62: Hoare triple {22410#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22471#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:08,365 INFO L290 TraceCheckUtils]: 63: Hoare triple {22471#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,365 INFO L290 TraceCheckUtils]: 64: Hoare triple {22409#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,365 INFO L290 TraceCheckUtils]: 65: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,365 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {22409#true} {22410#false} #1194#return; {22410#false} is VALID [2022-02-20 18:04:08,365 INFO L272 TraceCheckUtils]: 67: Hoare triple {22410#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22472#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:08,366 INFO L290 TraceCheckUtils]: 68: Hoare triple {22472#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,366 INFO L290 TraceCheckUtils]: 69: Hoare triple {22409#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,366 INFO L290 TraceCheckUtils]: 70: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,366 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {22409#true} {22410#false} #1196#return; {22410#false} is VALID [2022-02-20 18:04:08,366 INFO L290 TraceCheckUtils]: 72: Hoare triple {22410#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {22410#false} is VALID [2022-02-20 18:04:08,366 INFO L290 TraceCheckUtils]: 73: Hoare triple {22410#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {22410#false} is VALID [2022-02-20 18:04:08,366 INFO L272 TraceCheckUtils]: 74: Hoare triple {22410#false} call outgoing(~sender#1, ~email~0#1); {22410#false} is VALID [2022-02-20 18:04:08,367 INFO L290 TraceCheckUtils]: 75: Hoare triple {22410#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {22410#false} is VALID [2022-02-20 18:04:08,367 INFO L272 TraceCheckUtils]: 76: Hoare triple {22410#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {22409#true} is VALID [2022-02-20 18:04:08,367 INFO L290 TraceCheckUtils]: 77: Hoare triple {22409#true} ~handle := #in~handle;havoc ~retValue_acc~30; {22409#true} is VALID [2022-02-20 18:04:08,367 INFO L290 TraceCheckUtils]: 78: Hoare triple {22409#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {22409#true} is VALID [2022-02-20 18:04:08,367 INFO L290 TraceCheckUtils]: 79: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,367 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {22409#true} {22410#false} #1176#return; {22410#false} is VALID [2022-02-20 18:04:08,367 INFO L290 TraceCheckUtils]: 81: Hoare triple {22410#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {22410#false} is VALID [2022-02-20 18:04:08,368 INFO L290 TraceCheckUtils]: 82: Hoare triple {22410#false} assume !(0 != ~size~0#1); {22410#false} is VALID [2022-02-20 18:04:08,368 INFO L272 TraceCheckUtils]: 83: Hoare triple {22410#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {22410#false} is VALID [2022-02-20 18:04:08,368 INFO L290 TraceCheckUtils]: 84: Hoare triple {22410#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {22410#false} is VALID [2022-02-20 18:04:08,368 INFO L272 TraceCheckUtils]: 85: Hoare triple {22410#false} call #t~ret33#1 := getEmailTo(~msg#1); {22409#true} is VALID [2022-02-20 18:04:08,368 INFO L290 TraceCheckUtils]: 86: Hoare triple {22409#true} ~handle := #in~handle;havoc ~retValue_acc~15; {22409#true} is VALID [2022-02-20 18:04:08,368 INFO L290 TraceCheckUtils]: 87: Hoare triple {22409#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {22409#true} is VALID [2022-02-20 18:04:08,368 INFO L290 TraceCheckUtils]: 88: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,369 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {22409#true} {22410#false} #1208#return; {22410#false} is VALID [2022-02-20 18:04:08,369 INFO L290 TraceCheckUtils]: 90: Hoare triple {22410#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {22410#false} is VALID [2022-02-20 18:04:08,369 INFO L290 TraceCheckUtils]: 91: Hoare triple {22410#false} assume 1 == findPublicKey_~handle#1; {22410#false} is VALID [2022-02-20 18:04:08,369 INFO L290 TraceCheckUtils]: 92: Hoare triple {22410#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {22410#false} is VALID [2022-02-20 18:04:08,369 INFO L290 TraceCheckUtils]: 93: Hoare triple {22410#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {22410#false} is VALID [2022-02-20 18:04:08,369 INFO L290 TraceCheckUtils]: 94: Hoare triple {22410#false} assume !(0 != ~pubkey~0#1); {22410#false} is VALID [2022-02-20 18:04:08,369 INFO L290 TraceCheckUtils]: 95: Hoare triple {22410#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {22410#false} is VALID [2022-02-20 18:04:08,370 INFO L290 TraceCheckUtils]: 96: Hoare triple {22410#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {22410#false} is VALID [2022-02-20 18:04:08,370 INFO L290 TraceCheckUtils]: 97: Hoare triple {22410#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {22410#false} is VALID [2022-02-20 18:04:08,370 INFO L272 TraceCheckUtils]: 98: Hoare triple {22410#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {22471#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:08,370 INFO L290 TraceCheckUtils]: 99: Hoare triple {22471#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22409#true} is VALID [2022-02-20 18:04:08,370 INFO L290 TraceCheckUtils]: 100: Hoare triple {22409#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22409#true} is VALID [2022-02-20 18:04:08,370 INFO L290 TraceCheckUtils]: 101: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,371 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {22409#true} {22410#false} #1214#return; {22410#false} is VALID [2022-02-20 18:04:08,371 INFO L290 TraceCheckUtils]: 103: Hoare triple {22410#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {22410#false} is VALID [2022-02-20 18:04:08,371 INFO L290 TraceCheckUtils]: 104: Hoare triple {22410#false} assume 0 != ~in_encrypted~0; {22410#false} is VALID [2022-02-20 18:04:08,371 INFO L272 TraceCheckUtils]: 105: Hoare triple {22410#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {22409#true} is VALID [2022-02-20 18:04:08,371 INFO L290 TraceCheckUtils]: 106: Hoare triple {22409#true} ~handle := #in~handle;havoc ~retValue_acc~18; {22409#true} is VALID [2022-02-20 18:04:08,371 INFO L290 TraceCheckUtils]: 107: Hoare triple {22409#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {22409#true} is VALID [2022-02-20 18:04:08,371 INFO L290 TraceCheckUtils]: 108: Hoare triple {22409#true} assume true; {22409#true} is VALID [2022-02-20 18:04:08,372 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {22409#true} {22410#false} #1216#return; {22410#false} is VALID [2022-02-20 18:04:08,372 INFO L290 TraceCheckUtils]: 110: Hoare triple {22410#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {22410#false} is VALID [2022-02-20 18:04:08,372 INFO L290 TraceCheckUtils]: 111: Hoare triple {22410#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {22410#false} is VALID [2022-02-20 18:04:08,372 INFO L290 TraceCheckUtils]: 112: Hoare triple {22410#false} assume !false; {22410#false} is VALID [2022-02-20 18:04:08,372 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:04:08,373 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:08,373 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1744112863] [2022-02-20 18:04:08,373 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1744112863] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:08,373 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:08,373 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:04:08,373 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [149981667] [2022-02-20 18:04:08,374 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:08,374 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 113 [2022-02-20 18:04:08,374 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:08,375 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:04:08,449 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:08,449 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:04:08,449 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:08,450 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:04:08,450 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:08,450 INFO L87 Difference]: Start difference. First operand 473 states and 739 transitions. Second operand has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:04:20,781 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:20,781 INFO L93 Difference]: Finished difference Result 1112 states and 1764 transitions. [2022-02-20 18:04:20,781 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:04:20,782 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 113 [2022-02-20 18:04:20,782 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:04:20,782 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:04:20,799 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1500 transitions. [2022-02-20 18:04:20,799 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:04:20,816 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1500 transitions. [2022-02-20 18:04:20,816 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1500 transitions. [2022-02-20 18:04:22,142 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1500 edges. 1500 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:22,176 INFO L225 Difference]: With dead ends: 1112 [2022-02-20 18:04:22,176 INFO L226 Difference]: Without dead ends: 666 [2022-02-20 18:04:22,178 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 18:04:22,179 INFO L933 BasicCegarLoop]: 714 mSDtfsCounter, 1603 mSDsluCounter, 1430 mSDsCounter, 0 mSdLazyCounter, 4596 mSolverCounterSat, 653 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 5.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1603 SdHoareTripleChecker+Valid, 2144 SdHoareTripleChecker+Invalid, 5249 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 653 IncrementalHoareTripleChecker+Valid, 4596 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 5.8s IncrementalHoareTripleChecker+Time [2022-02-20 18:04:22,179 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1603 Valid, 2144 Invalid, 5249 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [653 Valid, 4596 Invalid, 0 Unknown, 0 Unchecked, 5.8s Time] [2022-02-20 18:04:22,180 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 666 states. [2022-02-20 18:04:22,290 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 666 to 473. [2022-02-20 18:04:22,291 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:04:22,292 INFO L82 GeneralOperation]: Start isEquivalent. First operand 666 states. Second operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:04:22,293 INFO L74 IsIncluded]: Start isIncluded. First operand 666 states. Second operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:04:22,294 INFO L87 Difference]: Start difference. First operand 666 states. Second operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:04:22,322 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:22,322 INFO L93 Difference]: Finished difference Result 666 states and 1062 transitions. [2022-02-20 18:04:22,323 INFO L276 IsEmpty]: Start isEmpty. Operand 666 states and 1062 transitions. [2022-02-20 18:04:22,327 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:22,327 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:22,328 INFO L74 IsIncluded]: Start isIncluded. First operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 666 states. [2022-02-20 18:04:22,329 INFO L87 Difference]: Start difference. First operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 666 states. [2022-02-20 18:04:22,358 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:04:22,359 INFO L93 Difference]: Finished difference Result 666 states and 1062 transitions. [2022-02-20 18:04:22,359 INFO L276 IsEmpty]: Start isEmpty. Operand 666 states and 1062 transitions. [2022-02-20 18:04:22,363 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:04:22,363 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:04:22,363 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:04:22,364 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:04:22,365 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 473 states, 370 states have (on average 1.5675675675675675) internal successors, (580), 377 states have internal predecessors, (580), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 18:04:22,383 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 473 states to 473 states and 738 transitions. [2022-02-20 18:04:22,383 INFO L78 Accepts]: Start accepts. Automaton has 473 states and 738 transitions. Word has length 113 [2022-02-20 18:04:22,384 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:04:22,384 INFO L470 AbstractCegarLoop]: Abstraction has 473 states and 738 transitions. [2022-02-20 18:04:22,384 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:04:22,384 INFO L276 IsEmpty]: Start isEmpty. Operand 473 states and 738 transitions. [2022-02-20 18:04:22,386 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 115 [2022-02-20 18:04:22,386 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:04:22,386 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:04:22,387 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:04:22,387 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:04:22,387 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:04:22,387 INFO L85 PathProgramCache]: Analyzing trace with hash 335510668, now seen corresponding path program 2 times [2022-02-20 18:04:22,388 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:04:22,388 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1097045213] [2022-02-20 18:04:22,388 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:04:22,388 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:04:22,413 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 18:04:22,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,470 INFO L290 TraceCheckUtils]: 0: Hoare triple {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,470 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,470 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26062#true} {26062#true} #1250#return; {26062#true} is VALID [2022-02-20 18:04:22,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:04:22,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,481 INFO L290 TraceCheckUtils]: 0: Hoare triple {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,482 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,482 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26062#true} {26062#true} #1252#return; {26062#true} is VALID [2022-02-20 18:04:22,482 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:04:22,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume !(1 == ~handle); {26062#true} is VALID [2022-02-20 18:04:22,486 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,486 INFO L290 TraceCheckUtils]: 3: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,486 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26062#true} {26062#true} #1254#return; {26062#true} is VALID [2022-02-20 18:04:22,486 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:04:22,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume !(1 == ~handle); {26062#true} is VALID [2022-02-20 18:04:22,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,490 INFO L290 TraceCheckUtils]: 3: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,491 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26062#true} {26062#true} #1256#return; {26062#true} is VALID [2022-02-20 18:04:22,491 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 18:04:22,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,509 INFO L290 TraceCheckUtils]: 0: Hoare triple {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26121#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,510 INFO L290 TraceCheckUtils]: 1: Hoare triple {26121#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26121#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,510 INFO L290 TraceCheckUtils]: 2: Hoare triple {26121#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26121#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,510 INFO L290 TraceCheckUtils]: 3: Hoare triple {26121#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26122#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,511 INFO L290 TraceCheckUtils]: 4: Hoare triple {26122#(= 3 |setClientId_#in~handle|)} assume true; {26122#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,511 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {26122#(= 3 |setClientId_#in~handle|)} {26082#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1258#return; {26089#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:22,512 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 18:04:22,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26123#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:22,529 INFO L290 TraceCheckUtils]: 1: Hoare triple {26123#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {26123#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:22,530 INFO L290 TraceCheckUtils]: 2: Hoare triple {26123#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26124#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:22,530 INFO L290 TraceCheckUtils]: 3: Hoare triple {26124#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {26124#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:22,531 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26124#(= 2 |setClientPrivateKey_#in~handle|)} {26089#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1260#return; {26063#false} is VALID [2022-02-20 18:04:22,539 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 18:04:22,540 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,542 INFO L290 TraceCheckUtils]: 0: Hoare triple {26125#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,542 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,542 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,542 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26062#true} {26063#false} #1194#return; {26063#false} is VALID [2022-02-20 18:04:22,551 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:04:22,552 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {26126#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,555 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26062#true} {26063#false} #1196#return; {26063#false} is VALID [2022-02-20 18:04:22,556 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:04:22,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,558 INFO L290 TraceCheckUtils]: 0: Hoare triple {26062#true} ~handle := #in~handle;havoc ~retValue_acc~30; {26062#true} is VALID [2022-02-20 18:04:22,558 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {26062#true} is VALID [2022-02-20 18:04:22,559 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,559 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26062#true} {26063#false} #1176#return; {26063#false} is VALID [2022-02-20 18:04:22,559 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 18:04:22,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {26062#true} ~handle := #in~handle;havoc ~retValue_acc~15; {26062#true} is VALID [2022-02-20 18:04:22,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {26062#true} is VALID [2022-02-20 18:04:22,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,562 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26062#true} {26063#false} #1208#return; {26063#false} is VALID [2022-02-20 18:04:22,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 18:04:22,563 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,565 INFO L290 TraceCheckUtils]: 0: Hoare triple {26125#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,565 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,565 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,566 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26062#true} {26063#false} #1214#return; {26063#false} is VALID [2022-02-20 18:04:22,566 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:04:22,567 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:04:22,569 INFO L290 TraceCheckUtils]: 0: Hoare triple {26062#true} ~handle := #in~handle;havoc ~retValue_acc~18; {26062#true} is VALID [2022-02-20 18:04:22,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {26062#true} is VALID [2022-02-20 18:04:22,569 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,569 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26062#true} {26063#false} #1216#return; {26063#false} is VALID [2022-02-20 18:04:22,569 INFO L290 TraceCheckUtils]: 0: Hoare triple {26062#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(17, 12);call #Ultimate.allocInit(17, 13);call #Ultimate.allocInit(13, 14);call #Ultimate.allocInit(17, 15);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(22, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(21, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(21, 28);call #Ultimate.allocInit(30, 29);call #Ultimate.allocInit(9, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(25, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(115, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(12, 37);call #Ultimate.allocInit(10, 38);call #Ultimate.allocInit(18, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(21, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~in_encrypted~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {26062#true} is VALID [2022-02-20 18:04:22,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {26062#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {26062#true} is VALID [2022-02-20 18:04:22,570 INFO L290 TraceCheckUtils]: 2: Hoare triple {26062#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {26062#true} is VALID [2022-02-20 18:04:22,570 INFO L290 TraceCheckUtils]: 3: Hoare triple {26062#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {26062#true} is VALID [2022-02-20 18:04:22,570 INFO L290 TraceCheckUtils]: 4: Hoare triple {26062#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {26062#true} is VALID [2022-02-20 18:04:22,570 INFO L290 TraceCheckUtils]: 5: Hoare triple {26062#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {26062#true} is VALID [2022-02-20 18:04:22,571 INFO L272 TraceCheckUtils]: 6: Hoare triple {26062#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:22,571 INFO L290 TraceCheckUtils]: 7: Hoare triple {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,571 INFO L290 TraceCheckUtils]: 8: Hoare triple {26062#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,571 INFO L290 TraceCheckUtils]: 9: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,572 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {26062#true} {26062#true} #1250#return; {26062#true} is VALID [2022-02-20 18:04:22,572 INFO L290 TraceCheckUtils]: 11: Hoare triple {26062#true} assume { :end_inline_setup_bob__wrappee__Base } true; {26062#true} is VALID [2022-02-20 18:04:22,572 INFO L272 TraceCheckUtils]: 12: Hoare triple {26062#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:22,573 INFO L290 TraceCheckUtils]: 13: Hoare triple {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,573 INFO L290 TraceCheckUtils]: 14: Hoare triple {26062#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,573 INFO L290 TraceCheckUtils]: 15: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,573 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {26062#true} {26062#true} #1252#return; {26062#true} is VALID [2022-02-20 18:04:22,573 INFO L290 TraceCheckUtils]: 17: Hoare triple {26062#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {26062#true} is VALID [2022-02-20 18:04:22,574 INFO L272 TraceCheckUtils]: 18: Hoare triple {26062#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:22,574 INFO L290 TraceCheckUtils]: 19: Hoare triple {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,574 INFO L290 TraceCheckUtils]: 20: Hoare triple {26062#true} assume !(1 == ~handle); {26062#true} is VALID [2022-02-20 18:04:22,574 INFO L290 TraceCheckUtils]: 21: Hoare triple {26062#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,574 INFO L290 TraceCheckUtils]: 22: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,574 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {26062#true} {26062#true} #1254#return; {26062#true} is VALID [2022-02-20 18:04:22,575 INFO L290 TraceCheckUtils]: 24: Hoare triple {26062#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {26062#true} is VALID [2022-02-20 18:04:22,575 INFO L272 TraceCheckUtils]: 25: Hoare triple {26062#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:22,575 INFO L290 TraceCheckUtils]: 26: Hoare triple {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,576 INFO L290 TraceCheckUtils]: 27: Hoare triple {26062#true} assume !(1 == ~handle); {26062#true} is VALID [2022-02-20 18:04:22,576 INFO L290 TraceCheckUtils]: 28: Hoare triple {26062#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,576 INFO L290 TraceCheckUtils]: 29: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,576 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {26062#true} {26062#true} #1256#return; {26062#true} is VALID [2022-02-20 18:04:22,576 INFO L290 TraceCheckUtils]: 31: Hoare triple {26062#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26082#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 18:04:22,577 INFO L272 TraceCheckUtils]: 32: Hoare triple {26082#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 18:04:22,578 INFO L290 TraceCheckUtils]: 33: Hoare triple {26119#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26121#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,578 INFO L290 TraceCheckUtils]: 34: Hoare triple {26121#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26121#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,578 INFO L290 TraceCheckUtils]: 35: Hoare triple {26121#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26121#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,579 INFO L290 TraceCheckUtils]: 36: Hoare triple {26121#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26122#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,579 INFO L290 TraceCheckUtils]: 37: Hoare triple {26122#(= 3 |setClientId_#in~handle|)} assume true; {26122#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 18:04:22,580 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26122#(= 3 |setClientId_#in~handle|)} {26082#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1258#return; {26089#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:22,580 INFO L290 TraceCheckUtils]: 39: Hoare triple {26089#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {26089#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 18:04:22,581 INFO L272 TraceCheckUtils]: 40: Hoare triple {26089#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 18:04:22,581 INFO L290 TraceCheckUtils]: 41: Hoare triple {26120#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26123#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:22,581 INFO L290 TraceCheckUtils]: 42: Hoare triple {26123#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {26123#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:22,582 INFO L290 TraceCheckUtils]: 43: Hoare triple {26123#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26124#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:22,582 INFO L290 TraceCheckUtils]: 44: Hoare triple {26124#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {26124#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 18:04:22,582 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {26124#(= 2 |setClientPrivateKey_#in~handle|)} {26089#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1260#return; {26063#false} is VALID [2022-02-20 18:04:22,583 INFO L290 TraceCheckUtils]: 46: Hoare triple {26063#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {26063#false} is VALID [2022-02-20 18:04:22,583 INFO L290 TraceCheckUtils]: 47: Hoare triple {26063#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet77#1, test_#t~nondet78#1, test_#t~nondet79#1, test_#t~nondet80#1, test_#t~nondet81#1, test_#t~nondet82#1, test_#t~nondet83#1, test_#t~nondet84#1, test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~17#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~2#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~17#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~2#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26063#false} is VALID [2022-02-20 18:04:22,583 INFO L290 TraceCheckUtils]: 48: Hoare triple {26063#false} assume !false; {26063#false} is VALID [2022-02-20 18:04:22,583 INFO L290 TraceCheckUtils]: 49: Hoare triple {26063#false} assume test_~splverifierCounter~0#1 < 4; {26063#false} is VALID [2022-02-20 18:04:22,583 INFO L290 TraceCheckUtils]: 50: Hoare triple {26063#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26063#false} is VALID [2022-02-20 18:04:22,583 INFO L290 TraceCheckUtils]: 51: Hoare triple {26063#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet77#1 && test_#t~nondet77#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet77#1;havoc test_#t~nondet77#1; {26063#false} is VALID [2022-02-20 18:04:22,584 INFO L290 TraceCheckUtils]: 52: Hoare triple {26063#false} assume !(0 != test_~tmp___9~0#1); {26063#false} is VALID [2022-02-20 18:04:22,584 INFO L290 TraceCheckUtils]: 53: Hoare triple {26063#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet78#1 && test_#t~nondet78#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet78#1;havoc test_#t~nondet78#1; {26063#false} is VALID [2022-02-20 18:04:22,584 INFO L290 TraceCheckUtils]: 54: Hoare triple {26063#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {26063#false} is VALID [2022-02-20 18:04:22,584 INFO L290 TraceCheckUtils]: 55: Hoare triple {26063#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {26063#false} is VALID [2022-02-20 18:04:22,584 INFO L290 TraceCheckUtils]: 56: Hoare triple {26063#false} assume { :end_inline_setClientAutoResponse } true; {26063#false} is VALID [2022-02-20 18:04:22,584 INFO L290 TraceCheckUtils]: 57: Hoare triple {26063#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {26063#false} is VALID [2022-02-20 18:04:22,584 INFO L290 TraceCheckUtils]: 58: Hoare triple {26063#false} assume !false; {26063#false} is VALID [2022-02-20 18:04:22,585 INFO L290 TraceCheckUtils]: 59: Hoare triple {26063#false} assume !(test_~splverifierCounter~0#1 < 4); {26063#false} is VALID [2022-02-20 18:04:22,585 INFO L290 TraceCheckUtils]: 60: Hoare triple {26063#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {26063#false} is VALID [2022-02-20 18:04:22,585 INFO L272 TraceCheckUtils]: 61: Hoare triple {26063#false} call sendEmail(~bob~0, ~rjh~0); {26063#false} is VALID [2022-02-20 18:04:22,585 INFO L290 TraceCheckUtils]: 62: Hoare triple {26063#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~12#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~26#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~26#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {26063#false} is VALID [2022-02-20 18:04:22,585 INFO L272 TraceCheckUtils]: 63: Hoare triple {26063#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26125#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:22,585 INFO L290 TraceCheckUtils]: 64: Hoare triple {26125#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,585 INFO L290 TraceCheckUtils]: 65: Hoare triple {26062#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,586 INFO L290 TraceCheckUtils]: 66: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,586 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {26062#true} {26063#false} #1194#return; {26063#false} is VALID [2022-02-20 18:04:22,586 INFO L272 TraceCheckUtils]: 68: Hoare triple {26063#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26126#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 18:04:22,586 INFO L290 TraceCheckUtils]: 69: Hoare triple {26126#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,586 INFO L290 TraceCheckUtils]: 70: Hoare triple {26062#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,586 INFO L290 TraceCheckUtils]: 71: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,586 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {26062#true} {26063#false} #1196#return; {26063#false} is VALID [2022-02-20 18:04:22,587 INFO L290 TraceCheckUtils]: 73: Hoare triple {26063#false} createEmail_~retValue_acc~26#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~26#1; {26063#false} is VALID [2022-02-20 18:04:22,587 INFO L290 TraceCheckUtils]: 74: Hoare triple {26063#false} #t~ret49#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret49#1 && #t~ret49#1 <= 2147483647;~tmp~12#1 := #t~ret49#1;havoc #t~ret49#1;~email~0#1 := ~tmp~12#1; {26063#false} is VALID [2022-02-20 18:04:22,587 INFO L272 TraceCheckUtils]: 75: Hoare triple {26063#false} call outgoing(~sender#1, ~email~0#1); {26063#false} is VALID [2022-02-20 18:04:22,587 INFO L290 TraceCheckUtils]: 76: Hoare triple {26063#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~7#1;havoc ~receiver~1#1;havoc ~tmp___0~3#1;havoc ~second~0#1;havoc ~tmp___1~1#1;havoc ~tmp___2~0#1; {26063#false} is VALID [2022-02-20 18:04:22,587 INFO L272 TraceCheckUtils]: 77: Hoare triple {26063#false} call #t~ret35#1 := getClientAddressBookSize(~client#1); {26062#true} is VALID [2022-02-20 18:04:22,587 INFO L290 TraceCheckUtils]: 78: Hoare triple {26062#true} ~handle := #in~handle;havoc ~retValue_acc~30; {26062#true} is VALID [2022-02-20 18:04:22,588 INFO L290 TraceCheckUtils]: 79: Hoare triple {26062#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~30; {26062#true} is VALID [2022-02-20 18:04:22,588 INFO L290 TraceCheckUtils]: 80: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,588 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {26062#true} {26063#false} #1176#return; {26063#false} is VALID [2022-02-20 18:04:22,588 INFO L290 TraceCheckUtils]: 82: Hoare triple {26063#false} assume -2147483648 <= #t~ret35#1 && #t~ret35#1 <= 2147483647;~tmp~7#1 := #t~ret35#1;havoc #t~ret35#1;~size~0#1 := ~tmp~7#1; {26063#false} is VALID [2022-02-20 18:04:22,588 INFO L290 TraceCheckUtils]: 83: Hoare triple {26063#false} assume !(0 != ~size~0#1); {26063#false} is VALID [2022-02-20 18:04:22,588 INFO L272 TraceCheckUtils]: 84: Hoare triple {26063#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {26063#false} is VALID [2022-02-20 18:04:22,588 INFO L290 TraceCheckUtils]: 85: Hoare triple {26063#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~6#1;havoc ~pubkey~0#1;havoc ~tmp___0~2#1; {26063#false} is VALID [2022-02-20 18:04:22,589 INFO L272 TraceCheckUtils]: 86: Hoare triple {26063#false} call #t~ret33#1 := getEmailTo(~msg#1); {26062#true} is VALID [2022-02-20 18:04:22,589 INFO L290 TraceCheckUtils]: 87: Hoare triple {26062#true} ~handle := #in~handle;havoc ~retValue_acc~15; {26062#true} is VALID [2022-02-20 18:04:22,589 INFO L290 TraceCheckUtils]: 88: Hoare triple {26062#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_email_to0~0;#res := ~retValue_acc~15; {26062#true} is VALID [2022-02-20 18:04:22,589 INFO L290 TraceCheckUtils]: 89: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,589 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {26062#true} {26063#false} #1208#return; {26063#false} is VALID [2022-02-20 18:04:22,589 INFO L290 TraceCheckUtils]: 91: Hoare triple {26063#false} assume -2147483648 <= #t~ret33#1 && #t~ret33#1 <= 2147483647;~tmp~6#1 := #t~ret33#1;havoc #t~ret33#1;~receiver~0#1 := ~tmp~6#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~41#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~41#1; {26063#false} is VALID [2022-02-20 18:04:22,589 INFO L290 TraceCheckUtils]: 92: Hoare triple {26063#false} assume 1 == findPublicKey_~handle#1; {26063#false} is VALID [2022-02-20 18:04:22,590 INFO L290 TraceCheckUtils]: 93: Hoare triple {26063#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~41#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~41#1; {26063#false} is VALID [2022-02-20 18:04:22,590 INFO L290 TraceCheckUtils]: 94: Hoare triple {26063#false} #t~ret34#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp___0~2#1 := #t~ret34#1;havoc #t~ret34#1;~pubkey~0#1 := ~tmp___0~2#1; {26063#false} is VALID [2022-02-20 18:04:22,590 INFO L290 TraceCheckUtils]: 95: Hoare triple {26063#false} assume !(0 != ~pubkey~0#1); {26063#false} is VALID [2022-02-20 18:04:22,590 INFO L290 TraceCheckUtils]: 96: Hoare triple {26063#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret32#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~5#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~43#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~43#1; {26063#false} is VALID [2022-02-20 18:04:22,590 INFO L290 TraceCheckUtils]: 97: Hoare triple {26063#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~43#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~43#1; {26063#false} is VALID [2022-02-20 18:04:22,590 INFO L290 TraceCheckUtils]: 98: Hoare triple {26063#false} outgoing__wrappee__Keys_#t~ret32#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret32#1 && outgoing__wrappee__Keys_#t~ret32#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~5#1 := outgoing__wrappee__Keys_#t~ret32#1;havoc outgoing__wrappee__Keys_#t~ret32#1; {26063#false} is VALID [2022-02-20 18:04:22,590 INFO L272 TraceCheckUtils]: 99: Hoare triple {26063#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~5#1); {26125#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 18:04:22,591 INFO L290 TraceCheckUtils]: 100: Hoare triple {26125#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26062#true} is VALID [2022-02-20 18:04:22,591 INFO L290 TraceCheckUtils]: 101: Hoare triple {26062#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26062#true} is VALID [2022-02-20 18:04:22,591 INFO L290 TraceCheckUtils]: 102: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,591 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {26062#true} {26063#false} #1214#return; {26063#false} is VALID [2022-02-20 18:04:22,591 INFO L290 TraceCheckUtils]: 104: Hoare triple {26063#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret30#1, mail_#t~ret31#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~4#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~4#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__EncryptAutoResponder_spec__2 } true;__utac_acc__EncryptAutoResponder_spec__2_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1, __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1, __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1, __utac_acc__EncryptAutoResponder_spec__2_~msg#1, __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;__utac_acc__EncryptAutoResponder_spec__2_~msg#1 := __utac_acc__EncryptAutoResponder_spec__2_#in~msg#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1;havoc __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset;call __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 := puts(14, 0);assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1 <= 2147483647;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret27#1;__utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.base, __utac_acc__EncryptAutoResponder_spec__2_~__cil_tmp3~2#1.offset := 15, 0;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~nondet28#1; {26063#false} is VALID [2022-02-20 18:04:22,591 INFO L290 TraceCheckUtils]: 105: Hoare triple {26063#false} assume 0 != ~in_encrypted~0; {26063#false} is VALID [2022-02-20 18:04:22,591 INFO L272 TraceCheckUtils]: 106: Hoare triple {26063#false} call __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 := isEncrypted(__utac_acc__EncryptAutoResponder_spec__2_~msg#1); {26062#true} is VALID [2022-02-20 18:04:22,592 INFO L290 TraceCheckUtils]: 107: Hoare triple {26062#true} ~handle := #in~handle;havoc ~retValue_acc~18; {26062#true} is VALID [2022-02-20 18:04:22,592 INFO L290 TraceCheckUtils]: 108: Hoare triple {26062#true} assume 1 == ~handle;~retValue_acc~18 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~18; {26062#true} is VALID [2022-02-20 18:04:22,592 INFO L290 TraceCheckUtils]: 109: Hoare triple {26062#true} assume true; {26062#true} is VALID [2022-02-20 18:04:22,592 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {26062#true} {26063#false} #1216#return; {26063#false} is VALID [2022-02-20 18:04:22,592 INFO L290 TraceCheckUtils]: 111: Hoare triple {26063#false} assume -2147483648 <= __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 && __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1 <= 2147483647;__utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1 := __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1;havoc __utac_acc__EncryptAutoResponder_spec__2_#t~ret29#1; {26063#false} is VALID [2022-02-20 18:04:22,592 INFO L290 TraceCheckUtils]: 112: Hoare triple {26063#false} assume !(0 != __utac_acc__EncryptAutoResponder_spec__2_~tmp~3#1);assume { :begin_inline___automaton_fail } true; {26063#false} is VALID [2022-02-20 18:04:22,592 INFO L290 TraceCheckUtils]: 113: Hoare triple {26063#false} assume !false; {26063#false} is VALID [2022-02-20 18:04:22,593 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:04:22,593 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:04:22,593 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1097045213] [2022-02-20 18:04:22,593 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1097045213] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:04:22,594 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:04:22,594 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 18:04:22,594 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1573709492] [2022-02-20 18:04:22,594 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:04:22,595 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.181818181818182) internal successors, (79), 8 states have internal predecessors, (79), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 114 [2022-02-20 18:04:22,595 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:04:22,595 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.181818181818182) internal successors, (79), 8 states have internal predecessors, (79), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 18:04:22,671 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:04:22,671 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 18:04:22,671 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:04:22,672 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 18:04:22,672 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:04:22,673 INFO L87 Difference]: Start difference. First operand 473 states and 738 transitions. Second operand has 12 states, 11 states have (on average 7.181818181818182) internal successors, (79), 8 states have internal predecessors, (79), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)